Charges Fly after Extortion Hack

Wednesday, June 22, 2011 @ 12:06 PM gHale

An Indian man is now facing charges of breaking into a company’s Internet domain name registration account as part of a $1 million extortion attempt.

An indictment came against Chetan S. Bendale, of Pune, India, for computer hacking and extortion charges in U.S. District Court for the Northern District of California in San Jose.

RELATED STORIES
Zero Tolerance: UK Cops Bust Hacker
Chinese SCADA Software Vulnerable
Nuclear Weapons Plant Hacked
San Francisco Utility Breached

Two years ago he took over the MyDomain.com account of technology staffing firm oDesk and changed the password and administrative contact, the indictment said. On July 18, 2009, after locking out oDesk, Bendale starting sending oDesk executives “a series of threatening emails demanding that the company pay him one million dollars or he would sell oDesk’s information or release it on the Internet,” according to the grand jury indictment in the case.

To prove he had access to oDesk’s account, Bendale emailed company executives a list of the more than 70 domains they had registered, along with the last four digits of one executive’s credit card number, according to the indictment. Using the assumed name Rohit Kumar, he “claimed to have hacked oDesk’s servers and demanded to be paid in exchange for information that would prevent future intrusions,” the indictment states.

On Friday, oDesk said there was no compromise of user information. “We will continue to work with law enforcement to ensure that the person who unlawfully accessed our domain registry in 2009 is held accountable for their actions,” the company said.

ODesk isn’t the only company to have had its domain name account hacked. Last year, a group calling itself the Iranian Cyber Army took over similar accounts belonging to Baidu and Twitter. These type of attacks can cause big problems for victim companies. Once hackers take over domain name accounts they can reroute Web traffic and email to servers under their control.

Since 2009, domain name registrars have stepped up their security in hopes of making these attacks more difficult.

A warrant is out for Bendale’s arrest and U.S. authorities “will be seeking his extradition,” according to U.S. Department of Justice spokesman Joshua Eaton.



Leave a Reply

You must be logged in to post a comment.