BetCris and Blue Square Hit with Pricey DDoS Attack

DDoS extortionists demand money for DNS attack security

November 22, 2003 - BetCris, an online sports betting company, came under one of the largest Distributed Denial of Service (DDoS) attacks ever seen. The DDoS attack was part of an extortion scheme. A message from the attackers stated, "You can send us $40K by Western Union [and] your site will be protected not just this weekend but for the next 12 months or if you choose not to pay...you will be under attack each weekend for the next 20 weeks, or until you close your doors."

The DdoS attack came at the start of a very busy wagering season, and this meant that millions of dollars could be lost from Domain Name Service (DNS) server downtime. For every day BetCris stayed offline, it lost approximately $100,000 (US). The solution came from a young IT specialist who created a pack of original code using some commercial products. During the DNS attack, the extortionists sent as much as 3Gbps of bogus traffic to BetCris, from more than 20,000 bots. The DDoS attack was stopped on December 12, 2003, and the company and its ISP provider came back online.

Soon after in 2004, the online sports betting company Blue Square was the target of several DDoS attacks. The DDoS DNS attacks were part of another extortion scheme carried out by Russian cyber criminals. Detective superintendent Mick Deats stated "We are definitely seeing a rise in DDoS attacks across the board as the criminals understand that any company that does all or even part of its business online is vulnerable."

The DDoS DNS attacks temporarily closed Blue Square and caused the company to loose significant amounts of money. The cyber criminals asked for money to "protect" the company, but Blue Square did not give them money. However, many companies prefer to pay the "protection" money because the demands are cheaper than the lost money due to DNS downtime. "When it was a low-level thing, I paid $500 one time," stated Mickey Richardson, general manager of BetCris. However, it is more likely that the DNS extortionists will eventually return, release a DDoS attack and ask for more money.

Source: The Free Library

About Secure64 Software Corporation
Secure64® is a software developer providing highly secure DNS and server applications with built-in denial-of-service protection features to help ensure your Internet-dependent business is always accessible. Based on the genuinely secure SourceT® microOS, Secure64 DNS remains highly available during network attacks and is immune to compromise from rootkits and malware.

DNS Security News Index