[ISN] Banks, ISPs 'should meet cyber police'

From: InfoSec News (alerts@private)
Date: Thu Feb 01 2007 - 22:16:52 PST


By Tony Waltham
Bangkok Post
February 01, 2007

Bangkok, Thailand -- Local companies should offer to familiarize the 
country's cyber police officers with their networks and assist in 
security training, according to a Cisco Systems Internet security 

Internet service providers (ISPs), banks and other institutions really 
need to ''invest in their law enforcement officers,'' said Barry 
Raveendran Greene of Cisco's SP Architecture and Engineering Group, who 
was here to conduct two cyber security seminars.

Greene spoke of a huge shift that has taken place in Internet security, 
which has seen organized crime such as extortion and fraud move into 
cyberspace. He said extortion can manifest itself as distributed denial 
of service (DDoS) attacks on a Web site or network, whereas ''click 
fraud'' can rob a company of its online advertising budget in favor of a 
competitor or generate money fraudulently from clicks.

He noted that a complex underworld economy, or ''miscreant economy,'' 
has sprung up--one which has its own business cycles, peaks after 
criminals figure out a new way to make money, and dips once potential 
victims collaborate and find ways to mitigate losses or protect 
themselves. The weapons used are very often millions of home PCs that 
have been turned into ''botnets'', which are used to attack Web sites, 
send spam or generate fraudulent clicks.

Even the way computers are being taken over or co-opted into these 
underworld robot armies, and the way they are being controlled is 
changing in what Roland Dobbins of Cisco's SP and Enterprise Security 
Division likened to an arms race.

Asked how large the miscreant economy might be, Greene said one report 
had revealed that the amount of money made by the ''bad guys'' exceeded 
the amount of money made by people selling software to fix it, such as 
Symantec, McAfee, Trend Micro and others selling antivirus software.

The fundamental problem with cyber crime is that there are no physical 
boundaries, such as doors or locks, peer-pressure or family pressure on 
participants. Moreover, there are no laws to keep international online 
criminal activity in check. He added that service providers were 
impacted when their customers were victimized, although helping them to 
protect themselves could be a service opportunity, he said.

Children using computers are now being targeted by organized crime as a 
gateway into a home network of computers by infecting the Web sites they 
visit, he said, adding that ISPs might be able to counter this by 
offering a ''kids safe'' service.

There has been a change in attitude with law enforcement authorities, 
and the arrival of organized crime on the Internet is something that law 
enforcement agencies understood and knew how to deal with, Dobbins said.

Even so, hacking techniques are constantly being refined. In the past, 
it used to be high-profile Web sites that were subjected to DDoS 
attacks, particularly gambling and adult entertainment Web sites. But 
today, perpetrators' focus has shifted to online traders.

Dobbins cited the example of an estimated half a million misconfigured 
open recursion DNS servers on the Internet that could be exploited or 
spoofed by criminal hackers to generate a flood of attacks that could 
lead to denial of service. This is much harder to spot when compared to 
a traditional DDoS attack using raw bandwidth.

Other new techniques include exploiting back-end application 
vulnerabilities on a potential victim's Web site, such as lengthy 
database transactions. Dobbins said DDoS attacks using bandwidth could 
be easily monitored and steps taken to counter, whereas ''database 
churn'' would be harder to spot with a traffic-based approach.

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Thu Feb 01 2007 - 22:41:32 PST