The online mafia

Cyber gangsters are using computer networks to blackmail businesses - and they could be making you an unwitting accomplice

Detective Chief Superintendent Mick Deats, the head of the National Hi-Tech Crime Unit (NHTCU), has an impossible task. How does he defend the UK against attacks from 11 million PCs around the world? The problem with "botnets" (as groups of these machines are known) is becoming serious. "One indication of the increase in organised crime groups' use of botnets is that 25 per cent of our work revolves around this area of criminality, and that looks likely to increase," Deats says.

Detective Chief Superintendent Mick Deats, the head of the National Hi-Tech Crime Unit (NHTCU), has an impossible task. How does he defend the UK against attacks from 11 million PCs around the world? The problem with "botnets" (as groups of these machines are known) is becoming serious. "One indication of the increase in organised crime groups' use of botnets is that 25 per cent of our work revolves around this area of criminality, and that looks likely to increase," Deats says.

The NHTCU is charged with the task of combating computer-based serious and organised crime. Here's an example of what it's up against; several UK gambling firms were targeted by Russian criminals using botnets to bombard websites with millions of messages (packets of data) in an attempt to put them off the air. "William Hill did incur a DOS [denial of service] attack in early 2004, and an extortion demand for $50,000," said a spokesman for the company. "We were and remain totally non-compliant with demands of this nature." During the attack, William Hill's online gaming trade dipped by 30 per cent.

A spokesman for Coral confirmed that the company had also received extortion demands. The denial-of-service attacks caused only "minimal disruption" and Coral now has defensive measures in place. Ladbrokes was not affected by the attacks, despite criminals flooding its internet service providers with bogus traffic. "Investment in our internal security systems is reaping dividends, thankfully, and we have not been the subject of demands or threats," said a spokesman.

Following the money trail from companies who did pay up, the NHTCU helped to dismantle a determined group of organised criminals. In July, a joint operation with its Russian Federation counterparts saw the arrests of three men suspected of running a global protection racket netting hundreds of thousands of pounds from online gambling sites. The case has yet to be tried.

So how do botnets work? A bot is a hidden remote-control program loaded on to your computer without your consent, and increasingly used for villainous purposes. Under the control of a "botherd", the botnet can be anything from few hundred to tens of thousands of machines. Large botnets pack a mighty electronic punch when the combined bandwidth attacks a website, denying access to legitimate users. Botnets send out spam, carry out identity theft, mount "phishing" scams (getting people to divulge personal information and data) or disseminate new malware (malicious software, designed to damage or disrupt a system).

"Botnets are attractive to hi-tech criminals because they can be reconfigured to commit different crimes and reprogrammed in response to new security developments, and particularly because criminals can use them to commit offences on a massive scale," Deats says.

It all began, innocently enough, in internet relay chat (IRC) channels, where the first bots were created as robotic helpers. Eventually, somebody demonstrated that large groups of compromised PCs could be controlled from an IRC channel, and the botnet was born. "We know, for example, that botnets are also increasingly being hired out to third parties, making them a valuable commodity in themselves," Deats says.

A botherd may control different types of bot. They swap information, services or favours, and read underground hacker publications on how to make money from their botnets. Botherds will even patch your computer with the latest Microsoft security updates to prevent other botherds from stealing it. And one-line commands initiate massive attacks from as many as 75,000 bots simultaneously.

This is what the NHTCU is now afraid of: that serious organised crime will pay hackers to write more powerful bots. Worryingly, it has noted denial-of-service extortion attacks on other kinds of firm as the online gaming industry strengthens its defences and refuses to pay up. The NHTCU also strongly advises home PC users to install the latest software patches and anti-virus software and a firewall.

AOL does more than most internet service providers to curb the botnet menace. Broadband customers have free McAfee firewall software, backed by central virus and spam scanning. An AOL spokesman claims that other ISPs face problems: "Most ISPs could, at peak, be experiencing hundreds of compromised accounts each day; probably more among those ISPs that don't have a strong security focus."

But it's easy to ignore nagging messages from Microsoft Windows about updates. Worse still, you might have a totally unprotected PC. The result? The IT firm Mi2g says there's now a malware epidemic, with as many as 11 million computers around the world being permanently infected "zombies" - that's another name for bots.

The head of threat analysis at Symantec, Nigel Beighton (he's also the company's director of enterprise strategy) knows all about user laziness. The company reckons that 30,000 new machines are recruited as bots every day, although its Norton software products will repel viruses, worms and malware. "It's now quite common for us to see that denial-of-service attacks are sophisticated and can be controlling 30,000 bots at time," Beighton says.

Matt Sergeant, a senior anti-spam technologist at Messagelabs, also understands the problem. From its work in filtering spam and viruses, Messagelabs reckons that 70 to 90 per cent of spam is sent by botnets. Sergeant says his company works with law enforcement to seek justice, even though this runs the risk of becoming a target of some "particularly nasty" people.

You might imagine that such people are tucked away in Eastern Europe, China or the spammers' favourite location, Florida. Certainly, most of the machines they control are overseas. But sometimes the long arm of the law isn't too stretched; in February, two men in Bolton, Lancashire and Carshalton in south London were arrested on suspicion of conspiracy to commit offences under Section 3 of the Computer Misuse Act 1990. Computer equipment was seized and examined.

An FBI document obtained by The Independent gives detailed insights into the arrests. A botnet of up to 10,000 computers controlled from the UK was used for denial-of-service attacks on US businesses. What makes this really alarming is that botherds were hired by an American businessman through an intermediary to attack his competitors' websites. The Moroccan-born American is now a fugitive.

Attacks on firms here in the UK are continuing. Blue Square is one of the largest interactive betting services in the UK. In October, a brief denial-of-service attack, cutting trade by 15 per cent, was followed by a poorly-written e-mail demanding €7,000 (£6,200). A phone call from a man with an Eastern European accent then threatened to send out pornographic child images in the company's name. Blue Square immediately went public to prevent a public relations disaster. "It now looks like it was an empty threat, although obviously a deeply unpleasant one," says a company spokesman.

The problems for law enforcement don't get any easier. Botnet technology has combined with phishing, another major concern for the NHTCU. Phishing fools 5 per cent of recipients into divulging bank details, credit-card numbers, user names and passwords. According to the Anti-Phishing Working Group, the number of spoof websites that are hosted on compromised broadband PCs has risen by more than 50 per cent. The sites are quickly switched around, suggesting that some degree of automation is involved. And the phishing e-mails are already sent out by botnets.

In the face of this growing evidence of hi-tech criminal activity, it is hard not to conclude that the computer gangsters have the edge - for now. It's the job of the cyber police, such as the NHTCU, to change that.

Voices
The Sumatran tiger, endemic to the Indonesian island of Sumatra, is an endangered species
voicesJonathon Porritt: The wild tiger population is thought to have dropped by 97 per cent since 1900
Arts and Entertainment
Beast would strip to his underpants and take to the stage with a slogan scrawled on his bare chest whilst fans shouted “you fat bastard” at him
musicIndie music promoter was was a feature at Carter gigs
News
news
Arts and Entertainment
Story line: Susanoo slays the Yamata no Orochi serpent in the Japanese version of a myth dating back 40,000 years
arts + entsApplying the theory of evolution to the world's many mythologies
PROMOTED VIDEO
News
Performers dressed as Tunnocks chocolate teacakes, a renowned Scottish confectionary, perform during the opening ceremony of the 2014 Commonwealth Games at Celtic Park in Glasgow on July 23, 2014.
news
Life and Style
Popular plonk: Lambrusco is selling strong
Food + drinkNaff Seventies corner-shop staple is this year's Aperol Spritz
News
Gardai wait for the naked man, who had gone for a skinny dip in Belfast Lough
newsTwo skinny dippers threatened with inclusion on sex offenders’ register as naturists criminalised
News
Shake down: Michelle and Barack Obama bump knuckles before an election night rally in Minnesota in 2008, the 'Washington Post' called it 'the fist bump heard round the world'
newsThe pound, a.k.a. the dap, greatly improves hygiene
Arts and Entertainment
La Roux
music
Arts and Entertainment
Graham Fellows as John Shuttleworth
comedySean O'Grady joins Graham Fellows down his local Spar
News
people
News
ebookA unique anthology of reporting and analysis of a crucial period of history
News
Ross Burden pictured in 2002
people
News
Elisabeth Murdoch: The 44-year-old said she felt a responsibility to 'stand up and be counted’'
media... says Rupert Murdoch
Arts and Entertainment
tv
Extras
indybest
Sport
Arsenal signing Calum Chambers
sportGunners complete £16m transfer of Southampton youngster
Independent
Travel Shop
the manor
Up to 70% off luxury travel
on city breaks Find out more
santorini
Up to 70% off luxury travel
on chic beach resorts Find out more
sardina foodie
Up to 70% off luxury travel
on country retreats Find out more
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

iJobs Job Widget
iJobs General

Junior / Graduate Application Support Engineer

£26000 per annum: Ashdown Group: A highly successful international media organ...

QA Manager - North Manchester - Nuclear & MOD - £40k+

£35000 - £41000 per annum + competitive: Progressive Recruitment: QA Manager -...

Property Finance Partner

Very Competitive Salary: Austen Lloyd: LONDON - BANKING / PROPERTY FINANCE - ...

Agile Tester

£28000 - £30000 per annum + competitive: Progressive Recruitment: An ambitious...

Day In a Page

The children were playing in the street with toy guns. The air strikes were tragically real

The air strikes were tragically real

The children were playing in the street with toy guns
Boozy, ignorant, intolerant, but very polite – The British, as others see us

Britain as others see us

Boozy, ignorant, intolerant, but very polite
Countries that don’t survey their tigers risk losing them altogether

Countries that don’t survey their tigers risk losing them

Jonathon Porritt sounds the alarm
How did our legends really begin?

How did our legends really begin?

Applying the theory of evolution to the world's many mythologies
Watch out: Lambrusco is back on the menu

Lambrusco is back on the menu

Naff Seventies corner-shop staple is this year's Aperol Spritz
A new Russian revolution: Cracks start to appear in Putin’s Kremlin power bloc

A new Russian revolution

Cracks start to appear in Putin’s Kremlin power bloc
Eugene de Kock: Apartheid’s sadistic killer that his country cannot forgive

Apartheid’s sadistic killer that his country cannot forgive

The debate rages in South Africa over whether Eugene de Kock should ever be released from jail
Standing my ground: If sitting is bad for your health, what happens when you stay on your feet for a whole month?

Standing my ground

If sitting is bad for your health, what happens when you stay on your feet for a whole month?
Commonwealth Games 2014: Dai Greene prays for chance to rebuild after injury agony

Greene prays for chance to rebuild after injury agony

Welsh hurdler was World, European and Commonwealth champion, but then the injuries crept in
Israel-Gaza conflict: Secret report helps Israelis to hide facts

Patrick Cockburn: Secret report helps Israel to hide facts

The slickness of Israel's spokesmen is rooted in directions set down by pollster Frank Luntz
The man who dared to go on holiday

The man who dared to go on holiday

New York's mayor has taken a vacation - in a nation that has still to enforce paid leave, it caused quite a stir, reports Rupert Cornwell
Best comedians: How the professionals go about their funny business, from Sarah Millican to Marcus Brigstocke

Best comedians: How the professionals go about their funny business

For all those wanting to know how stand-ups keep standing, here are some of the best moments
The Guest List 2014: Forget the Man Booker longlist, Literary Editor Katy Guest offers her alternative picks

The Guest List 2014

Forget the Man Booker longlist, Literary Editor Katy Guest offers her alternative picks
Jokes on Hollywood: 'With comedy film audiences shrinking, it’s time to move on'

Jokes on Hollywood

With comedy film audiences shrinking, it’s time to move on