The Rise of the Digital Thugs

Computers crimes get more savvy as 'digital thugs' turn to extortion, attacks on competitors


The stalker also threatened to flood the computer networks of MicroPatent clients with information pilfered from the company, overwhelming the customers ability to process the data and thereby shuttering their online operations a surreptitious digital attack known as distributed denial of service, or D.D.O.S. Such assaults, analysts and law enforcement officials say, have become a trademark of cyberextortionists. Federal prosecutors in Los Angeles are currently investigating a group of possible cyberextortionists linked to a television retailer indicted there last August. The retailer was accused of disrupting competitors online operations, and prosecutors have called suspects in that case the D.D.O.S. Mafia.

D.D.O.S. attacks are still one of the primary ways of extorting a company, and were seeing a lot of that, said Larry D. Johnson, special agent in charge of the United States Secret Services criminal division. I think the bad guys know that if the extortion amounts are relatively low a company will simply pay to make them go away.

Mr. Tereshchuks apparent ability to start a D.D.O.S. attack attested to what investigators describe as his unusual technological dexterity, despite evidence of his psychological instability. It also explained how he was able to evade detection for years, and his methods for pulling off that feat surfaced after the F.B.I. began following him.

Using wireless computing gear stashed in an old, blue Pontiac, and fishing for access from an antenna mounted on his cars dashboard, Mr. Tereshchuk cruised Virginia and Maryland neighborhoods. As he did so, federal court documents say, he lifted Yahoo and America Online accounts and passwords from unwitting homeowners and businesspeople with wireless Internet connections. The documents also say he then hijacked the accounts and routed e-mail messages to MicroPatent from them; he used wireless home networks he had commandeered to hack into MicroPatents computer network and occasionally made use of online accounts at the University of Marylands student computer lab, which he had also anonymously penetrated.

By late February of last year, however, the F.B.I. had laid digital traps for Mr. Tereshchuk inside the student lab, which was near his home. As investigators began to close in on him, his e-mail messages to Mr. Videtto became more frantic. A note sent on Feb. 28 told Mr. Videtto that if he forked over the $17 million then everything gets deactivated, sanitized, and life will go on for everybody.

In his last e-mail message, sent several days later, he dropped his guard completely: I am overwhelmed with the amount of information that can be used for embarrassment, he wrote. When Myron gets compensated, things start to get deactivated.

On March 10, 2004, federal agents swarmed Mr. Tereshchuks home, where they found the hand-grenade components and ricin ingredients. The agents arrested him in his car the same day, in the midst of writing his new crop of e-mail messages to Mr. Videtto.

Late last year, Mr. Tereshchuk was sentenced to five years in prison after pleading guilty to a criminal extortion charge filed by the United States attorneys office in Alexandria. Earlier this year he pleaded guilty to criminal possession of explosives and biological weapons, charges that the United States attorneys office in Baltimore had filed against him. Possessing illegal toxins carries a maximum term of life in prison. Mr. Tereshchuk is expected to be sentenced this fall.

COMPUTER CRIMES . . .

A survey found that 639 companies lost a total of $130.1 million dollars to computer crimes last year. Below is a breakdown of the types of crimes that were committed.
1. Virus
2. Unauthorized access
3. Theft of proprietary information
4. Denial of service
5. Insider Internet abuse
6. Laptop theft
7. Financial fraud
8. Misuse of public Web application
9. System penetration
10. Abuse of wireless network
11. Sabotage
12. Telecom fraud
13. Web site defacement

. . . and Extortion

The use of computers and the Internet for extortion is an emerging corporate threat. Data for such threats is not available. Below are excerpts of a survey conducted last year of mostly medium- and small-sized companies.