Perhaps, we all have seen Hollywood movies in which college dropouts hack into the networks of big organisations including government departments within fraction of seconds and bring them down on their knees. There is nothing in the world which can stop these individuals. There criminal but genius intellect can make them rich any given day. They hack into the most secure networks; steal the most confidential data on earth and engage in cyber extortion. This is a concept of “Hollywood Hacker”. Although it is much exaggerated from reality, but it does give a sense of direction the thought process involved in “hacking world” is moving in. Infact cases have happened wherein a lone-wolf hacker or a group of hackers have barged into the networks of leading organisations, humiliating them and then demanded a ransom against the data stolen.
Cyber extortion is a reality and it has established itself as a formidable criminal activity in the last decade. No more can it be ignored. The threat of network intrusion by cyber criminals keeps the security experts on their toes all the time. They have to ensure a foolproof security system, even when their is none. For them it is a continuous never-ending task just like the climb of Sisyphus, the Greek mythological king of Ephyra.
In this article we bring to you 5 cases of cyber extortion that show the threat is real.
1. Nokia cyber extortion case
A Finnish television station MTV reported that in 2007 hackers had stolen source code for part of its smartphone operating system. This news was later confirmed by local police who were investigating the case. Reportedly, the thief had resorted to blackmail, threatening Nokia that if money was not paid he would reveal the key to public.
If the source code to Symbian (Nokia’s smartphone operating system) was leaked to public, it would have enabled hackers around the globe to infect millions of smartphones with malware without the fear of detection.
The report further stated that Nokia paid a multi-million dollar ransom to hackers agreeing to deliver cash to a parking lot but also tipped Finland’s National Bureau of Investigation. However, the criminals escaped untouched after a botched up operation by the police who lost track of the criminals after they picked up money.In 2007, Nokia had a share of around 50% in smartphone market across the globe and Symbian was also used by other manufacturers. By 2006 Nokia had shipped around 100 million devices. This would somehow explain why Nokia budged to the demand.
2. Feedly & Evernote cyber extortion case
In 2014, popular RSS feed service provider Feedly and online notes and web clipping service Evernote reported Distributed Denial of Service attacks. The attackers engaged the servers with DDoS attacks so as to prevent users from accessing the service.
As per a blogpost by Feedly, the hackers demanded money which the company refused to give. Feedly also issued a statement saying they were working in close association with organisations experiencing similar attacks. For Evernote, it was not a first cyber attack. Infact in 2013, hackers had managed access to its database of user details including names, email addresses and encrypted passwords.
3. Domino’s cyber extortion case
The popular fast food service came under cyber attack in year 2014. Infact the hackers group Rex Mundi publicly announced that it had stolen customer records of 650,000 French and Belgian fans and demanded a ransom of Euro 30,000 from the world famous pizza chain. The group also disclosed that Domino’s had used MD5 hash key to encrypt the data.
Domino’s acknowledged via Twitter that they had received the ransom request and had refused to comply with the ransom demand. Instead it asked customers not to worry because stolen data did not contain any financial information and advised customers to change their passwords.
4. Code Spaces cyber extortion case
This is one of the extortion hacks ever happened which led to the closure of a company. The code hosting company was first attacked through Distributed Denial of Service (DDoS) followed by takeover of firm’s Amazon EC2 control panel by a hacker. The hacker deleted EC2 machines, storage volumes and backup data via the company’s AWS management console.
The firm did not comply with the extortion demands. Instead it put up a fight by trying to regain control by changing passwords. However, the criminal had created backup logins to the panel and responded by deleting files. Finally most of their data, backup and machine configurations had been deleted and had to shut down.
5. One More Cloud cyber extortion case
Websolr and Bonsai, two search application infrastructure services provided by One More Cloud LLC, were hacked in a similar fashion as that of Code Spaces. The attacker gained control of AWS EC2 control panel and started to wreak havoc through that access. However, smartplay by Websolr and Bonsai saved them from shutting down. Unlike Code Spaces, Websolr and Bonsai were able to locate the compromised API access key quickly and revoke it immediately to prevent long-term compromise and keep a blackmailer from maintaining control over systems. As a result, One More Cloud was able to recover its data and service was completely restored in a couple of days.
These 5 cases make it clear that cyber extortion is a reality. People hack into networks, steal data and threaten to make it public. The only way we can fight this menace of extortion is by being one step ahead of the criminals. Keep yourself updated, update your network security regularly and keep looking out for loopholes and plug them up.