http://www.news.com.au/couriermail/story/0,23739,20042617-5003418,00.html Glenn Chapman in Las Vegas August 07, 2006 ORGANISED crime is winning the internet security war, specialists warned at the world's foremost gathering of computer hackers in Las Vegas. The online peril is no longer brilliant young social outcasts penetrating networks for notoriety; it is international crime rings swiping billions of dollars with keystrokes and malicious computer codes, cyber cops agreed. Ironically, potential champions in the battle for internet privacy were sought among the thousands of hackers that made pilgrimages to the US gambling centre nicknamed "Sin City" for the three-day DefCon 14 conference. Online evil doers were crime rings working out of countries such as Russia, Romania and Brazil, and their nefarious technical skills were keeping ahead of computer security experts, veterans of the cyber-crime battle said. "We are getting our butts kicked, there is no doubt about it," said Dan Hubbard, vice president of security research at Websense. "There is a lot more of a bond and a sharing of tools in their society than in ours." DefCon, in its 14th year, was a neutral ground where hackers, computer security professionals and US government agents exchanged expertise, according to organisers. "The hacker is the good guy," Joe Grand, who described himself as an inventor by day and a hardware hacker by night, said. "A hacker is someone interested in figuring out how to make things work." Kenneth Geers explained that he was at DefCon to glean new hacking tactics and recruit talent to join him at his job hardening the US military's computer network. "If we are not getting into the weeds and hearing what the hackers are saying about weaknesses and vulnerabilities, we are absolutely screwed," Mr Geers said. "We seek out rock star hackers because they live and breathe this stuff" For Mr Geers, the goal was to prevent aircraft carrier's communications from being routed to enemies or missile guidance systems from being compromised. Online onslaughts were a relentless reality for ordinary computer users, said Gadi Evron, who managed internet security for the Israeli government before going to work for the firms SecuriTeam and Beyond Security. "A lot of it involves the mafia," Mr Evron said. "This is not about kiddies, hackers who sit around and tinker. It is about using the internet for real crime." More than two billion dollars will be stolen this year by online "phishing," using fake website and bogus emails to trick people into revealing personal information then used for identity theft, Mr Evron said. That loss will be multiplied by attacks involving the secret implanting of computer codes that can do things such as record keystrokes used for online banking or take remote control of computers, Mr Evron said. There is such a glut of stolen credit card data that it can be bought online for three dollars each, said special agent Andrew Fried of the US Internal Revenue Service. Fried estimated that one in five home computers in the country was infected with malicious computer code, or "malware." "We have gone to houses and done search warrants only to find people's computers were being used without them knowing it," Fried said. "Most of what I see is systems being compromised to be taken over." Armies of zombie computers can be used to attack websites of companies that depend on internet business for their revenues, the specialists explained. Criminals commanding such "botnets" can demand money from the companies in exchange for not crippling their online business. "The whole idea of extortion on the internet is funny to me," Mr Evron said. "They won't protect you. If you pay them they will probably attack you anyway, and they will be back." Cyber crime ranks only behind terrorism and counter-intelligence as top priorities at the Federal Bureau of Investigation, special agent Thomas Grasso said during the panel discussion. Collaboration with counterparts such as Interpol and Scotland Yard are vital to combat crime rings that often take refuge in countries with scant police resources, Mr Grasso said. The law and computer security technology have lagged behind criminal techniques on the internet, Mr Grasso said. "The internet is not safe and your email is not safe," Mr Evron said. "It is an arms race and all we can do is enter that arms race from all different angles." _________________________________ Visit the InfoSec News store! http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Wed Aug 09 2006 - 22:53:43 PDT