Cyber-Extortion: A Review

Cyber-Extortion is the use of computers and communication systems to obtain or attempt to obtain unauthorized access to money or financial gain by threat. Cyber Extortion is so common in the information security arena that it doesn't raise the same attention as in the past.

There are various forms of cyber-extortion, but in general if the hacker’s demand is not met, than an adverse event will occur to the victim or company.

Just recently, Express Script became a victim of a cyber-extortion attack from an incident that occurred in early October of 2009. Express Script received a letter claiming that the company's network had been breached and threatening to release millions of customer records unless the firm paid money to the thieves. The letter listed personal information on 75 of Express Script's members, including their names, dates of birth, social security numbers, and in some cases, their prescription information, the company stated. Express Scripts added that it had reported the crime to the FBI, which is currently investigating.

Often companies will just pay the cyber-extortionist in hopes of having the matter go away without public knowledge. This is due to being penalized by federal regulators, having to notify customers of the matter, the process of conducting damage control, the cost in resolving the matter and losing customer confidence in that industry.

Below are some major cyber extortion events that has occurred world-wide. These were obtained from www.acapsecurity.com:



Barclays Bank, a major international bank, was broken into by a cyber-criminal whose attack focused on the bank's Barclaycard division, which with 8 million cardholders is Europe's largest credit card system. Allegedly the attack included the theft of credit card numbers and valuable customer information, with law enforcement reporting the cyber-criminal did make a $25 million extortion demand on Barclays Bank. The matter is before the courts in London.
Guardian, Oct 19, 2001. Underline added.

A cyber-thief from Kazakhstan broke into the computer networks of the Bloomberg financial news service owned by Michael Bloomberg the current Mayor of New York City. Thereafter the thief became a Cyber-Extortionist by demanding an extortion payment.
U.S. Attorney's Office Press Release, Aug 14, 2000. Underline added.

A cyber-thief broke into the computer networks of Parametric Technology Corporation and thereafter made an extortion demand for $1 million plus $40,000 per month.
St. Petersburg Times, Aug 24, 2000. Underline added.

The Secret Service and the FBI reported that a cyber-criminal had broken into the computer system of Online Resources, a company that offers online banking, electronic payments and other financial services to 525 financial institutions in the U.S. The cyber-thief as part of the attack stole customer records that included names, addresses and bank account numbers. The theft was followed by an extortion demand on at least one bank.
InfoSec News, Feb 8, 2002. Underline added.

On August 21, 2001 a cyber-thief broke into a unit of Ecount, an electronic payment company and allegedly stole 350,000 credit card numbers and thereafter made an extortion demand on the company.
ZDNet News, Oct 11, 2001. Underline added.

Two Russian cyber-criminals broke into hundreds of computer systems, stole sensitive client and financial information and then made extortion demands on the victimized companies.
InfoSec News, Oct 18, 2001. Underline added.

Cyber-criminals broke into the British division of Visa, the major credit card company, and stole data. Visa claims the stolen data was useless information. Obviously the cyber-criminals believed the data was valuable as they made an extortion demand on Visa for approximately $14 million U.S.
InfoSec News, Jan 20, 2000. Underline added.

A cyber-criminal made an extortion demand on CD Universe, an Internet music retailer, claiming he had stolen as many as 300,000 credit card numbers. The alleged cyber-extortionist was suspected of operating from a base in Eastern Europe. On Christmas day the cyber-criminal began posting more that 25,000 of the allegedly stolen card numbers on a web site. Thousands of customers who had shopped at CD Universe cancelled their credit cards.
Mercury News, Jan 26, 2000. Underline added.

A cyber-criminal from Russia broke into one of the New York bank's computer systems stole confidential customer information and extorted money for not releasing the customer information.
Associated Press, Jan 24, 2002. Underline added.

Cyber Bullies and the Effect on Our Kids

Cyber Bulling has been a big problem and is becoming an expectable way kids use to express their feelings towards others. As a parent, it is important to understand and be able to determine the signs and effects of cyber bulling on our kids. Below are some key information about the topic:

This constant contact via technology also allows the school yard bully to continue to hound their victims 24 hours a day and invite others to pile on.

This pack mentality combined with the anonymity of the attacks puts a lot of stress on young victims that don’t know how to deal with the situation.

The statistics according to iSafe.org are pretty alarming:

• 42% of kids have been bullied while online. 1 in 4 have had it happen more than once.
  


• 35% of kids have been threatened online. Nearly 1 in 5 have had it happen more than once.



• 21% of kids have received mean or threatening e-mail or other messages.



• 58% of kids admit someone has said mean or hurtful things to them online. More than 4 out of 10 say it has happened more than once.



• 53% of kids admit having said something mean or hurtful to another person online. More than 1 in 3 have done it more than once.



• 58% have not told their parents or an adult about something mean or hurtful that happened to them online.
  

Parents that are completely out of the loop with their child’s technology usage can find it hard to detect when something of this nature may be occurring, but generally speaking, changes to the child’s behavior will accompany the attacks.

Not any of these signs on their own is an indicator, but combined they could warrant a discussion with your child:

• Unusually long hours on the computer



• Clearing the screen when you enter room



• Secretive Internet activity (won’t say who their chatting with)



• Getting behind in school work



• Lack of appetite, headaches or Stomachaches



• Trouble Sleeping



• Fear of leaving the house, especially to go to school



• Appears upset after Internet use.



• Hesitation to get online



• Cries for no apparent reason



• A marked change in attitude, dress or habits

Our schools and lawmakers are still trying to catch up with this new form of abuse, so how to report such activity will vary greatly based on your community.

There are many Web sites that can help if you think your child is a victim of cyber bullying, including stopcyberbullying.org, cyberbully411.com, ncpc.org/cyberbullying and iSafe.org.

It’s also vital to discuss with your “screenager” the importance of not participating in any online discussion that serves to demean or belittle others. What may seem like a harmless action only serves to amplify the problem for the victim and encourages the instigator to continue.

From a technology standpoint, if you feel the need you can install a program that will track all of the activity that occurs on your child’s computer, including what others are sending them via instant messaging.

Check out the various tracking software available from sites such as spectorsoft.com and spytech-web.com as the activity logs that they generate can come in handy if you need to report the problem to a school or law enforcement.

Defining Cyberbullying

Cyberbullying uses the new forms of digital communication technologies to harass others. A cyberbully is someone who uses technology to harass, embarrass, intimidate, or stalk someone else.

The methods used can include emails, instant messaging, text messages sent via cell phones, digital photos and all other means of electronic communications.

The cyberbully can send:

· angry and vulgar argumentative messages
· cruel, offensive, and insulting messages
· threats and false promises

The cyberbully can:

· post secrets or embarrassing information, including pictures, for everyone to see
· post gossip or rumors for the explicit purpose of damaging the person’s reputation
· send out messages pretending to be the victim in an attempt to damage that person’s friendships
· alienate the victim from online groups

For more information on cyberbullying and how to prevent and report it review the links below:

http://cyberbully.org/
www.ncpc.org/cyberbullying
http://www.securityorb.com/docs/cyberbully/

www.mcgruff.org/Advice/cyberbullies.php