Latest posts by Alvin Bryan (see all)
- Millionaire Tyupkin Malware ATM Hackers May Come to US, India After Hitting Europe - October 23, 2014
- BitLicense Will Allow Bitcoin Spying in New York - October 22, 2014
- Australians are Fighting Data Retention Laws - October 22, 2014
Hackers have tried blackmailing companies before. But instances of extortion have increased. Instead of stealing sensitive customer data, hackers are asking for payoffs so they won’t make good on their threats.
Recent Rise in Hacker Extortion
Hackers still go for the direct approach, stealing customer data from big companies. The attack on Target is a good example of this. Millions of stolen credit cards is very valuable booty. But in the past few weeks, a new trend has surfaced. Hackers have been using extortion a lot to profit from these companies. Hackers have tried blackmail in the past, but extortion is a popular tactic now more often than ever before. It seems it has become more profitable than actually executing a hack.
To get their payoffs, hackers threaten to take down company websites or release company secrets. The hackers ask for payoffs of up to thousands of dollars. The hackers are going for prestigious targets, probably because they would be less willing to risk exposure. Two companies in the last half of this month have described their experiences. One is the social media forum Meetup, which has a relatively large user base. The other is the well-known software and CMS developer Basecamp. Neither of these companies paid the requested ransoms. The hackers took down the social media site for a day and the developer’s services went down for a few hours.
Basecamp partner David Heinemeier Hannson commented that the hackers couldn’t get into their systems, but were able to block authorized access. In cases where actually breaking into a system would be very difficult, extortion makes sense. This also works for companies that do not have a lot of valuable user data. Instead, hackers bet that the administrators have more to lose from a system shutdown than data loss.
Meetup co-founder Scott Heifernan said that they refused to pay the hackers off because it sets a bad example. For one thing, paying them off makes the company an attractive target or future blackmail. And he also said that the hackers asked for a small amount, which was a sign that they were testing the company. Hannson had the same reasons for not paying the ransom. The practice of dealing with cyber extortionists can also become a habit among Internet companies. This aggravates the situation and can also encourage the practice. Taking a stand like this against the hackers is an encouraging step.
Security experts say that cyber extortion actually happens more often that we would expect. Most companies are just not comfortable telling their stories. Experts say that it would be especially embarrassing for them if they paid the hackers off. One security company, Symantec, says that every year about US $ 5 million on average is paid to cyber extortionists. In individual cases they have dealt with, the company says that hackers have asked for US $ 50,000 and even US $ 150,000.
CloudFlare and US VPNs Prevent Extortion
CloudFlare’s CEO Matthew Prince shared that every couple of days they get requests for help from companies that have received threats. CloudFlare helps these websites by sorting website traffic to weed out suspicious visitors. To weed out bad traffic, a tool needs to draw from a big source. This can get costly for companies, but is necessary to prevent extortion. US VPNs like ExpressVPN work from the other end. They focus on the user to protect them from being tracked to online services. US VPNs are much more affordable, so all users can use them to prevent their accounts from being hijacked. Hackers often gain access to company systems through user accounts. By preventing hijacking, US VPNs also help companies.