[ISN] Net mafia winning security war

From: InfoSec News (alerts@private)
Date: Wed Aug 09 2006 - 22:31:13 PDT


http://www.news.com.au/couriermail/story/0,23739,20042617-5003418,00.html

Glenn Chapman in Las Vegas
August 07, 2006

ORGANISED crime is winning the internet security war, specialists warned 
at the world's foremost gathering of computer hackers in Las Vegas.

The online peril is no longer brilliant young social outcasts penetrating 
networks for notoriety; it is international crime rings swiping billions 
of dollars with keystrokes and malicious computer codes, cyber cops 
agreed.

Ironically, potential champions in the battle for internet privacy were 
sought among the thousands of hackers that made pilgrimages to the US 
gambling centre nicknamed "Sin City" for the three-day DefCon 14 
conference.

Online evil doers were crime rings working out of countries such as 
Russia, Romania and Brazil, and their nefarious technical skills were 
keeping ahead of computer security experts, veterans of the cyber-crime 
battle said.

"We are getting our butts kicked, there is no doubt about it," said Dan 
Hubbard, vice president of security research at Websense. "There is a lot 
more of a bond and a sharing of tools in their society than in ours."

DefCon, in its 14th year, was a neutral ground where hackers, computer 
security professionals and US government agents exchanged expertise, 
according to organisers.

"The hacker is the good guy," Joe Grand, who described himself as an 
inventor by day and a hardware hacker by night, said. "A hacker is someone 
interested in figuring out how to make things work."

Kenneth Geers explained that he was at DefCon to glean new hacking tactics 
and recruit talent to join him at his job hardening the US military's 
computer network.

"If we are not getting into the weeds and hearing what the hackers are 
saying about weaknesses and vulnerabilities, we are absolutely screwed," 
Mr Geers said. "We seek out rock star hackers because they live and 
breathe this stuff"

For Mr Geers, the goal was to prevent aircraft carrier's communications 
from being routed to enemies or missile guidance systems from being 
compromised.

Online onslaughts were a relentless reality for ordinary computer users, 
said Gadi Evron, who managed internet security for the Israeli government 
before going to work for the firms SecuriTeam and Beyond Security.

"A lot of it involves the mafia," Mr Evron said.

"This is not about kiddies, hackers who sit around and tinker. It is about 
using the internet for real crime."

More than two billion dollars will be stolen this year by online 
"phishing," using fake website and bogus emails to trick people into 
revealing personal information then used for identity theft, Mr Evron 
said.

That loss will be multiplied by attacks involving the secret implanting of 
computer codes that can do things such as record keystrokes used for 
online banking or take remote control of computers, Mr Evron said.

There is such a glut of stolen credit card data that it can be bought 
online for three dollars each, said special agent Andrew Fried of the US 
Internal Revenue Service.

Fried estimated that one in five home computers in the country was 
infected with malicious computer code, or "malware."

"We have gone to houses and done search warrants only to find people's 
computers were being used without them knowing it," Fried said. "Most of 
what I see is systems being compromised to be taken over."

Armies of zombie computers can be used to attack websites of companies 
that depend on internet business for their revenues, the specialists 
explained.

Criminals commanding such "botnets" can demand money from the companies in 
exchange for not crippling their online business.

"The whole idea of extortion on the internet is funny to me," Mr Evron 
said. "They won't protect you. If you pay them they will probably attack 
you anyway, and they will be back."

Cyber crime ranks only behind terrorism and counter-intelligence as top 
priorities at the Federal Bureau of Investigation, special agent Thomas 
Grasso said during the panel discussion.

Collaboration with counterparts such as Interpol and Scotland Yard are 
vital to combat crime rings that often take refuge in countries with scant 
police resources, Mr Grasso said.

The law and computer security technology have lagged behind criminal 
techniques on the internet, Mr Grasso said.

"The internet is not safe and your email is not safe," Mr Evron said.  
"It is an arms race and all we can do is enter that arms race from all 
different angles."


_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org



This archive was generated by hypermail 2.1.3 : Wed Aug 09 2006 - 22:53:43 PDT