How a Bookmaker and a Whiz Kid Took On a DDOS-based Online Extortion Attack

Facing an online extortion threat, bookmaker Mickey Richardson bet his Web-based business on a networking whiz from Sacramento who first beat back the bad guys, then helped the cops nab them.

By Scott Berinato

Page 17

Sensing a new level of openness, Hardcore pressed Ivan, but Ivan's responses were vague and confusing, and his English, as promised, proved to be very bad indeed.

Hardcore: do you make money with ddos too? I have made about $150,000 so far this year hehehe =)

eXe: well done. no all paid =(

Hardcore: nobody paid? really?

eXe: somebody

At this point the good guys' giddiness seemed to betray them. Hardcore suddenly turned loquacious and leading. He told Ivan how he attacked sites and how much money he made doing it. (His description matched the tactics employed to attack BetCris and others.) Hardcore poured out 80 straight words about his nefarious activities, and Ivan responded only with an emoticon smiley face: =).

Hardcore continued chatting, suggesting to eXe that he could extort money easily "with the number of bots you have." He suggested Ivan attack people who "can't use the law against you," and added, "they always pay because they want their business back and they dont want to admit they have a weakness. stupid americans."

Ivan replied with another =).

Ivan had shut down. It could be that he was just tired; it was 1 a.m. in Russia. It's also possible that Ivan sensed what Hardcore was doing. Turner and Lyon kept trying. They sent three messages to Ivan's one, but Ivan's replies maxed out at three words.

Hardcore: i read in the news about some people who got letters about dos, i figured it would be you since you have so many bots

eXe: good idea. hehe

Hardcore: did anyone pay at all?

eXe: anyone

Hardcore: i remember when you guys were going after sports books a few months ago....they must have gone down hard.. haha...

eXe: =) i go to sleep

Hardcore: ok man

eXe: see you later

Hardcore: cya

eXe: bye friend

Two weeks later, on March 13, Ivan made an even bigger mistake. He logged on to IRC chat with his real domain name. Lyon and Turner had learned the domain was registered to an Ivan. But now they also had his last name, address and phone number. They promptly sent the information to the NHTCU.

July 2004: Turning Ivan Over to Scotland Yard

The NHTCU must have been pleasantly shocked to have a pro bono case worker sending a constant stream of useful documents.

The NHTCU did not condone Lyon's actions, even as they welcomed the product of his actions. "Mr. Lyon operated as a U.S. citizen, and therefore, we cannot comment on his tactics," a spokeswoman says. Investigators are not available to the press. "However, his report and his interpretation of DDoS threat proved to be an informative document."