http://www.zdnetasia.com/news/security/0,39044215,61986321,00.htm By Tony Waltham Bangkok Post February 01, 2007 Bangkok, Thailand -- Local companies should offer to familiarize the country's cyber police officers with their networks and assist in security training, according to a Cisco Systems Internet security architect. Internet service providers (ISPs), banks and other institutions really need to ''invest in their law enforcement officers,'' said Barry Raveendran Greene of Cisco's SP Architecture and Engineering Group, who was here to conduct two cyber security seminars. Greene spoke of a huge shift that has taken place in Internet security, which has seen organized crime such as extortion and fraud move into cyberspace. He said extortion can manifest itself as distributed denial of service (DDoS) attacks on a Web site or network, whereas ''click fraud'' can rob a company of its online advertising budget in favor of a competitor or generate money fraudulently from clicks. He noted that a complex underworld economy, or ''miscreant economy,'' has sprung up--one which has its own business cycles, peaks after criminals figure out a new way to make money, and dips once potential victims collaborate and find ways to mitigate losses or protect themselves. The weapons used are very often millions of home PCs that have been turned into ''botnets'', which are used to attack Web sites, send spam or generate fraudulent clicks. Even the way computers are being taken over or co-opted into these underworld robot armies, and the way they are being controlled is changing in what Roland Dobbins of Cisco's SP and Enterprise Security Division likened to an arms race. Asked how large the miscreant economy might be, Greene said one report had revealed that the amount of money made by the ''bad guys'' exceeded the amount of money made by people selling software to fix it, such as Symantec, McAfee, Trend Micro and others selling antivirus software. The fundamental problem with cyber crime is that there are no physical boundaries, such as doors or locks, peer-pressure or family pressure on participants. Moreover, there are no laws to keep international online criminal activity in check. He added that service providers were impacted when their customers were victimized, although helping them to protect themselves could be a service opportunity, he said. Children using computers are now being targeted by organized crime as a gateway into a home network of computers by infecting the Web sites they visit, he said, adding that ISPs might be able to counter this by offering a ''kids safe'' service. There has been a change in attitude with law enforcement authorities, and the arrival of organized crime on the Internet is something that law enforcement agencies understood and knew how to deal with, Dobbins said. Even so, hacking techniques are constantly being refined. In the past, it used to be high-profile Web sites that were subjected to DDoS attacks, particularly gambling and adult entertainment Web sites. But today, perpetrators' focus has shifted to online traders. Dobbins cited the example of an estimated half a million misconfigured open recursion DNS servers on the Internet that could be exploited or spoofed by criminal hackers to generate a flood of attacks that could lead to denial of service. This is much harder to spot when compared to a traditional DDoS attack using raw bandwidth. Other new techniques include exploiting back-end application vulnerabilities on a potential victim's Web site, such as lengthy database transactions. Dobbins said DDoS attacks using bandwidth could be easily monitored and steps taken to counter, whereas ''database churn'' would be harder to spot with a traffic-based approach. _____________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Thu Feb 01 2007 - 22:41:32 PST