Blackmail, the shakedown and the sting are age-old forms of thuggery in theanalog world, and now they’re finding the digital world a fertile place fortheir poisoned fruits, according to security experts interviewed byTechNewsWorld.
The experts say that criminal elements — including organized crime in Russia,Eastern Europe and Asia — are increasingly using the Net to shake downcompanies with denial-of-service attacks and filch personal information fromtargeted employees for blackmail or to compromise corporate computersystems.
“This is Old World crime, but it’s using new tools,” observed Sam Curry,vice president of product management for Etrust Security Management, an affiliate of Computer Associates.
“I think you’ll see people moving from Old World thuggery to Internetthuggery,” he told TechNewsWorld. “This isn’t a new type of crime. It’s anew way to do it.”
Low Risk, High Rewards
The aims and goals of these criminals remain the same as in the past, according to Panda Software chief technology officer Patrick Hinojosa. Theyjust have a new venue in which to pull them off, he told TechNewsWorld.
That new venue makes it easier to preserve anonymity and more difficult totrace the crime. “They can upload stolen information to a hijackedserver that isn’t connected to them at all,” Hinojosa said. “They don’t ever haveto leave a trail that can be followed back to them.”
The tools used by Net thugs are similar to those used by mischievoushackers — tools like key loggers, worms and Trojans — but they’re usually morerefined in their construction and distribution.
“In these cases, what we’re finding are sophisticated coders who are writingspecialized worms and specialized applications that are targeting specificorganizations,” said Phillip Zakas, CEO of Intelli7, a maker of network trafficmanagement tools.
“The purpose of a standard worm is for a 21 year old to have their softwaredistributed across the Internet as quickly as possible,” he explained. “Fora targeted attack, the purpose would be to gain entry to a particularnetwork, start attacking the individuals on that network to gain theircredentials, and [transmit] that information so the bad guys will haveaccess to the information inside that network.”
Those kinds of targeted attacks mark a departure from the “pandemic” attacksthat have made headlines in the past but have lost their glow amonginformation highwaymen in recent times.
“Attackers have figured out that if they blast out a large number ofe-mails, the anti-spam vendors would immediately detect their stuff andblock it,” Sophos senior security analyst Ted Anglace told TechNewsWorld. “If they use a small targeted group, chances are they can avoid a lot of that filtering, because they’ll fly under the radar.”
Mass mailings can also undermine a hacker’s goals if they are too successful. “They can get back more information than they can process,” Anglace noted. “With targeted attacks, they get less information that they can parse through quickly, validate and put to good use before an institution is alerted to their activities.”
More Attacks, Less Limelight
The attack curve on information systems is likely to change in 2006, predicted Zakas.
“You’re going to have fewer attacks that will have higher impact in muchshorter period of time using these sorts of techniques,” he said. “Ratherthan seeing hundreds of these, you’ll see dozens of cases.”
Most of them will probably remain out of the limelight.
“It’s a very embarrassing situation,” Zakas said. “It’s not something peoplelike to publicize at all.”
“For one of our clients,” he continued, “thirty percent of all the networktransactions that they see on a daily basis are illegal transactions — peopletrying to take down their network or steal credentials of key people insidethat bank.”