Now businesses hit by cyber extortion

ABHISHEK KAPOOR

VADODARA, JUNE 6: As if viruses and identity thefts were not enough cause for worry, cyber extortion is now giving Internet users and website owners sleepless nights.

This phenomenon of blocking websites and demanding ransom for its restoration cause huge losses to businesses, say experts. This kind of cybercrime is trickling to small business centres like Vadodara too.

On June 1, a credit card payment gateway company received an e-mail that threatened to attack their site if $10,000 was not wired to an offshore account. Soon under attack, the website went offline. In computer parlance, it’s called Distribution Denial of Service (DDoS) attack.

A denial-of-service attack disrupts business activities by stopping the operation of the website, email or web applications. ‘‘The time and money spent to shield oneself is an enormous drain,’’ says Kishore Tarachandani, who runs a web solution company Dots&Coms in Vadodara. Being a sub-merchant, his business was affected by the June 1 attack on the Mumbai company. In a typical DDoS attack, key resources like bandwidth, CPU and memory are overloaded, rendering them unavailable for use. Virtually, any organisation that is connected to the Internet is vulnerable to these attacks.

According to moderate estimates, as many as 2,000 websites come under such attack each week. ‘‘Each week, we get SOSs from two to three firms that have been DDoSed,’’ said Divyank Turakhia, president and director of Directi, a Mumbai-based web services firm.

Turakhia himself faced hard times a while ago when an attack of as large as 340 mbps disrupted his business for more than eight hours.

The scale of cyber ransom can be gauged from the fact that a Google search returns 1.33 lakh entries on the topic. Generally, victims do not make this problem public due to fear of bad publicity and negative effect on business. That the law does not offer adequate protection to them compounds matter.

‘‘Such an attack cannot be the work of a script kid tinkering with small stuff. It requires the right combination of brains and computing,’’ says Turakhia, who spent a large sum on security after his sites were attacked a couple of times.

‘‘I know of people who have paid up. The threats are anonymous or untraceable. The attacker could be an insider sitting right in your office or in Chechnya. Though law enforcement officials may be able to help, there are agencies that can help strengthen one’s computer systems against such attacks,’’ says Tarachandani.

The situation, according to Internet security experts, is not much different in the western world. Turakhia says the Federal Bureau of Investigation (FBI) in the US have special teams to track such attacks. Tarachandani believes that an agency like the Computer Emergency Response Team (CERT) in the US is just beginning to get a hold over the issue. ‘‘In India, the government has tried to replicate CERT. Today, it remains nameless and toothless,’’ says Tarachandani.