Retaliatory DDoS Attack and Large-Scale Hacking: The Threats Continue


Two headline grabbing criminal cases bring stark reminders that services and data remain vulnerable to unauthorized access, misuse and abuse.

In one case, Dutch authorities are holding a suspect on suspicion of participating in a distributed denial of service attack.  Reportedly, the attacks slowed Internet service globally for several days in April (especially for Russia and other European countries).  The authorities suspect that the attacks were in retaliation for postings by a spam-tracking service provider, which listed the accused’s web-hosting service as a suspected spammer.

In the other, old school meets new school.  In February, thieves struck ATMs for over 10 hours, withdrawing $2.4 million in New York City alone. The thieves were part of an Internet hacking ring which was able to manipulate financial information through an unnamed Indian credit-card processing company that handles Visa and MasterCard prepaid debit cards.  The hacking allowed the thieves to raise the withdrawal limits on the prepaid debit accounts issued by a bank in the United Arab Emirates, the National Bank of Ras Al-Khaimah, a/k/a Rak Bank.  Using prepaid cards does not set off account alarms as quickly because no individual bank account is being compromised.  With five account numbers, hackers distributed the information to individuals in 20 countries who then encoded the information on magnetic-stripe cards.

MasterCard alerted the Secret Service to the activity soon after the transactions were completed.  The thieves first struck in December via the Indian processing company but by February, the hackers had infiltrated a card processing company based in the U.S. (name not yet disclosed).  It remains unclear who ultimately is responsible for the losses.

creditcardwith lock laptop

See NYT articles:

See another update – vendors identified (EnStage and ElectraCard):