Zombie machines fueling new cyber-crime wave
Source: ABS-CBN News
Date: November 13, 2003
LONDON - The rapid growth of broadband home computer connections may be inadvertently fueling what police suspect could be the start of a new crime wave -- cyber-blackmail.
As more homes connect to faster delivery systems, their computers are becoming vulnerable to hackers and virus writers who can turn them into "zombie" machines, ready to carry out any malevolent command.
Favorite targets for the extortionists -- many thought to come from Eastern Europe -- have been casinos and retailers, but one recent high-profile victim was the Port of Houston.
"At the end of the day, this is old-fashioned protection racket, just using high-tech," said a spokeswoman for Britain's Hi-Tech Crime Unit.
On Wednesday, British cyber crime cops made a plea to companies to report attacks against their Internet businesses following a recent string of incidents with the blackmailing trademark.
Police have seen an increase in the number of distributed denial of service (DDoS) attacks targeting online businesses.
In some cases, the attacks, which can cripple a corporate network with a barrage of bogus data requests, are followed by a demand for money. An effective attack can knock a Web site offline for extended periods.
Hitting the slots
Online casinos appear to be a favorite target as they do brisk business and many are located in the Caribbean where investigators are poorly equipped to tackle such investigations.
In 2001, cyber forensics expert Neil Barrett told Reuters that his company, Information Risk Management, was working with Internet casinos to shore up their defenses against a spate of DDoS attacks.
At the time, he said the denial-of-service barrages were followed by demands to pay up or the attacks would continue. He said the attacks appear to have come from organized criminal groups in Eastern Europe and Russia.
Police said because of a lack of information from victimized companies, they are unsure whether these are isolated incidents or the start of a new crime wave.
Whatever the motive, DDoS attacks are on the rise, coinciding with the proliferation of broadband deployment in homes. Security experts believe the increasing number of unsecured home PCs may be a major culprit.
New Internet- and e-mail-borne computer infections are hitting home computers, turning them into zombie machines that can be controlled by outsiders without the owner's knowledge, security experts say.
Such infected machines can be told to send e-mail spam or even be used to initiate or participate in a denial of service attack against another computer.
"Home broadband computers are going to be the launching point for a majority of these," said Richard Starnes, director of incident response for British telecoms company Cable & Wireless and an adviser to Scotland Yard's Computer Crime Unit.
Last week, the online payment service WorldPay admitted to suffering a major DDoS attack that lasted three days. WorldPay, owned by the Royal Bank of Scotland, has been fully restored.
The NHTCU spokeswoman said the investigation into the WorldPay incident is ongoing.
^macro[showdigestcomments;^uri;Zombie machines fueling new cyber-crime wave]