Computer Crime Research Center


Pure hackers replaced by phish con artists

Date: January 03, 2006

Eternal vigilance, American slavery abolitionist Wendell Phillips once said, is the price of liberty.

It's also the price of Internet connectivity. Experts in combating cyber threats say they've seen a fundamental change in the past year, from the kinds of hacker attacks aimed at bringing down networks to targeted probes by criminals after money.

"I think that probably the overarching theme we're looking at is that crime for profit motivation has really found the Internet," says Vincent Weafer, Los Angeles-based senior director of development for Symantec Security Response, which markets the Norton suite of computer security products.

It's enough to produce nostalgia for the days of basement-dwelling geeks who simply wanted to erase your hard drive for fun.

Today, says Weafer, full-blown thieves lurk in cyberspace armed with tools capable of sucking confidential information out of unprotected computers. They can also turn them into zombies and rent them to organized crime for a few hundred dollars as part of a so-called "bot nets" used to flood the web with dubious spam.

In 2004, Symantec recorded 37 major virus outbreaks - the kind that made the TV news. Less than five were recorded as of November 2005, and Weafer says that's giving surfers a false sense of security.

"What we're saying is it's just the opposite. It's actually got worse by the volume," he says.

The company reports a 140 per cent increase in malicious code, a doubling of phishing attempts - e-mails that purport to come from banks or other institutions aimed at soliciting confidential information - and an 800 per cent rise in bot-net activity.

The growth of high-speed, broadband Internet connections has made it easier for users to update their security software. But it's also given cyber crooks a wider community to prey on through phishing expeditions and links to bogus web sites - known as social-engineering attacks.

"Malicious users are now trying to trick people and deceive them into disclosing some information such as their bank card number, their credit card number, their personal information," says John Weigelt, Microsoft Canada's chief security adviser.

In times past, says Weafer, the primary purpose of top-ranked malicious codes was to deliver destructive or damaging payloads. Now, three quarters of the codes on Symantec's list focus on invasion of privacy and hijacking the computer.

The trend has produced new international crime links.

For example, Weafer says, a Moroccan created last summer's Zotob worm, designed to produce exploitable bot-nets. It was spread through a phishing attack originating in Turkey and the profits went to gangs based in northern Europe.

As defences harden against better-known threats, cyber criminals have also begun migrating to more vulnerable areas.

Weafer notes that "malware" targeting instant-messaging software is growing at a faster rate than e-mail threats.

"Think of the Nigerian bank-fraud scam," he says. "It started off in letters, went to faxes, then to e-mail. It's now appearing on IMs (instant messaging)."

Web-linked personal digital assistants (PDAs), Blackberries and cell phones are all expected to be under increasing attack.

"Today's battleground is very much the desktop," says Weafer. "I think in the future we're seeing that battleground move down to the end point being smart devices."

They're juicy targets for criminals because people increasingly store important personal information on them, such as bank PIN numbers.

The threats may spread to Internet-linked commercial devices such as vending machines, gas pumps, automated cash machines and phone systems.

"We start buying chocolate bars from vending machines and all these other things we can do with cellphones," says Det. Staff Sgt. Barry Elliott of the Ontario Provincial Police, head of the joint OPP-RCMP Phonebusters national anti-fraud centre.

"It's going to create more opportunities to bring a virus into a system."

Anything that connects to the web is potentially at risk.

"I think we have to continue to remain vigilant in the whole environment when we look at new technologies and recognize that people will try to choose different vectors, different ways to exploit our systems through these new channels," says Weigelt.

Even video-game consoles aren't immune if they're web-linked.

"Increasingly we're seeing people going after things like gaming identities - buying, selling, stealing," says Weafer.

Targets include highly developed game characters, for which there's a legitimate online auction market, and Internet game-user accounts.

"The notion of what people will try to steal or go after for profit is broadening out beyond traditional areas," he says.

Designers of operating systems and mainstream applications are increasingly building security into their programs, although Symantec reports it still takes about seven weeks to close loopholes once they're discovered.

But companies that adapt them for their own use or develop specialized software for devices they market seem less aware they could become weak points in protecting the Internet. Weafer predicts the threat will become noticeable in two to five years.

"I think tomorrow's battleground increasingly becomes the embedded systems, people who've got everything from appliances to dedicated hardware to other systems in our environment," Weafer says.

Throughout the growth of cyberspace, crooks have been quicker off the mark to exploit loopholes than users have been to close them.

"People tend to rush for the technology," says Weafer. "They get connected, they get the machines online, but the security posture takes time to catch up."

For example, Korea used to be at the top of the Symantec's list of targets after plunging into widespread adoption of broadband.

But after the Slammer virus crashed systems worldwide in 2003, Korea embarked on a national approach to Internet security and privacy education. It's now fallen down to No. 9 on the Symantec list, says Weafer.

Canadian Internet service-providers all offer upstream security to screen e-mails and suspect web sites before they reach users.

But Weafer says they're not a panacea and don't absolve individual users of responsibility for protecting their computers from becoming unwitting launching pads for viruses or spam.

"Over time I think you're going to see not just the carrot but the stick coming out," he says. "If you're not to a minimal level of security, if you're seen to be the source of cyber-attack activities, they're increasingly taking a harder line against people."

Phonebusters' Elliott says police and governments are working towards a national strategy on countering and punishing Internet theft and fraud, which he says has an extremely low solve rate.

"Identity theft has certainly moved up the chain quicker than, say, telemarketing fraud did 15 years ago when it was identified as a national and international problem," he says.

The Criminal Code doesn't specifically cover Internet-sourced offences - they're prosecuted under the fraud and impersonation sections.

Elliott admires the FBI's willingness to pursue cyber criminals, such as the authors of the Zotob attacks.

"They're prepared to go anywhere to protect their industry," he says. "They're the most aggressive agency in the world."

Canada has a good relationship with U.S. law enforcement, he says, but the penalties for cyber crime here aren't stiff enough to deter the players or persuade them to rat on their organized-crime patrons, he says.

Despite the spreading presence of the underworld in cyberspace, the experts say the best defence remains the same.

"If you do sensible precautions, using layered defences, updated security, got the patches, truthfully it will protect you against the most common attacks," says Weafer.

Some facts on cyber threats from Symantec Corp.'s regular security updates:

-North American computers are the source of more than half the spam worldwide, most of it related to commercial products such as porn, cut-rate drugs and financial services.

-The United States has 30 per cent of the world's "bots," computers taken over using viruses that allow the attackers to control vast networks of such machines to launch other kinds of attacks and spam. It's followed by the United Kingdom, with 22 per cent, and China, seven per cent. Canada has nine per cent of bots in the Americas, behind the U.S. with 75 per cent.

-Symantec identified more than 10,000 bot computers a day on average in first half of 2005, double the number in December 2004.

-Malicious code exposing confidential information represented 74 per cent of top 50 malicious codes reported in first half of 2005, up from 54 per cent in previous six months.

-Number of viruses and worms grew by 142 per cent over same period in 2004.

-Detection of phishing attacks - use of fake e-mails purporting to come from banks or other institutions - almost doubled in first half of 2005 compared to last half of 2004, to 1.04 billion.

(Sources: Symantec Corp. Internet security threat report, monthly security update)
Add comment  Email to a Friend

Discussion is closed - view comments archieve
2006-02-12 03:47:01 - People need to remember that if an e-mail... Maria E. Reis
Total 1 comments
Copyright © 2001-2024 Computer Crime Research Center
CCRC logo