By Mark Ward
Technology Correspondent, BBC News website
For the criminally minded hacker, the net offers many new ways to perpetrate very old crimes.
One gang extorted more than £2m from online bookies
Take extortion. In the bad old days extorting money by threats of violence was a very risky way to turn a dishonest buck. The march of technology has removed this risk as many cyber criminals discovered in 2003.
In that year betting sites were among the first to suffer sustained attack from extortionists who threatened to shut off a site if a ransom was not paid. The ransom demand typically arrived via e-mail only an hour or two before an avalanche of data.
Many that ignored the warnings had their websites crippled as they were hit by what has become known as a Distributed Denial of Service attack.
In such an attack huge numbers of computers, perhaps upwards of 30,000, bombard a site with bogus data requests.
It was at this time that anti-DDoS company Prolexic was born. It came into existence largely through the work that was done to combat attacks on BetCris - a Costa Rica based betting site.
During a frenetic few weeks, Prolexic founder Barrett Lyon with the help of Matt Wilson, then managing director of data centre firm PureGig Networks, put together a defence system that could cope with and combat the huge surges of traffic aimed at BetCris.
The attacks aim to flood net cables with bogus data
It was a baptism of fire and since then Prolexic has won a reputation as a company that can combat DDoS attacks that can prove so costly to companies that depend on being online to stay in business. For BetCris, every second offline cost it $1.16.
This week the hackers behind these attacks were jailed for eight years - partly on the evidence that Prolexic found and handed over the law enforcement authorities.
In 2003-4 when net extortionists were staging lots of attacks, mainly because a lot of firms preferred to pay rather than be offline, about 95% of Prolexic's customers were involved with gambling and betting.
Now, says Mr Wilson, vice president of operations at Prolexic, the number is less than 50% because the extortionists have moved on to target any company that depends on the net. Payment processing companies, net retailers, any e-business could be attacked. The number of attacks is now running at about 2,000 per week.
What is also changing is why the attacks are mounted.
"We still get the old extortion attacks but those are fewer these days," says Mr Wilson, "now we're seeing more industrial sabotage.
"We see an online retailer getting hit right around the Christmas season and we have to ask ourselves why," he says.
Intelligence work tracing the command and control systems for the botnets can mean that, occasionally, Prolexic talks to the people that control them. Many admit that they have been paid to knock one webshop offline so a rival can cash in. Renting a botnet to carry out such an attack is also cheap. Mr Wilson says the going rate for a botnet is about 4 cents a machine.
The third sort of attack is done by what Mr Wilson calls the "angry customer" who turns on a net retailer because they have been treated badly.
Whatever the motive for DDoSing a site, hackers now have a much wider arsenal of attacks to choose from. For a while servers in hosting companies were the weapon of choice. These were very useful as they typically had very good connections to the net and were relatively powerful machines so any attack they took part in was likely to be a big one.
"But," says Mr Wilson, "the really good thing about bandwidth attacks is that they are hard for someone to sustain, these things will peak very early and then peter out after a little while.
"Once they start pumping out data that gets on the radar of whoever is managing those networks."
Even so big attacks can hit sites with 6-10 gigabits of data per second - more than almost of them can handle.
At the other end of the scale can be "resource attacks" that do not try to soak up all the bandwidth to a site. Instead they try to exhaust a servers ability to perform a particular function.
These attacks can be hard to spot because the data requests being sent look legitimate and come from a huge variety of sources - most of which look benign as they are from home PCs that, if they weren't part of the botnet, might well be asking for that type of information.
Online gaming sites have also been hit by DDoS gangs
There is no doubt in Mr Wilson's mind that DDoS attacks using botnets are not going to stop any time soon.
"It's way too simple for people to assemble a botnet," he says. Also having cadres of PCs under your control can be the route to a whole slew of crimes. To begin with they can be used to attack other sites or used to send out spam or viruses. Then the machines themselves can be mined for useful or saleable information. This too can lead to further attacks from the inside on particularly attractive targets such as big companies or government agencies.
"A botnet is really just the starting point," he says.
"What we are going to continue to see is move towards greater sophistication of attacks and continuing escalation of bandwidth," he says, "But I can never see the attacks stopping."