UK and Russia break online extortion ring

Law enforcement officials in the UK and Russia have cracked down on a major extortion ring accused of prying hundreds of...

Law enforcement officials in the UK and Russia have cracked down on a major extortion ring accused of prying hundreds of thousands of dollars from online sports betting websites.

Three men, ages 21, 22 and 24, were taken into custody in separate arrests in St. Petersburg and the Saratov and Stavropol regions of southwest Russia.

The men have not been charged, but are believed to be part of a ring that uses legions of compromised or "zombie" computers to launch denial-of-service (DoS) attacks against online sports betting shops which refuse to pay protection money, said Felicity Bull, a spokeswoman for the National Hi-Tech Cime Unit (NHTCU).

In DoS attacks, web servers are flooded with junk data and network traffic from thousands of machines, preventing them from responding to legitimate requests.

The NHTCU, a law enforcement agency that investigates UK computer crime, worked with their counterparts in the Russian Ministry of Internal Affairs (MVD), including the MVD's computer crimes specialist department and Investigative Committee.

The arrests follow a complaint in October 2003, by Canbet Sports Bookmakers, which was forced to pay protection money to prevent its website from being attacked.

NHTCU and Russian investigators used traditional investigative techniques and computer forensics to trace the extortionists back to Russia and identify them, using information on the source of the DoS attacks and money transfer records. Authorities arrested 10 members of the online extortion gang in Riga, Latvia in November 2003. Those arrests led to the men in Russia, Bull said.

Money transfer agencies helped the NHTCU track the funds, and law enforcement agencies in Australia, Canada, Estonia and the US aided in the investigation.

Authorities believe that organised criminal groups in Russia and other countries run the extortion ring. However, Bull noted that the three men arrested have not yet been charged, that the investigation is continuing and that more arrests are possible. Russian investigators seized computer equipment from the men, which may provide further clues about the criminal gang, she said.

Authorities still do not know how much money the group collected from the bookmakers - although the figure is believed to be in the hundreds of thousands of dollars - or how many sports books it extorted, Bull said.

Online sportsbooks use sophisticated web pages to post odds and collect wagers on a wide range of sporting events. Online sports wagering is illegal in the US, but legal in the UK and other countries.

In the last year, online sports books have become frequent targets of online criminal gangs that are attracted to the cash-rich virtual betting shops, which often keep between $300m (£162m) and $400m on hand to cover bets, according to Dave Matthews, site administrator of Las Vegas Advisor, an online publication serving the gaming industry.

Demands for protection money vary, but typically range from $10,000 for small sites to $40,000 or more for larger operations, said Amran Pena, an information technology consultant who works with online betting shops to secure their networks.

Many online betting shops that serve the US are based in small countries such as Costa Rica and Belize, which lack the resources or expertise to investigate extortion attempts.

If charged, the three men will be tried in Russia. NHTCU also expect more arrests to follow, Bull said.

"We expect to find more people in the chain. Once you arrest somebody, you start to find out so much more," she said.

Paul Roberts writes for IDG News Service

Read more on IT risk management