World Cup DDoS blackmailer sentenced to jail

World Cup 2010

A court in Düsseldorf, Germany, has convicted a man who extorted money out of online gambling websites in the run-up to the 2010 Football World Cup in South Africa.

The Frankfurt man, who has not been identified, successfully blackmailed three online betting sites (and attempted to extort money from three others) by threatening them with distributed denial-of-service (DDoS) attacks which could have blasted them off the internet.

According to German media reports, the blackmailer hired a botnet for $65 per day and told the betting firms that he would make their websites unavailable during July 2010 – the month of the World Cup – if they did not pay him 2,500 Euros ($3,700).

When three of the sites refused to pay any money, the man reduced the ransom to 1,000 Euros.

This isn’t the first time, by any means, that denial-of-service attacks have been used to blackmail online gambling websites in the run-up to a major sporting event. For instance, in 2006 a Russian gang who were said to have extorted $4 million from British bookmakers were sentenced to jail.

As more and more firms rely on internet visitors for their revenue, so the potential impact that can be caused by a denial-of-service attack increases. It’s sadly no surprise, therefore, that some cybercriminals will see it as a way to make money.

The German authorities should be congratulated on their successful conclusion to this investigation. The man has now been sentenced to two years and 10 months in prison, and was ordered to pay up to 350,000 Euros ($504,000) in damages to the affected firms.

My guess is that he’s unlikely to be sending significant traffic to any websites anytime soon.