Hacking the Odds
Last year, VIP Management Services, an online sports betting and gambling company based on the tiny Caribbean island of Curaçao, received an unnerving e-mail. Criminals had hacked into its computer system and offered an ultimatum: Pay $30,000 in ransom or have its computer systems grind to a halt. As the company’s computer servers are its ...
Last year, VIP Management Services, an online sports betting and gambling company based on the tiny Caribbean island of Curaçao, received an unnerving e-mail. Criminals had hacked into its computer system and offered an ultimatum: Pay $30,000 in ransom or have its computer systems grind to a halt. As the company’s computer servers are its sole platform for doing business, VIP paid up.
And it’s not alone. Based primarily in Russia and Eastern Europe, organized criminal groups are increasingly targeting corporations for large-scale extortion schemes. In recent years, such plots have also been uncovered in Australia, Britain, Canada, Thailand, and the United States.
Businesses with a high dependence on digital technologies — such as online casinos, banks, and e-commerce hubs — are the most likely to fall victim to this form of online hijacking. The attacks are carefully planned. After cracking into victims’ computer systems, extortionists normally send e-mails demanding that ransoms as high as $100,000 be sent via money transfer agencies, such as Western Union. It is difficult to estimate how much money is extorted globally each year, because experts say only 10 percent of extortion cases are reported to law enforcement agencies. But monetary losses are substantial. Reports suggest that gambling sites alone pay out millions of dollars in extortion money each year.
Some companies prefer to take their chances with a cyberattack. Last fall, credit card payment processor Authorize.net refused to pay an extortion demand of a "substantial amount of money" and faced repeated denial-of-service attacks that disrupted business for more than 100,000 clients. That’s why many companies choose to negotiate or simply pay up, rather than lose customers’ trust, attract media attention, or face legal action for failing to adequately protect their patrons’ private information.
Britain’s National Hi-Tech Crime Unit and the U.S. National White Collar Crime Center are teaming up with similar agencies in Russia and Eastern Europe to help prosecute online extortionists. But success is making some criminal outfits more brash. And many nations lack the resources to investigate, let alone prosecute, this new form of cyberterrorism. Which means for small Caribbean operations such as VIP, it’s paradise lost.