A new breed of criminal on the scene

If your idea of a typical hacker is a spotty 14-year-old who just wants to show off to his friends, think again. It seems the past few years have just been a testing ground for different attack techniques that are now being adopted for much more sinister purposes.

The new breed of attacker is now more likely to work for a crime syndicate based in Eastern Europe or Russia, and is unlikely to be satisfied with the thrill of breaking into systems. These people are definitely in it for the money.

This growing – and sometimes unseen – threat to the security of our systems was outlined by a series of speakers at the Gartner IT Summit, held in London last month.

According to John Lyons of the UK's National Hi-Tech Crime Unit (NHTCU), the arrival of organized crime on the scene is a comparatively recent phenomenon. "Three years ago, there was no sign of organized crime, and this has only come to light in the past 12 months," he said. "It is not yet a nightmare scenario, but what we see is the crime world linking up with technical resources that are prepared to work at cheap rates."

The rates may be cheap by international standards, but Lyons said programmers in Russia could earn ten times the going commercial rate by switching to illegal activities.

Scams so far have included a range of offenses from creditcard fraud to denial-of-service extortion and the distribution of paedophile material.

Another speaker, Jay Heiser of Gartner, explained that the opportunities for cybercrime are growing as more assets are held in digital form – such as intellectual property, social security numbers (for identity theft), customers lists and health information.

He said that many of the attacks we have seen so far were "practice shots" which will lead on to more serious events. The sophistication of attack code is also growing, he warned, making it more difficult to detect and to defend against.

This point was echoed by Nigel Beighton, a director of enterprise strategy for Symantec. He said that while the past four months has been a quiet period on the internet, it was no excuse for complacency. "You can no longer judge your security by the fact that things are still working," he said. "Trojans are now well designed to conceal themselves."

Attackers are also beginning to switch their attention from operating systems to applications such as Oracle and SAP, where they can gather valuable information for subsequent criminal activity.

The growing population of broadband users has also become a prime target for Trojans and other malware. Beighton said Symantec now estimates that the number of broadband-connected PCs which have been colonized by Trojans is rising by 30,000 a day worldwide.

"On a single day, we saw the number rise by 75,000," he recalled. This creates a growing population of potential launchpads for distributed denial-of-service attacks.

Fewer viruses these days are obviously destructive, because the emphasis now is on the theft of data. "Hackers have gone from boasting about their exploits to stealth mode," he said.

The rise in criminal activity is a direct threat to the development of e-commerce trading, which the NHTCU's Lyons described as "the weak underbelly of business." Scams such as identity theft and phishing all threaten to undermine confidence in e-commerce and limit its future growth. "If you want to grow the population [of internet customers], then you need to work out what to do with customers," he said. "It is paramount to secure the e-commerce infrastructure. We need to get DDoS mitigation tools in place and work with the ISPs." So far, the banks have accepted some of the losses when identities have been stolen, he added, but they can't be expected to continue to.

Lyons suggested that greater user awareness of security was the only long-term solution to the problem. Broadband home users were mostly like "someone who learned to drive on a Model T Ford, and now suddenly they are behind the wheel of a Ferrari."

This mass of untrained people are becoming the unwitting victims of increasingly sophisticated malicious code, he added, before recommending a concerted campaign to build security awareness among those users in order to minimize the dangers they pose.

In the meantime, said Lyons, law enforcement agencies in the U.S, Europe and Russia are increasingly co-operating to track down some of the perpetrators. They have created an international intelligence cell to manage information, and have increased the flow of information coming in from banks and other victim groups. This co-operation led to the arrest of several Eastern Europeans during the summer.

In the face of these growing threats, delegates to the conference were reminded that good, basic security practice goes a long way in providing protection. "We pay too much attention to new things and not enough attention to old problems," said Gartner's Heiser. "For instance, warchalking is no longer news, but wireless security is a more serious problem today."

It is more effective to concentrate on what he described as the "boring" parts of security, such as buying secure software, configuring it properly, and managing users' accounts more effectively.

And if you do become the victim of an incident, find out the root causes. "The incident is not over until you understand exactly what happened, why it happened, and what you're going so to do to stop it happening again," he concluded.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.