Charities become targets of online extortion demands by the ‘Lizard Squad’

The Charity Commission has alerted trustees, charity professionals and volunteers to be extra vigilant of online extortion or ‘ransom’ demands which have recently been affecting UK businesses. It appears that charities could also be targeted, in particular those which conduct work overseas or have dealings with international partners in high risk zones.

Following recent reports to Action Fraud, the UK’s national fraud reporting centre, regarding this matter, it has been established that the major points to highlight are:

  • many UK businesses have been the recipient of online extortion demands from a group known to be called the ‘Lizard Squad’
  • the group have sent emails demanding payment of 5 Bitcoins (a form of digital or ‘crypto’ currency) by a certain date and time. The email states that this demand will increase by 5 Bitcoins for each day that it goes unpaid
  • If payment is not made, they have threatened to activate a ‘denial of service’ attack (‘DDoS’) against organisations’ websites and networks which will remove their existence online until the demands are met
  • the demand states that once their actions have started, they cannot be reversed.

The Commission has provided a step-by-step guide of what remedial actions to take if such demands are received. It has been advised to NOT meet their demands and make any payments; make a report to Action Fraud on 0300 123 2040; retain the original emails (with headers); make a note of the attack, recording all times, type and content of the contact; and call the Internet Service Provider (ISP), or hosting provider of your own Web server, informing them that you are under attack.

That explicit recommendation of best practice means that it would be hard for a charity subjected to this sort of extortion to do less in response and avoid criticism from at least the Charity Commission.

Some online extortion attacks have also involved ‎ICO enforcement where data has been hacked and security was not adequate. The British Pregnancy Advisory Service received a £200,000 monetary penalty when hacked and it is not the only example. That is another reason for the sector to be on guard and to have no lesser degree of IT security than would be found in a commercial setting.

Forbes Solicitors regularly advises trustees of charities on a range of issues. If you have any concerns or would like advice, please contact Daniel Milnes.

Nat Avdiu

About Nat Avdiu

Nat Avdiu is a Paralegal in the Contracts and Projects team at Forbes Solicitors. Nat provides updates for clients on a range of issues including: governance, data protection and freedom of information, procurement and charity law.
This entry was posted in Corporate & Restructuring, Housing Litigation and tagged , , , .