The global and independent platform for the SAP community.
MAG 15-12

Non negotiable

Blackmail enjoys unbroken popularity among cybercriminals. Once they have tasted blood, they quickly thirst for more. Victims who want to sweep the problem under the rug and pay secretly may end up paying twice.
E-3 Magazine
December 3, 2015
Content:
2015
avatar
This text has been automatically translated from German to English.

Young, male, tech-savvy, few social contacts, high need for attention - this is how many people imagine the typical cybercriminal. We have been trying to dispel this cliché from people's minds for years.

They are false and "the" cybercriminal is trivialized. In truth, he is highly professional and motivated by only one thing: Money.

A recent case in Switzerland shows that a large part of the cybercrime business is closely linked to "traditional" crime:

An email provider was attacked using distributed denial of service attacks. This part of the crime, the threat, actually took place in cyberspace. In the next step, however, demands for protection money were made - very old school.

No business with criminals

According to the doctrine known from politics

"We do not respond to ransom demands"

the provider decided against payment. The announced attack followed - and was directed not only against the email provider itself, but also against its Internet service provider and its data center, and was so massive that other customers were also affected.

The pressure increased enormously, so that the email provider finally paid the demanded sum of 15 Bitcoins (approx. 5,350 euros). The attacks continued - even after the demands had been met.

The email provider has since made this attack public with many details and announced that it will never pay a ransom again. Thanks to cooperation with the Swiss Reporting and Analysis Center for Information Assurance (Melani), it has also become clear that the attacks have targeted other companies and are being carried out either in different stages or even by different groups.

This example shows that we are not dealing with young "nerds" who get a bit rowdy. Today's cyber criminals are part of organized crime.

This can be seen both in the use of tried and tested "business models" (e.g. protection rackets), which are transferred to cyberspace, and in the necessary structures in the background.

In real life, handing over money is the most dangerous part of the criminal's enterprise. Law enforcement agencies have also been masters at following the "money trail" for many decades. Hence the high demand for ever new methods of money laundering.

In this specific case, the protection money was paid via bitcoins. But cryptocurrencies are not so anonymous either. Although it is difficult to assign an account (or "wallet") to a user, the content and transactions are publicly visible and traceable for everyone.

So even with cryptocurrencies, money laundering is an integral part of the business model. I assume that many other companies have also already fallen victim to such attacks - this is inevitably due to the maturity of the attacks and processes, but also to our investigations into the cyber underground.

Victims often simply pay silently - but in doing so, they encourage the criminals in their actions. I am therefore grateful to the email provider for bringing this case into the public eye and making it clear that paying is not a solution.

As with classic protection rackets, the criminals only take this as a sign that they have "broken" their victims and can go even further with a little more pressure - profit maximization, so to speak.

So if you are the victim of such an attack, inform the law enforcement authorities or the relevant reporting offices! Only then is there a chance of putting the case in a wider context, for example by providing information about similar cases, or tracing the money - and therefore also the blackmailers.

So that the criminals behind them can be put behind bars in the traditional way, even in the digital age.

avatar
E-3 Magazine

Information and educational outreach by and for the SAP community.


All articles of the author

Write a comment

Worry lines in the SAP Basis

Tobias Braun new CFO at Detecon

AI-Supported Supply Chain Innovations

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork. All information about the event can be found here:

SAP Competence Center Summit 2024

Venue

Event Room, FourSide Hotel Salzburg,
At the exhibition center 2,
A-5020 Salzburg

Event date

June 5 and 6, 2024

Regular ticket:

€ 590 excl. VAT

Venue

Event Room, Hotel Hilton Heidelberg,
Kurfürstenanlage 1,
69115 Heidelberg

Event date

28 and 29 February 2024

Tickets

Regular ticket
EUR 590 excl. VAT
The organizer is the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes the attendance of all lectures of the Steampunk and BTP Summit 2024, the visit of the exhibition area, the participation in the evening event as well as the catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due time.