[ISN] 'Hunting season' for computer attackers

From: InfoSec News (isn@private)
Date: Wed Jul 06 2005 - 23:44:22 PDT


http://www.theglobeandmail.com/servlet/story/LAC.20050706.RSECURITY06/BNPrint/theglobeandmail/TopStories

By SIMON AVERY 
July 6, 2005 
TECHNOLOGY REPORTER

TORONTO -- Their anonymous ranks include extortionists who threaten to
crash companies' on-line operations. They play with powerful viruses
to surreptitiously lift personal data off PCs. And they brazenly
wander through electronic bazaars to freely trade stolen information,
malicious computer code and access to hijacked networks.

A new generation of sophisticated, amorphous and highly co-ordinated
Internet criminals is not only costing businesses billions of dollars;  
it's testing people's faith in on-line technology and pushing global
law enforcement to the limit, industry experts warn.

"It's hunting season right now. It's unbelievable how [flagrant] the
attackers are. They know right now is the time because law enforcement
has no resources and there's no universal jurisdictional law," says
Ryan Purita, a forensic examiner with Totally Connected Security Ltd.  
in Vancouver. "Thieves are just going 'wow, what a wicked time.' "  
Attackers are increasingly co-ordinating their activities by sharing
and selling malicious code and stolen information. They are
streamlining operations and hiring at an incredible rate, says Claudiu
Popa, president of Informatica Corp., a Toronto-based network
consultancy.

The recent onslaught of focused attacks on computer systems worldwide
may be starting to test the public's confidence in the Internet and
could threaten to undermine emerging technologies, some industry
experts say.
 
"This is the year we're seeing cybercrime, or the potential of
cybercrime, begin to affect how people use the Internet," said James
Lewis, senior fellow at the Center for Strategic and International
Studies in Washington, D.C.

It has taken the better part of a decade to persuade the mainstream
user to shop and bank on-line. But just as the technology is finally
starting to deliver on promises made during the dot-com boom, Mr.  
Lewis says a significant portion of the population is questioning the
safety of the medium.

"If people can't feel confident about using the Internet, they will
begin to back off from using it. This is one of the greatest social
costs of cybercrime," he said yesterday.

Law enforcement around the world is struggling to track and locate the
threats, said Mr. Lewis, who was commissioned by McAfee Inc., a large
security software company based in California, to write a report on
organized crime and the Internet. "There's been substantial effort on
behalf of law enforcement. But the best you can say is that they're
barely keeping up with it," he said.

In the past few weeks, several major breaches of consumer financial
data have come to light. In one instance, forty million credit card
accounts were exposed to a breach and at least 200,000 records were
stolen from Atlanta-based CardSystems Solutions Inc., which processes
credit card and other payments for banks and merchants across North
America. Further, Equifax Canada Inc., the credit reporting company,
revealed that it had suffered a security breach that gave criminals
access to personal financial information for hundreds of Canadians.

Threats may come in the form of electronic Trojan horses, which lie
behind fake Web links or attach themselves to e-mails, appearing as
harmless files that actually contain malicious code. When a file is
opened, the code installs itself on the recipient's computer and is
programmed to surreptitiously take control of the device. Infected
computers are known as bots, or zombies, and they become part of an
army of machines under the control of an attacker, who can use them to
bombard a site with traffic and even bring it down.

These battalions of bots have been used in countless attacks on
companies that do business on the Web. On-line betting firms,
including CanBet Ltd. and William Hill Sportsbook, have been favourite
targets, with attackers demanding payments of tens of thousands of
dollars to back off.

Some Trojans planted inside companies' computers actually reroute
corporate traffic to an illegitimate destination. Once the electronic
bridge is in place, criminals intercept, monitor and retrieve all the
sensitive information they want. They may dismantle the connection
days before a company's IT department realizes what happened.

Web-based chat rooms and Internet relay chat, a technology that allows
users to set up discussion channels on-line anonymously, are favourite
forums for exchanging information and recruiting. There are also
countless websites set up to blatantly promote criminal activity, such
as the International Association for the Advancement of Criminal
Activity (http://www.iaaca.com).

Some cybergangs hide in plain sight. The HangUP Team, a Russian gang
that has eluded the law for several years, carries out a dialogue of
hacker exploits on its site and bears the logo "In Fraud We Trust."

Mobile devices such as cellphones that can surf the Web or act as
credit cards will be attractive targets of cybercrooks in the next
year, as users begin to store more valuable information on their
handheld devices. In addition, voice over Internet protocol (VoIP)  
will give attackers a new way to exploit computer vulnerabilities to
interfere with phone services, Mr. Lewis said.

The trend toward mobile computing is already opening up a giant hole
in many networks. When users plug their laptops or personal digital
assistants into a corporate network, they run the risk of importing
malicious code. "Mobile devices represent a new way for mischief to
come into a company and they are hard to control," said Robert
Gleichauf, chief technology officer of security at Cisco Systems Inc.

Police use a variety of techniques to track attackers, including
tracing the Internet protocol (IP) address assigned to the computer by
its Internet service provider. "You always leave a trail, just like a
murderer does. Your IP address is your fingerprint, your DNA," Mr.  
Purita said.

That trail, however, is frequently impossible to track. Most advanced
attackers employ a process of looping and weaving, which means running
their traffic through zombie computers in multiple countries.

"The further physically removed they are, the harder it becomes to
find them," said Howard Schmidt, former special adviser for cyberspace
security at the White House and president of R&H Security Consulting
in Seattle.

Getting a handle on the number of attacks is difficult because many
businesses don't report them for fear of hurting their reputations,
said inspector Rob Currie, director of the RCMP's technological crime
branch.

He says his group receives a call from a large Canadian company almost
every week reporting a breach or seeking counsel on a "hypothetical"  
breach.

"IT security breaches are [now] part of daily life."

Phishing for trouble

$61.9-MILLION: ESTIMATED COST OF CYBER CRIME IN 2004

75-150 MILLION: ESTIMATED NUMBER OF PHISHING E-MAILS SENT EACH DAY

300: NUMBER OF NEW PIECES OF MALICIOUS SOFTWARE WORLDWIDE EACH MONTH
IN 2004

$1,200: AVERAGE COST OF PHISHING SCAMS PER VICTIM IN U.S.

60,000: ESTIMATED NUMBER OF VICTIMS OF PHISHING SCAMS (FOOLING USERS
TO HAND OVER PERSONAL INFORMATION TO COUNTERFEIT WEB SITES) IN 2004

50+: ESTIMATED PERCENTAGE OF NORTH AMERICAN HOME COMPUTERS INFECTED BY
MALICIOUS SOFTWARE

2,000: NUMBER OF NEW PIECES OF MALICIOUS SOFTWARE WORLDWIDE EACH MONTH
IN 2005

1 HOUR: ESTIMATED PERIOD WITHIN WHICH AN UNPROTECTED COMPUTER ON-LINE
WILL BE PROBED BY MALICIOUS SOFTWARE

SOURCES: FBI, MCAFFEE INC. AND GARTNER INC.



_________________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 - 
2,000+ international security experts, 
10 tracks, no vendor pitches.
www.blackhat.com 



This archive was generated by hypermail 2.1.3 : Wed Jul 06 2005 - 23:50:08 PDT