Monday, October 25, 2004


Measuring The Rise Of Cyber-Extortion

How prevalent is cyber-extortion? Let's put some numbers to it:

Alan Paller, director of research for security organisation SANS, said today that online extortion was rife and that cybercrime was set to get worse.

"Six or seven thousand organisations are paying online extortion demands," said Paller on Friday at the SANS Institute's Top 20 Vulnerabilities conference. "The epidemic of cybercrime is growing. You don't hear much about it because it's extortion and people feel embarrassed to talk about it."

"Every online gambling site is paying extortion," Paller claimed. "Hackers use DDoS [denial-of-service] attacks using botnets to do it. Then they say 'pay us $40 thousand or we'll do it again'."
"Applications breaking after patching is the operating system vendor's fault," he said. "They tell developers to build applications on unprotected systems. But the other half of the game is that application vendors should have to test their products on safer systems..."
"They tell developers to build applications on unprotected systems!" I.e. it can be secure or it can work; but it can't be both.

All of which means there is no solution coming in the foreseeable future. This problem is gonna get a lot worse before it gets better.