Man convicted for using DDoS attacks in extortion scheme

A German man has been convicted to a 34-month prison sentence and has been ordered to pay some 350,000 Euros to the companies he blackmailed by threatening to take down their websites.

The six companies in question maintain online betting sites, and the man threatened them with DDoS attacks that would overwhelm the servers during the duration of the World Cup – a time where online betting is at its peak.

The price he named for not executing the attack was 2,500 Euros, and three of the six companies paid it. The other three refused, even after the man asked for less money.

According to Deutsche Welle, the defendant has hired a Russian botnet to execute the attacks in case he did not get paid. The site does not mention if he actually made good on his threats when some of the companies refused to pay, but since he has been convicted of computer sabotage and extortion, it seem logical that he did.

“Computer sabotage is already part of the German criminal code, which has now been found to include distributed denial of service, or DDoS, attacks,” comments DW’s Cyrus Farivar. Especially because five years ago, a German court has decided that a DDoS attack by two non-profit organizations against the website of air carrier Lufthansa was not against the law.

The difference between the two attacks is that the Lufthansa attack was a form of political and civil protest, and the ones that were executed against the betting sites were made for profit.

But maybe there is one more difference between the two – a difference in time. Since DDoS attacks have become such a popular tool of various criminals, hacktivists and those who are simply out for “lulz”, will the time come when all will be put in the same basket and prosecuted equally?