Copyright 2015 Bloomberg.
NISVEH6KLVR7

(Bloomberg) — Smartphones and tablet devices are the new weak spot in the battle against cyber-criminals, according to the head of computer security at Europe’s biggest phone company.
Businesses and governments have already been struggling with a record number of so-called distributed denial of service attacks, which have brought down websites from Sony Corp.’s PlayStation Network to German Chancellor Angela Merkel’s personal page. Now the ubiquity of powerful smartphones with fast Internet connections, and weak security, is making it even easier for hackers to launch large-scale assaults on online services, said Thomas Tschersich, Deutsche Telekom AG’s computer security chief.
Mobile devices “are the perfect target for attackers,” he said in an interview at the carrier’s Bonn headquarters.
To conduct denial of service attacks, hackers typically infect computers with malware and control these so-called “bots” to send an overwhelming amount of traffic to the servers or networks they want to shut down. The relative ease of infecting mobile devices — and the fact that their connection speeds are often faster than home broadband — is giving criminals the platform to send even greater amounts of data to crash websites, Tschersich said.
Prolexic Technologies, now owned by Akamai Technologies Inc., last year reported an attack against an unidentified large financial institution, where mobile devices played an important role.
Deutsche Telekom notifies about 20,000 customers in Germany every month that their devices have been turned into bots and asks them to remove malware, Tschersich said. Its networks register attacks of at least several gigabytes every hour.
Deutsche Telekom can detect suspicious incoming traffic by sampling data, but it needs an explicit agreement with customers to do so, Tschersich said. Rules to let carriers scan traffic across the board would help tackle the problem, he added.

Cheap Blackmail

Denial of service attacks typically cost criminals several hundred euros to arrange and often include a money-back guarantee in case of failure, making them an affordable and anonymous means of blackmail, Tschersich said. Targets frequently pay up to get their shops or portals back up, as the amounts paid are dwarfed by potential losses of revenue.
Attackers may tell “a betting company we’ll shut you down over the weekend unless you pay us 5,000 ($5,640) or 10,000 euros,” he said. “Many companies pay because it’s better than losing revenue — it becomes an operating cost — but that encourages attackers.”
To contact the reporter on this story: Cornelius Rahn in Berlin at crahn2@bloomberg.net To contact the editors responsible for this story: Kenneth Wong at kwong11@bloomberg.net Robert Valpuesta, James Boxell