Hackers’ Latest Weapon: Cyber Extortion

Instead of simply stealing passwords or credit-card data, or locking access to victims’ systems as with ransomware, extortionist hackers try to unearth corporate secrets that they then threaten to make public if victims don’t pay. Because the extortionists threaten to expose sensitive material —embarrassing emails or intellectual property like unreleased movies and scripts, for example—the crime can be “more damaging and impactful to victim organizations than other types of theft of intellectual property” said Charles Carmakal, a vice president with cyber investigations firm FireEye Inc. FEYE 0.61% Adding to the insidiousness of cyber extortion, those targeted by such efforts often have a difficult time determining how much data the hackers really have—and in some cases the extortion attempts are simply bluffs, he said. Law-enforcement agents and private investigators say both types of attack are on the rise. The hackers have leaked unreleased episodes of HBO shows such as the comedy “Ballers,” script notes for its hit show, “Game of Thrones,” and other data such as usernames and passwords used by HBO employees. In many ways, Hollywood is an ideal target for hackers. The sender claimed to have taken over their systems and threatened to go public—a risk not only to their studio but to its clients, including Netflix, which had hired it to work on “Orange is the New Black.” When technical staff checked the Larsons’ computers, they found all information had been wiped except a brief ransom note. The hackers demanded ransom of 50 bitcoins, at the time about $50,000, or they would post an unreleased episode of “Orange is the New Black” on New Year’s Day. The hackers called themselves “The Dark Overlord.” The next weeks felt “like we were living in one of the episodes of the TV shows we do,” Ms. Larson said. Then the hackers tried to extort money from Netlflix too, the Larsons said. Investigators say other victims also are paying ransom demands, and that encourages further attacks.
FireEye first noticed the uptick in extortion cases in 2015. Above, a FireEye information analyst at the company’s California office in 2014.
FireEye first noticed the uptick in extortion cases in 2015. Above, a FireEye information analyst at the company’s California office in 2014.

After years of stealing data for fraud and corporate espionage, hackers increasingly are trying a new way to profit from their digital break-ins: extortion.

Hacks involving HBO and Netflix Inc. NFLX 1.88% in recent months have shed light on the extortion threat, which law-enforcement officials and companies that investigate these digital break-ins say has been on the rise in recent years. Instead of simply stealing passwords or credit-card data, or locking access to victims’ systems as with ransomware, extortionist hackers try to unearth corporate secrets that they then threaten to make public if victims don’t pay.

Because the extortionists threaten to expose sensitive material —embarrassing emails or intellectual property like unreleased movies and scripts, for example—the crime can be “more damaging and impactful to victim organizations than other types of theft of intellectual property” said Charles Carmakal, a vice president with cyber investigations firm FireEye Inc. FEYE 0.61% Adding to the insidiousness of cyber extortion, those targeted by such efforts often have a difficult time determining how much data the hackers really have—and in some cases the extortion attempts are simply bluffs, he said.

FireEye first noticed the uptick in extortion cases in 2015, and observed more than double the number of cases last year as hackers who previously sold stolen data realized that they could make even more money from extortion, Mr. Carmakal said. Other extortionists work for political reasons or “for fame and glory,” rather than money, he said.

Such attacks in the past year have hit medical clinics, which hackers threatened with leaking patient information; casinos, where they threatened to divulge client lists; and energy companies, where hackers have shut down systems needed for mining operations in an extortion episode and threatened to release confidential business contracts and employee data, according to FireEye.

Extortion attacks are a cousin of ransomware hacks, which renders computer files unreadable until a payment is made, and hackers use similar techniques to access corporate data for extortion. Law-enforcement agents and private investigators say both types of attack are on the rise.

In a survey of more than 2,600 executives, consulting firm Grant Thornton found that 17% of cyberattacks in 2016 involved blackmail or extortion, including ransomware attacks, versus…

Tags from the story
,
Written By
More from Industry News

The Democratization of AI: What It Means for Tech Innovation

Source: Knowledge@Wharton The world of high-tech innovation can change the destiny of...
Read More

Leave a Reply

Your email address will not be published. Required fields are marked *