They're still paying up, says one expert...
Published: 6 October 2005 09:15 GMT
A security expert from IBM has controversially suggested a number of large companies are still "more often than not" paying off cyber criminals threatening them with distributed denial-of-service attacks.
The accusation comes despite claims from many major online businesses who say they do not negotiate with criminals.
Speaking at Virus Bulletin 2005 in Dublin, malware specialist at IBM, Martin Overton, said the DDoS scams, which typically target companies that rely upon peaks of online transactions such as internet bookmakers, are still a major money spinner for the criminals.
Discussing the dilemma many bookmakers have faced, Overton said: "If you're a bookmaker and somebody comes to you and says we're going to take you down during a major sporting event, what are you going to do?"
"More often than not they pay up," Overton told delegates.
And it's not just the bookmakers who are paying up, Overton said, explaining that one compelling incentive employed by the criminals is to ensure their ransom demands undercut the cost of preventing or cleaning up such an attack.
Stories of companies paying the extortionists' ransom in the earliest days of this type of threat are not uncommon but many reputable online firms have long maintained they do not do deals with criminals.
Companies have also been open about criminal approaches in order to get the issue into the open, rather than paying up and keeping quiet. So Overton's words will come as a surprise to many.
Although there have even been significant successes even among smaller firms who have refused to pay and have withstood subsequent attack due to effective planning and provisioning, Overton said no business can ever be entirely protected from DDoS.
He said: "You can put systems in place to ease the pain but you can't stop it altogether."
Also speaking at Virus Bulletin 2005, Dmitry Gryaznov, from McAfee, said the potential will always exist for a DDoS attack "powerful enough to take down any website – no matter how powerful their servers are" – a claim which is at odds with those on the carrier and infrastructure side who argue such attacks can be diverted and sidetracked to minimise impact on the targeted business.
Your main responsibilities will be to manage, monitor and maintain the server farm used by staff in Leeds and other European offices as necessary, ...
These next-generation threats attack on multiple levels of the network infrastructure. CompanyMcAfee creates best-of-breed computer security ...
Experience supporting complex technical environments Professional, business-focused attitude and courteous manner towards clients, partners, and ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Tim Ferguson Exclusive: Former MySQL boss Marten Mickos talks open source Why Microsoft could become one of the "biggest friends of open source" and why Oracle getting its hands on MySQL could be "one of the biggest open source coups ever"...
Naked CIO Naked CIO: Cloud computing more expensive than we thought? Smart IT leaders will examine the impact of how they pay for tech