How a Bookmaker and a Whiz Kid Took On a DDOS-based Online Extortion Attack

Facing an online extortion threat, bookmaker Mickey Richardson bet his Web-based business on a networking whiz from Sacramento who first beat back the bad guys, then helped the cops nab them.

Lyon says of the relationship: "The only answer I got from them was, 'Wow. This is great. We'll make it worth your while some day. Keep it coming.' I was hoping at the end of this we'd continue to collaborate, but I've never really heard from them."

Several people involved with the BetCris case say it was Lyon and Turner's report that cracked open the NHTCU's case, and in fact it was the BetCris case itself and how Lyon, Richardson and Lebumfacil fought it off that influenced how the NHTCU responds to online extortion attempts. (The unit would not discuss the matter.) On the NHTCU, one person close to the BetCris case says, "I think maybe [the NHTCU] weren't capable before. Not to blame them—no one was capable. Otherwise, it wouldn't have been such a problem. From what I understand, though, it was all that work [Lyon and Turner] did that helped educate the NHTCU."

"They wouldn't have made any arrests if we weren't around," Lyon says.

The spokeswoman at the NHTCU bristled at the suggestion. "Mr. Lyon's work formed a part of the investigation and assisted law enforcement in better identifying the problem with DDoS. Mr. Lyon has developed what appears to be a good defense against DDoS; however, he has not stopped it, nor can he prosecute the offenders of such attacks."

Ultimately, using Lyon and Turner's work, along with the tracing of several extortion payments, the NHTCU managed to locate three suspects, including Ivan. Significantly, they were able to work diplomatic channels with Russian authorities, and that diplomacy ultimately led to Ivan's arrest (in an Internet cafÃ©, Lyon says, but the NHTCU won't confirm this) and the arrest of two others. The NHTCU describes the cooperation of Russian officials as "excellent" and says that those Russian officials anticipate a trial in late 2005.

Soon after the first three arrests, five more were made in connection with online extortion. Of the eight suspects, just two were allegedly involved in the BetCris case. Five were ultimately charged. Lyon, too, notes that his investigation led him to six separate online groups launching DDoS attacks. The extortion rings are proving to be deeper and more organized than even those involved suspected. Other online investigations are ongoing, and DDoS attacks continue to rise, the NHTCU says.

"Any company with an online e-trading presence needs to be aware of this type of attack," says the NHTCU spokeswoman.

In less guarded terms, Wilson at PureGig reflects on the problem: "Once we got deep into this and talked to customers about it, we started to hear more and more stories. People saying to us, 'Oh yeah, that happened to us. We were down for a week.'