nito - Fotolia
A British man has been extradited from Germany to face charges relating to cyber attacks against two of the UK’s most prominent high street banks.
The 29-year-old, Daniel Kaye of Egham in Surrey, is accused of using an infected network of computers known as the Mirai#14 botnet to attack and blackmail Lloyds Banking Group and Barclays Bank.
The use of hijacked computers or internet-connected devices to carry out distributed denial of service (DDoS) attacks to make organisations’ websites inaccessible, and then demand payment to avoid further attacks, is an increasingly popular form of cyber extortion.
In August 2017, security firm Kaspersky Lab warned that the use of DDoS attacks to extort money from organisations was on the rise.
Services at Lloyds Banking Group, which includes Halifax Bank of Scotland and Lloyds Bank, were disrupted by an apparent cyber attack in January 2017, while Barclays fended off an apparent cyber assault in the same month, according to the National Crime Agency (NCA).
Kaye faces nine charges under the Computer Misuse Act, two of blackmail and one of possession of criminal property.
He is also facing a charge that he endangered human welfare with an alleged cyber attack against Lonestar MTN, Liberia’s biggest internet provider.
Read more about cyber extortion
- Cyber extortion is a growing threat to companies around the world, but the extent of the practice is largely hidden because many firms just pay up and keep quiet, say security experts.
- The 2014 Sony Pictures hack highlights the importance of responding appropriately to email extortion.
- Cyber extortion gang DD4BC is using social media campaigns to garner more attention for its ability to create service disruptions by publicly embarrassing large organisations.
The charges follow an investigation by the NCA, with support from the German federal criminal police office, the BKA.
Kaye was returned to the UK by NCA officers on 30 August 2017 under a European Arrest Warrant and remains in custody. He is to appear today (31 August 2017) at Westminster Magistrates Court.
Luke Wyllie, senior operations manager at the NCA, said the investigation leading to these charges was complex and crossed borders.
“Our cyber crime officers have analysed reams of data on the way. Cyber crime is not victimless and we are determined to bring suspects before the courts,” he said.
In May 2017, Neustar warned that DNS should be at the core of information security strategies as DDoS attacks increasingly form part of wider cyber attacks and continue to ramp up to unprecedented levels.
Read more about DDoS attacks
- Criminal activity has become the top motivation for DDoS attacks, as the average attack becomes strong enough to down most businesses – so taking no action is not an option.
- Average DDoS attacks fatal to most businesses, report reveals.
- There is a real concern that many companies are being affected by the DDoS attacks commissioned by competitors, according to Kaspersky Lab.
- Smaller DDoS attacks can be more dangerous than a powerful attack that knocks a company offline but does not install malware or steal data, warns Neustar.
A DDoS attack can cost an organisation more than $2.5m in revenue on average, according to Neustar’s May 2017 Worldwide DDoS and cyber insights research report.
Globally and in the Europe, Middle East and Africa (Emea) region, 43% of the more than 1,000 infosec professionals polled said more than $250,000 of revenue an hour was at risk, while UK retailers said DDoS attacks typically put $100,000 to $250,000 revenue an hour at risk, the report said.
In January 2017, a Deloitte report said the proliferation of internet of things (IoT) devices and IoT exploit kits might make 2017 a turning point in DDoS attacks requiring new defence tactics.
The report predicted that 2017 would see an average of one attack a month reaching at least 1Tbps in size, with the number of DDoS attacks for the year expected to reach 10 million.
The report ascribed the anticipated escalation to the growing installed base of insecure IoT devices that are easy to incorporate into botnets; the online availability of malware methodologies such as Mirai that allow relatively unskilled attackers to corral insecure IoT devices and use them to launch attacks; and the availability of ever-higher bandwidth speeds.