Web of crime: Internet sieges can cost businesses a bundle
When the first extortion e-mail popped into Michael Alculumbre's inbox, he had no idea it was about to cost his business nearly US$500,000.
The note arrived in early November of last year, as Alculumbre's London-based transaction processing company, Protx was being hit by a nasty distributed denial of service (DDoS) attack. Zombie PCs from around the world were flooding Protx.com (the company's Web site) and the transaction processing server that was the commercial heart of the business.
In extortion e-mail's broken English, someone identifying himself as Tony Martino proposed a classic organized-crime protection scheme. "You should pay $10,000," Martino wrote. "When we receive money, we stop attack immediately." The e-mail even promised one year's protection from other attackers for the $10,000 fee.
"Many companies paid us, and use our protection right now," Martino said. "Think about how much money you lose, while your servers are down."
The Protx attackers had one thing right: online attacks can be expensive. A 2004 PriceWaterhouseCoopers survey of more than 1000 businesses in the UK found that, on average, companies spent more than $17,000 on their worst security incident that year. For large companies, that amount was closer to $210,000, the study found. For companies of either size, most of the loss was due to the disruption in their ability to do business, with expenses for troubleshooting the incident and actual cash spent responding to it accounting for considerably less.
It's expensive
Law enforcement authorities told Protx that it was the victim of Russian organized crime, Alculumbre says, but criminal extortion is not the only motivation for such attacks. In April, Australian anti-spyware vendor PC Tools became a target of spyware companies that didn't want users interested in PC Tools' spyware-cleansing software to reach the actual PC Tools Web site.
Simon Clausen, CEO of PC Tools.Customers whose PCs had already been infected by spyware were greeted with fake pop-up windows and shopping carts when they tried to purchase the company's Spyware Doctor product, says Simon Clausen, PC Tools' CEO. Instead of buying his company's anti-spyware software, they were tricked into purchasing useless products that left their computers infected, he said.
Even links that appeared to be from legitimate Web sites like Google or Download.com were modified on fake pages displayed to users, Clausen said. "Any link that said Spyware Doctor would be redirected to the attackers' sites."
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
