Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Extortion By: Brianna White. Definition Cyber Extortion ◦ A crime involving an attack or threat of attack against an enterprise, coupled with a.

Similar presentations


Presentation on theme: "Cyber Extortion By: Brianna White. Definition Cyber Extortion ◦ A crime involving an attack or threat of attack against an enterprise, coupled with a."— Presentation transcript:

1 Cyber Extortion By: Brianna White

2 Definition Cyber Extortion ◦ A crime involving an attack or threat of attack against an enterprise, coupled with a demand or request for money to avert or stop the attack

3 Regular Extortion Examples A phone call that begins with the words: We have your child – we want $250,000 to guarantee her safe return. If you go to the police, you will never see her again You receive a thick manila envelope with compromising pictures of you and a young woman, not your wife. You’ve been invited to a local bar to talk Your struggling coffee shop is visited by two very large guys who offer to protect you from the local thugs for just $100 a week – no telling what will happen without this service

4 Cyber Extortion Examples Using Data as a hostage ◦ A programmer of Walchi Innovation Technologies (WIT) broke into the company’s computer system, changed access codes and passwords, and effectively locked out the company and its customers from getting into the company’s information system ◦ Mr. Westrick asked for $300,000 in order to reveal the codes and passwords

5 Cyber Extortion Examples Threat to send millions of spam e-mails and host a malicious website in order to damage the reputation of New York Life ◦ A hosting website held threats such as:  These things, unless you honor the below claim, WILL HAPPEN on March 8, 2010  My demand is now for $198,303.88. This amount is NOT negotiable, you had your chance to make me an offer, now I call the shots  I am a huge social networker, and I am highly experienced. 200,000 people will be directly contacted by me through social networks, slamming your integrity and directing them to this website within days  I think you get the idea, I am going to drag your company’s name and reputation, through the muddiest waters imaginable. This will cost you millions in lost revenues, trust and credibility not to mention the advertising you will be buying to counter mine. Sad thing is it’s almost free for me!  The process is in motion and will be released on March 8th, 2010. If you delay and the site goes live, The price will then be $3,000,000.00

6 Cyber Extortion Examples Stealing and Planting Data ◦ Bot- malware that continually communicates with its bot herder to pass information and receive commands ◦ Popular in Russia, child pornography is planted on the victim’s computer along with the display of a large banner threatening to notify the authorities unless a $17 fee is paid ◦ The malware also disables many of the computer’s basic features to prevent them from deleting it

7 Cyber Extortion Categories Data held hostage ◦ Victim’s company is put into limbo while negotiating The release of protected or personal data ◦ Medical, Identity, Credit Card Selling Corporate secrets ◦ Strategies, Technologies, Relationships The release of private corporate personal info ◦ Personal pictures that should never be released Distributed Denial of Service (DDoS) ◦ Bots from cyber-crime tolerant countries wreak havoc on almost any commercial or government site

8 Data held hostage Simple hostage attacks, such as stealing the most recent backup and wiping the original version from the corporate servers Complex attacks, such as changing the encryption key (similar to a complex password) within a database and holding the new key hostage “Data is the new oil of the digital age.”

9 The release of protected or personal data Biggest financial and reputation fear is the compromise of protected information This may result in huge government or industry fines, a flight of customers from an embarrassed or perceived technically incompetent company, or both Instead of using this information for identity or financial theft, it is used to threaten the victim with the disclosure that the information has ben stolen, and a ransom payment may be less expensive than the company fallout

10 Selling corporate secrets Cyber-thieves who are able to obtain corporate secrets might be able to name their own price from a company willing to go to any lengths to protect their own vital information Unlike compromised medical information, for example, corporate secrets might have a significant resale value to other corporations around the globe The resale threats are sure to get the company’s attention

11 The release of private corporate or personal information Consider the e-mails, texts, tweets, and more from celebrities, athletes, and government officials in the last year We’ll realize that these are scandalous materials that shouldn’t be shown to the public Imagine the things hidden from the public view on corporate computers

12 Distributed Denial of Service (DDoS) 50% of home computers can be directed to send an unlimited number of communication requests to any web site in the world Because of the unstoppable nature of a DDoS, a cyber-extortionist can easily launch a DDoS attack on a company web site to validate his threat. It would just be a matter of negotiation after that.

13 As the number of enterprises that rely on the Internet for their business has increased, opportunities for cyberextortionists have exploded. The probability of identification, arrest, and prosecution is low because cyberextortionists usually operate from countries other than those of their victims and use anonymous accounts and fake e-mail addresses

14 Cyberextortion can be lucrative, netting attackers millions of dollars annually. A typical attack may result in a demand for thousands of U.S. dollars. Payment does not guarantee that further attacks will not occur, either by the same group of cyberextortionists or by another group.

15 Through concerted, high tech efforts, a few cyberextortionists have been found, arrested, prosecuted, convicted and sentenced to prison. However, according to some reports, most cyberextortion episodes go unreported because victims don't want the publicity and that, furthermore, the majority of reported episodes don't result in arrests. Therefore if it’s hard to get caught and a lucrative business, then why not take advantage?

16 Avoiding Cyber Extortion Victimization Use simple rules for cyber safety Businesses should inspect and protect their physical IT environments as well as their web applications Every departing employee should be viewed as a potential threat At home, install quality virus and malware software and make sure your browsers operating systems are current Consider a plan to mitigate your cyber risk should it occur


Download ppt "Cyber Extortion By: Brianna White. Definition Cyber Extortion ◦ A crime involving an attack or threat of attack against an enterprise, coupled with a."

Similar presentations


Ads by Google