Business continuity and disaster recoveryBotnet cyberattack costs Japanese company 300 million yen

Published 4 June 2008

There is a new type of blackmail in Japan: Hackers use botnets in denial-of-service attacks on companies’ computers — ending the attacks only when hefty ransom is paid

In Latin America criminals and political militants kidnap senior corporate executives or their family members for ransom; in Brazil, three years ago, criminals kidnapped the mother of soccer phenom Robinho for ransom; Robinho paid, but the incident hastened his departure for Spain, where he is now playing for Real Madrid with his family. Kenichiro Tanaka writes in Yomiuri Shimbun that in Japan we are beginning to witness a new type of blackmail: Blackmailer bombards companies’ Web sites with data sent from tens of thousands of virus-infected personal computers to hamper browsing of their sites. Attackers demand money in return for stopping their cyberattacks. A source said one major Tokyo company suffered more than 300 million yen in damage because access to its site was halted for a week due to the repeated “denial of service” attacks. Net security firms have issued an alert over this new type of blackmail.

On 27 December it became impossible to browse the Tokyo company’s site for its normal offerings of travel, bar, and restaurant information and the sale of daily commodities. Immediately afterward, a person claiming to be from a Net security company sent a e-mail in Japanese to the site operator. The mail read: “Is your company’s Web site still inaccessible? There is a problem with your site so we’re offering to fix it. The repair fee is 480,000 yen. If you don’t pay the fee, you may suffer [further] attacks.” The denial-of-service attacks continued for a week as the site operator ignored the perpetrator’s demand for money. A check of communication records found the denial-of-service attack had sent data at a rate of as much as 6 gigabytes a second. This means that tens of thousands of personal computers were accessing the site simultaneously, causing the operator’s telecommunication lines to break down. The attacks were made by a botnet, a remote-controlled network of “zombie” computers that transmitted data to other computers without the computer owners being aware of it. The attacker aims to stop a target company providing an online service by directing many computers to simultaneously access a target site or tie up the site’s resources by making it process information repeatedly. Although the exact circumstances of the case of the Tokyo company in question are unknown, the botnet attacks were found to originate mainly in China, or via a server there.

The company estimated damages from missing chances to conclude contracts at about 50 million yen a day during the year-end and New Year’s period in which the attacks occurred, in light of the amount of contracts signed in the same period the previous year. The firm reportedly adopted such defense measures as reinforcing the capacity of its telecommunications line. Its site, however, also was attacked for a day in mid-January and mid-February. Such cyber-attacks are suspected to constitute destruction of property or extortion. The firm is consulting with the police and the Internal Affairs and Communications Ministry over the matter.

According to Little eArch Corporation (LAC), an Internet security firm in Minato Ward, Tokyo, the modus operandus employed against the Tokyo firm is similar to that of cyber-attacks launched in April last year on government institutions and banks in Estonia, where servers were inundated with huge amounts of data. In Europe and the United States, similar cases of extortion targeted at corporations have occurred since 2004. In mid-April, the Web sites of three firms suddenly could not be accessed. A person who claimed to be a hacker in China sent an e-mail in Japanese saying, “Pay 500,000 yen if you want us to stop the attacks.” The amount demanded was raised to 1 million yen for one company when it ignored an initial demand. LAC said it was impossible to grasp the real size of the problem because many firms hesitate to reveal the damages they have incurred. “The revealed cases are the tip of the iceberg,” LAC’s information analyst said. “There may be many companies that have suffered repeated damages.” The analyst called on firms to inform the police whenever they face attacks.