Tamir Cohen reports:
Several financial institutions and businesses have recently fallen victim to extortion by organized crime rings and independent hackers, which has cost these victims anywhere from a few thousand shekels to hundreds of thousands of dollars.
Various ruses are used, but a common tactic is infiltrating a company’s computer network or an employee’s cell phone, stealing a file to prove a system breach, and threatening to leak sensitive documentation unless security software or consulting services are “bought” from the perpetrator.
Most of the victims don’t file police complaints, preferring to use private security firms to find the security lapse. Large companies, which by law are required to report such incidents, assume police don’t have the manpower to deal with such extortion. Thus, they feel compelled to pay for the software, even though it can often be easily downloaded from the Internet.
Read more on Haaretz (free registration required).
I’ve always wondered about the scope of extortion payoffs here in the U.S., as I suspect there are a lot and we just never find out about them even when entities are legally required to notify state AG’s of breaches. Suspicion is not proof, of course. If anyone has first-hand knowledge of other extortion attempts or successful extortion attempts, please email me at breaches [at] databreaches.net.