[ISN] Firms hit rivals with web attacks

From: InfoSec News (alerts@private)
Date: Sun May 06 2007 - 23:07:07 PDT


http://news.bbc.co.uk/1/hi/technology/6623673.stm

By Mark Ward
Technology Correspondent
BBC News website
4 May 2007

Legitimate businesses are turning to cyber criminals to help them 
cripple rival websites, say security experts.

The rise in industrial sabotage comes as some suggest cyber criminals 
are turning away from using web-based attack tools in extortion rackets.

Experts suspect this is because of the risks involved in mounting such 
an attack on a web shop or retailer.

Instead the tools, usually hijacked home computers, are being used to 
pump out junk e-mail.


Cash call

Often these hijacked PCs, known as bots, are used for "Distributed 
Denial of Service" (DDoS) attacks that attempt to knock a site or server 
offline by bombarding it with huge amounts of data.

Online gambling sites were among the first to be threatened with DDoS 
attacks if they did not hand over significant sums of cash.

In a recent entry on the Symantec Security Response blog, Yazan Gable 
said the company had seen a "pretty sharp decline" in the number of 
attacks that try to extort cash.

Mr Gable said this was because extortion attacks were no longer 
profitable because knocking a website offline via DDoS was "loud and 
risky".

Many of those controlling the networks of bot computers have now started 
using them to send out spam which was just as lucrative and a lot less 
risky, said Mr Gable.

But Paul Sop, chief technology officer at Prolexic which helps victims 
cope with DDoS attacks, said they were proving as popular as ever.

"We've seen more DDoS attacks in the last few months than we have ever 
seen," he said.

The decline could just be part of the arms race between criminals and 
security firms.

"When the gangs feel the pincers coming in they change their strategy," 
he said.

There was no reason to think the decline was because such attacks were 
no longer profitable. Not least, he said, because only in 20% of cases 
do attacks stop once a victim has made a payment.

"Once they have you hooked they'll keep going," he said, "it can get up 
to some pretty serious numbers."

Mr Sop said the number of extortion-based attacks had declined a little 
but this had been more than made up for by companies using them to 
batter rivals.

"We are seeing a lot of anti-competitive behaviour," he said.

Mr Sop added that many more Asian targets were being hit by DDoS attacks
- a region in which Symantec did not historically have a big presence.

In Asia, he said, DDoS attacks were proving very popular with 
unscrupulous firms keen to get ahead of their rivals.

"The really frightening thing is you can buy access to a botnet for a 
small amount of money and you can have you competitor down for a long 
time," he said.

In one case that Prolexic helped with a firm was battered for four 
months by a rival using a botnet owned by a criminal gang.

"It's a great use of funds to destroy your competitor," he said.


5B5B
__________________________
Subscribe to InfoSec News
http://www.infosecnews.org



This archive was generated by hypermail 2.1.3 : Sun May 06 2007 - 23:19:01 PDT