Among the world`s most notorious hackers were the late Jonathan James, who, at 16, became the first juvenile to be sent to prison for hacking some years ago. He said in interviews he had just been playing around to see what he could pull off. What he pulled off included accessing US Defense agency employee data and taking software worth a reported $1.7 million from NASA computers, among other things.
ORGANISED CRIME GETS ONLINE
James may have just been a kid "playing around". But times have changed, and the hacker and cybercriminal of today is in it for the money. Cybercrime has become a serious business worth billions of dollars annually. The global village has spawned a worldwide underground that gets rich on theft, blackmail and defrauding companies and individuals. The dark side of the internet is that it can be used to bring down organisations and - potentially - governments around the world with relative ease. With cybercrime proving so lucrative and fairly risk-free for the criminals, who can move their operations across borders from anywhere to elude the authorities, it is worth their time to constantly change their techniques in a bid to stay ahead of cyber-crime fighters. McAfee estimates that the global cost of data theft and breaches from cybercrime topped $1 trillion last year alone. And the problem is growing fast.
Costin Raiu, chief security expert at Kaspersky Lab" rel=tag>Kaspersky Lab, EEMEA, told delegates at ITWeb`s fourth Annual IT Security Summit recently that cybercrime today is a multibillion-dollar underground industry that transgresses borders and keeps growing at an exponential pace.
"Cybercrime accounts for billions of dollars in terms of losses annually and the criminals are becoming more professional in developing technologies designed to counteract traditional anti-virus solutions every day. It is not so much an issue of computer malware, but the countless vulnerabilities in operating systems as well as the installed software applications that make it very hard to run secure computer systems," he says.
Raiu says contributing factors that lead to the flourishing of premeditated online crime is the evolution of malicious code from viruses to Trojan horse attacks, designed to steal personal information for financial gain.
"Online payment systems and online banking systems often make use of simplistic authentication technologies, and hackers use keystroke loggers, password stealing Trojans and social engineering to gain access to accounts which are later emptied of funds.
"Even systems that use complicated multi-factor authentication techniques are at risk with the introduction of specialised Trojan horses, which are able to intercept transfers on-the-fly and replace the destination account with the attacker`s account or highjack an online banking session," he says.
In the single biggest online theft on record, $1.1 million was stolen from customers of the Swedish Nordea Bank.
DANGER ZONES
McAfee said in its threat predictions for this year that the top trend for 2009 would be the continued exploitation of the financial crisis to scam users with fake financial transactions services, fake investment firms and fake legal services. "Computer users face a dangerous one-two punch today," says Jayson O`Reilly, regional manager: Africa for McAfee. "The current economic crisis is delivering a blow to our financial well-being, while malware authors are taking advantage of our distraction to deliver a roundhouse strike."
Kaspersky Lab notes that one of the current biggest IT threats comes from infection of systems via removable storage media. Surfing the web is second on Kasperksy`s list of prime threats, with between one in every 50 to one in every 300 sites currently infected. McAfee also warns that criminals do capitalise on users` desire to protect their PCs - noting an upsurge in malicious software posing as applications from "security" vendors.
Symantec reported recently that malicious code activity is growing at a record pace, with Symantec having to create more than 1.6 million new malicious code signatures in 2008. These signatures helped Symantec block an average of more than 245 million attempted malicious code attacks across the globe each month during 2008. The report noted that web surfing remained the primary source of new infections last year, and said attackers are relying more and more on customised malicious code toolkits to develop and distribute their threats. - Furthermore, 90% of all threats detected by Symantec last year attempted to steal confidential information. Threats with a keystroke-logging capability made up 76% of threats to confidential information.
Symantec said there continues to be a well-organised underground economy specialising in the sale of stolen confidential data, particularly credit card and bank account credentials. This underground economy is thriving; whereas prices for goods in the legitimate market have fallen.
Worryingly, Symantec data shows that the growth of malicious code activity was greatest in the Europe, Middle East and Africa region last year.
Kevin Isaac, vice-president of Emerging Markets, Symantec said: "Cybercriminals are profiting from creating and distributing customised threats that steal confidential information, particularly bank account credentials and credit card data. While the above-ground economy suffers, the underground economy has remained consistently steady."
AND ANYONE CAN DO IT
And it`s easy to profit. Jeremiah Grossman, founder and CTO of WhiteHat Security, told the Security Summit that just about anyone can commit fraud or steal confidential information to sell to the underground market. Criminals are freely selling malware, such as Trojans and botnets, over illicit trading websites, while a Trojan can be sold on the market for $1 000 or less.
For example, a hacker called `The Analyzer` allegedly hacked into financial institutions using SQL injection to steal credit and debit card numbers that were then sold on to the black market. This information was used by thieves in several countries to withdraw more than $1 million from ATMs."
"Another example is Tom Berge, who used the aerial photographs from Google Earth to pinpoint museums, churches and schools across south London which had lead roof tiles. Berge and his accomplices used ladders and abseiling ropes to strip the roofs and steal £100 000 worth of lead to be sold for scrap. He was sentenced to eight months in prison, suspended for two years, after confessing to more than 30 offences."
Grossman said: "According to the US Federal Trade Commission, if a person receives merchandise they didn`t order, that person has a legal right to keep it as a free gift. Nicholas Arthur Woodhams, from Michigan, US, abused Apple`s advance replacement programme by guessing iPod serial numbers backed with Visa-branded gift cards. He repeated the process 9 075 times, reselling the `replacements` at the discounted price of $49. He was charged with trademark infringement, fraud and money laundering. All his real estate, as well as $571 000 in cash, was seized from Woodhams."
STEPPING UP THE FIGHT IN SA
In South Africa, cybercrime-fighting efforts have to be improved, or this country could face a bigger problem in 10 years, says the South African Police Service (SAPS).
Also speaking at the Security Summit, Charles Maree, a detective with the police`s Cyber Crime Support Service, said the threat is evolving and law enforcement efforts need to be stepped up. "The perception of a hacker has changed completely over the years. So the cyber threat has changed. These people are highly skilled individuals who have a passion for what they do. They don`t want to get caught," he says. Maree notes the hacker of today is "no longer a guy in a basement". Cybercriminals come in many forms, use increasingly advanced techniques and are mainly motivated by profit, he says. The local unit investigates all possible threats, including identity theft, malware attacks, phishing schemes, spam attacks and botnets. Maree says cases investigated so far have shown that terrorists, industrial spies, organised crime syndicates and even activists are often behind cybercrime. "We`ve got government spies, we`ve got terrorists, people who want to bring harm to this country, because they don`t have the same political views. It`s a serious threat. And they also use the internet."
The SA cybercrime unit, established following the sudden rise of cybercrime between 1990 and 1994, remains fairly secretive about its operations, presumably in order to work more effectively. Nonetheless, Maree says the public needs to be aware of government agencies and institutions that combat cybercrime. The SAPS Crime Intelligence Division has nine offices in eight provinces supporting functional policemen. North West is the only province without an office, because of a shortage of suitably qualified and experienced staff in the area. Offices have proactive intelligence divisions, which investigate possible threats related to cybercrime, and a forensic division, a reactive unit for cybercrimes which have been committed.
Maree says many local cybercrimes go unreported because people are not aware of police agencies like the Cyber Crime Support division. "If people don`t report cybercrime, the problem will only grow, he says. And the police need help in fighting the problem. "We can only fight this battle with all the role players," Maree says.
According to Maree, the challenge for the SAPS is to keep up with developments in the cybercrime world. Criminals are up to date with encryption, software and the latest technology, he noted, and most investigations cannot avoid the role technology plays.
"The specialised units that work in organised crime need support. If I would ask them what a Trojan is, they wouldn`t be able to answer me, because they specialise in what they do. So, we needed a unit to assist these units to understand the technology, how it works and to explain it to a prosecutor."
From an investigative perspective, understanding technology has become vital, he adds. "There have been cases where encrypted messages are hidden in text in pictures. If you don`t know what to look for, you`ll never find anything." Several cases have even found complicated encoding of video material, which could only be deciphered by specialists. Various modes of attack and communication are used, including instant messaging, Skype, newsgroups, e-mail, peer-to-peer networks and invisible Internet Relay Chat, Maree says. "With invisible Internet Relay Chat, node points are encrypted. So the connection to servers is encrypted and connections back to other users are also encrypted. For anyone trying to look at the content, it is more difficult to utilise smoking technology to get to the data packets."
"We don`t catch everybody. In some cases, there`s just not enough evidence. If we look at the backlog of cases we have, the number of cases we have on our forensic side, it`s going to be quicker to get a forensic auditor from the company [concerned to do the audit]."
Recognising the need to do more against cybercrime, Business Against Crime South Africa (BACSA) recently congratulated President Zuma on his first State of the Nation address, in which he committed to fight crime with renewed energy and vigour. However, Siphiwe Nzimande, CEO of BACSA, added: "With an economic downturn and recessionary pressures affecting the country, the emphasis on fighting the types of crime that tend to increase in such an environment, including corruption, fraud, cybercrimes and identity theft, is [also]needed at this time."
Centre for Information Security executive director Beza Belayneh is of the opinion the best way to fight cybercrime is to attack cybercriminals first.
"The traditional views on information security have changed. The best way for companies to defend themselves is to go destroy, deny and disrupt their enemies before it is done to them," Belayneh says.
|
Post a comment
|
Login.
Business Best Practise
