Three Russians who succeeded in extorting money from online gambling websites based in the UK, have each been jailed for eight years.
According to Russian news sources, Ivan Maksakov, Alexander Petrov and Denis Stepanov, used botnet-derived DDoS (distributed denial of service) attacks, and follow-up threats, to persuade targeted businesses to pay up to £2m.
Prosecutors said the men, based in the Saratov region, had conducted 54 attacks on servers in 30 countries over a six-month period in 2003.
One particular attack involved attempting to blackmail UK-Australian betting site Canbet during the important Breeders' Cup horse race. The company refused the men's demand for $10,000 (about £5,300), and was hit with a successful DDoS attack that made servers inaccessible and cost a claimed $200,000 (£106,000) a day.
Canbet then agreed to pay the ransom into a Latvian bank account, after which they were still attacked. This appears to have been the men's downfall as the company subsequently decided to report the blackmail to the National High-Tech Crime Unit (NHTCU), now part of the Serious Organised Crime Agency (SOCA). Interpol and the Russian police were enlisted to track down the crooks.
The case is reckoned to be an interesting one. According to a blog on the topic by Russian security company Kaspersky, such crimes have rarely come to court or have been looked on leniently. The relative severity of the sentence could reflect a change in tack by Russian authorities, sensitive to accusations that the country has become a hot zone for cyber-criminality.
"DoS attacks were the scourge of the internet between 2002 and 2004. However, we've noticed a real drop in the number of attacks, and it could be said that this type of cyber crime is already pretty much extinct," the blog said.
Equally, as Kaspersky reported earlier this year, Russian-created Trojans that encrypt data before demanding payments, have started a disturbing new blackmailing trend of their own. Unlike conventional blackmailing attempts, Trojans afford more anonymity.