AT&T Tech Support 360
July 6, 2005 4:00 AM PDT
Hacking for dollars
Last modified: July 6, 2005 11:58 AM PDT
In the past, lone hackers defaced Web sites or launched global worm attacks, mainly to gain notoriety among their peers.
Today, they use their skills for profit. They hunt for security flaws and find ways to exploit them, hijack computers and rent those out for use as spam relays, or participate in targeted attacks that steal sensitive information from individuals or spy on businesses.
What's new:
In the past, hackers wanted to gain notoriety by writing the biggest worm they could. These days, they're more likely to be motivated by money.
Bottom line:
Though the shift could lead to a drop-off in global worms, it still spells trouble. The targeted attacks crafted by businesslike hackers are likely to hit harder.
"In the last year, we have seen a dramatic shift to hacking for financial gain," said Oliver Friedrichs, a senior manager at Symantec Security Response. "The benefit of creating a widespread worm on the Internet has really been superseded by the potential of monetary gain."
Though the shift could mean the end of big worms like last year's Sasser, it still spells trouble. The targeted attacks crafted by businesslike hackers can hit individuals and organizations harder--and in the pocket, rather than just in the PC.
There is an underground market. A hacker who finds a way to exploit a security hole in Windows could earn up to $1,000, or much more if the hole is not yet known to Microsoft or anyone else, said Dmitri Alperovitch, a research engineer at security vendor CipherTrust.
That flaw could then be used to hijack PCs. These compromised systems, called zombies, can then be used to relay spam, to host malicious Web sites or to launch denial-of-service attacks--at a price. Spammers, phishers and others who want to rent out a network of about 5,500 zombies typically pay about $350 a week, according to security company Symantec.
These zombie networks, known as "botnets," are sometimes used to extort companies, who are threatened with a denial-of-service onslaught aimed at hurting their business. British online payment processing company Protx went offline after an attack and was warned that problems would continue unless a $10,000 payment was made, according to a recent report in The New York Times.
The FBI has also seen an increase in hacking for money. "We have seen a rise in the cases where the motivation appears not just to be for purposes of bragging in chat rooms, but to actually profit financially," said FBI spokesman Paul Bresson.
Underground markets for selling credit card numbers, software vulnerabilities or renting out botnets are also on the rise, he said. "We're seeing a lot more of that today then we ever have," Bresson said.
New breed
As the motive of those involved has changed, so has their profile, Symantec's Friedrichs said. "In the past, they were teenagers or others who did it to gain notoriety. Today's hackers are white-collar criminals and criminals in foreign countries," he said.
Among that group, though, are coders who realized that they could take the hobby they had for years and turn it into a profitable business, CipherTrust's Alperovitch said. "Unless they are really good at it, they probably won't become millionaires. But it is a good side business," he said.
The change has been accompanied by an increasing ingenuity in crafting attacks. Phishing scams, for example, are becoming aimed at smaller groups of victims. Also, companies are being targeted with Trojan horses meant to get access to corporate networks or to enable industrial espionage.
"The deception techniques are getting better, and the payload is also getting more sophisticated," said Dan Hubbard, a senior director at Websense, a San Diego, Calif.-based security vendor. "As more money gets made, the attacks get more sophisticated."
All this means that stakes are higher for individuals and for businesses whose systems suffer an attack. With a worm, they might have had to apply a patch or reinstall a PC. With financially motivated threats, victims could have sensitive corporate information or their identity stolen.
One fraud area seeing a rise in activity--and therefore, a likely lift in scam revenue--is phishing. These scams typically combine spam and fake Web pages that look like trusted sites to try to trick the victim into divulging sensitive information such as passwords or credit card numbers. The number of phishing e-mails tracked by IBM's Global Business Security Index reached an all-time high in May, the company said. It saw 9.14 million messages sent to its customers, up from a previous high of 7.7 million in January.
Credit card data sells for up to $100 per account, according to a report on the economy of phishing, released in June by San Francisco antispam provider Cloudmark. The price depends on how high the limit
See more CNET content tagged:
notoriety,
CipherTrust Inc.,
hacker,
hacking,
Sasser worm
Not once did the reporter produce any evidence other than what they said. No contact to law enforcement to back up anything that was said.
Aside from this, the term "hacker" appears to have changed (and no, I'm not debating hacker vs. cracker). In the past it was considered someone who used technical means to circumvent security. By their definition, it's someone who sends an email from a bogus address, or establishes a server front end to gather information from the very, very gullable. By this definition, any spammer could be considered a "Hacker". This being the case, the author and indeed the companies portrayed here show their ignorance of security, IT, and in general, the subjects that they're speaking of.
Their ignorance, combined with their commercial interests make this one of the most suspect articles written by an amateur I have seen on C/Net for quite some time, and that's saying a lot.
Examples of attacks:
Jul 06, 2005 20:37:31.671 UTC - (UDP) 222.136.251.125 : 49451
Calendar Protocol
descr: CNCGROUP Henan province network
descr: China Network Communications Group
descr: Beijing 100031
Jul 06, 2005 20:25:43.687 UTC - (UDP) 210.74.232.191 : 1261
SQL Slammer Worm
descr: Shanghai Global Network Co.,Ltd
descr: No.111 Zhongshan South Road
Jul 06, 2005 19:42:50.093 UTC - (UDP) 218.23.142.22 : 3987
SQL Slammer Worm
descr: CHINANET Anhui province network
descr: Data Communication Division
descr: China Telecom
Keith
www.techcando.com