TechNewsWorld, in an article entitled “Worm Variants Part of Russian Mafia Extortion Scheme”, quotes Gartner research director Richard Stiennon told TechNewsWorld as saying of the recent spate of computer worms: “the real intent of the dueling viruses is to deny site availability to online gaming companies and other sites that have not complied with Russian mobsters’ demands”. But is it? And who are these ‘mobsters’?
Stiennon is quoted as saying, “The worm writers this time around are really cyber criminals in Russia. They’re using [the worms] to recruit bots (compromised computers) to launch denial-of-service attacks, mostly against online gaming sites, after failing to extort large payments from the sites.”
Unfortunately there’s no further evidence provided about just who these mobsters are. I’m willing to believe that some Russians are behind it, and I’d love to see some evidence that online casinos are being extorted, but I’m less willing to believe it’s the Russian Mafia (or mob). In Russia the mafia are a quite distinct — and very powerful — part of the establishment, but they’re not quite the same thing as the range of individuals, and loose-knit groups, that populate Russia’s online world.
This kind of report has been doing the rounds for at least a year (The Russian Mafia were also suspected of being behind the October 2000 assault on Microsoft’s servers). I’m not saying it’s wrong, but I think those who utter it have a responsibility to produce more evidence than we’ve seen so far.
It seems that there’s a purpose behind the viruses we’ve all been getting: old-fashioned extortion. Reuters reports that extortionists — many thought to come from eastern Europe — have been targetting casinos and retailers, but one recent high-profile victim was the Port of Houston. The attacks, which can cripple a corporate network with a barrage of bogus data requests, are followed by a demand for money. An effective attack can knock a Web site offline for extended periods.
Online casinos appear to be a favorite target as they do brisk business and many are located in the Caribbean where investigators are poorly equipped to tackle such investigations. Police said because of a lack of information from victimized companies, they are unsure whether these are isolated incidents or the start of a new crime wave.
Last week, the online payment service WorldPay admitted to suffering a major DDoS attack that lasted three days. WorldPay, owned by the Royal Bank of Scotland, has been fully restored. The NHTCU spokeswoman said the investigation into the WorldPay is ongoing.