03.22.06
The True Nature of Cyber Crime
Cyber-attacks, hacks, and acts of online vandalism perpetrated by loners in attempts to direct attention to themselves were at one time the biggest threat companies had to worry about. For those individuals, breaking into a company’s network produced no direct gain. Instead, they did it for the glory of becoming a cyberspace anti-hero, or at least to relieve the boredom of their humdrum lives. But today, those misguided fools are the least of a company’s network security worries. Malicious attacks are increasingly being carried out for very specific reasons. Cyber criminals are using bot-nets, denial-of-service extortion attacks, and sophisticated identity theft techniques for financial gain.
According to a recent report from computer security vendor Symantec, bot-networks are being used more frequently to carry out criminal activities. Symantec recorded a 50 percent increase in DOS attacks in the second half of 2005. In a bot-network, a criminal infiltrates hundreds or thousands of computers around the world, transforming each one into a sort of “zombie” client, and then uses the network to carry out a DOS attack, or to threaten to do so for the purpose of extorting money.
Symantec also noted an increase in phishing attacks, where a cyber criminal sends out emails disguised to look as if they originated from a trusted source, such as a bank. The cyber criminal then attempts to convince each victim to enter private account information, which is then diverted to a criminal enterprise and used for identity theft.
Although many cases of online extortion do not get reported, there have been several high-profile cases in the news. Last year, an extortion scheme originating in Russia was discovered, where victims’ computers would become infected via a web site containing malware. The malware would lock up the victim’s data files, and the criminal would then send an email demanding money in exchange for instructions on how to recover the files.
If you are the recipient of this type of attack, the first thing to do is not to give in to demands, and then notify law enforcement authorities and your ISP. However, these attacks are opportunistic, and the best protection against them is to be proactive. Many of these criminal attacks are carried out with Trojans, social engineering, or infected web sites. A good anti-virus package and firewall will prevent most of these attacks, and adhering to standard best practices–such as exercising caution before launching email attachments–will go a long way towards avoiding becoming the next victim of cyber crime.