Computer-based crime, or cyber-crime, is a complex issue in today’s technological-based society. Various crimes ranging from identity theft to extortion can be perpetrated via computer. For every real-world crime, there is a cyber-based equivalent. This article will be the first in a series of articles that will examine a particular crime and its computer-based twin.
What is Cyber-Space?
The term “cyberspace” was first brought to public light by William Gibson’s 1982 novel, Neuromancer. It seemed an apt term to use to describe the tendrils of the vast information network termed the World Wide Web. Like any new frontier, it did not take long for the darker side of human ingenuity to capitalize on opportunity.
Extortion: An Organized Crime Favorite
Extortion is often used as a revenue generator. The term often conjures up visions of Mafia thugs shaking down the neighborhood storekeepers for what they deem as “protection” money. Extortion involves the demand of money in exchange for avoidance of dire consequences for the victim, usually perpetrated by the criminals demanding the money. In the storekeeper scenario, the consequence of failing to pay might result in their shop being burnt to the ground.
In the cyber world, extortion lends itself well to those criminals who know how to perpetrate malicious acts involving computers. Some organized crime syndicates, like the Russian mafia, have adapted quite well to using technology to supplement their real-world schemes.
Corporations as a Target
Cyber-extortion, on the other hand, enjoys a distinct advantage over its real-world counterpart. It can be easier, with the right knowledge and tools, to go after bigger targets…like a multi-million or –billion dollar corporation. Imagine the scenario where company proprietary information critical to remaining competitive was stolen from the corporate network? How much would a large company pay for such information to prevent its leak to competitors that may pay millions just to obtain that information? Another scenario involves the threat of ruining a company's reputation if a demand for payment is not met.
A California man attempted this feat against New York-based insurer, New York Life. Dissatisfied with the performance of a variable life policy purchased from the insurance company, the man demanded $200,000 or he would send out millions of spam emails and post false statements on a website he created in order to damage the company's reputation (Glovin, 2010).
The Dreaded DDoS
Another cyber-extortion tactic that can be used against corporate entities is the threat of a Distributed Denial of Service (DDoS) attack against the corporation's network. This type of scenario was experienced in 2008 just prior to Super Bowl XLII. Targeting online casinos, hackers made threats that a DDoS would be launched, interferring with the betting process prior to the game, unless significant monetary compensation was transferred via Western Union (O'Connell, 2008).
A DDoS attack uses many computers to launch a coordinated DoS attack against one or more targets. Using client/server technology, the perpetrator is able to multiply the effectiveness of the Denial of Service significantly by harnessing the resources of multiple unwitting accomplice computers which serve as attack platforms. These platforms are often unwitting participants, personal computers infected with malware that transform them into "zombies" or bots.
Cyber Extortion and the Individual
Cyber extortion can make a more personal impact when used against individuals. Unflattering personal information found on personal computers or critical proprietary data on enterprise servers could be used as a form of cyber blackmail. How much would an individual pay to prevent unsavory information about his online behaviors and habits from getting leaked to business associates, friends, and family? In a recent Hawaii case that happened in May of this year, one man was indicted for threatening to send sexually-explicit photographs of a woman to her employer (KITV, 2010).
This widespread fear has given rise to a new segment of the insurance industry. There are now dozens of insurers, like the Hartford, that offer "cyber-extortion" insurance. This insurance is designed to cover expenses incurred as a result of an extortion threat to cause disruption of the insured company's information network (IFA Web News, 2009). Perhaps this is a signal that companies in the immediate future will be forced to carry such insurance policies much like liability insurance is required for a company to operate.
References
- Baker, Stewart., Waterman, Shaun., & Ivanov, George. (2010). In the Crossfire: Critical Infrastructure in the Age of Cyber War. McAfee, Inc.
- Glovin, David. (March 8, 2010). Californian Arrested for Cyber-Extortion of Insurer. Bloomberg Business Week. businessweek.com.
- IFAWebnews Staff. (April 3, 2009). The Hartford Offers Privacy, Cyber Extortion Coverages. Insurance and Financial Advisor. ifawebnews.com.
- KITV News. (May 6, 2010). Man Indicted on Cyber-extortion Charge. Honolulu. kitv.com
- O'Connell, Kelly. (January 28, 2008). Online Casinos Will Experience Cyber-Extortion During SuperBowl Betting. Internet Business Law Services. www.ibls.com.
Chris Epley - The author has worked as a field service engineer in support of several DOD contracts that have taken him across the globe. His most ...
Join the Conversation