Security Attacks Increasingly Motivated By Greed 145
earthstar writes "E-commerce has emerged as the "single most targeted industry" according to the latest Internet Security Threat Report from security software provider Symantec, with hackers now appearing to be motivated by economic gain rather than notoriety.
"We're seeing an increase in profit-motivated attacks," says Vincent Weafer, senior director of Symantec's virus research team. Also in
Information week"
In other news. (Score:5, Insightful)
Re:In other news. (Score:5, Insightful)
If it contains money, they will come. Nothing new here. It has always been like that through the history of humankind. People used to keep money in the form of gold and *they* came. People started keeping money with their head of village and *they* came. People put the money in lockers/safes and *they* came. People started using banks and *they* came. Now people are using the web to store/trasnfer money and *they* are here.
Re:In other news. (Score:4, Insightful)
Your point? (Score:2)
Re:Your point? (Score:2)
Cancer is complicated, hard to cure, insidious, and kills. Most doctors would be happy to find a cure, and move on to treating other diseases.
Symantec NEEDS people to suffer from viruses - they don't have much of a business otherwise. And there's a simple cure - dump Windows/Outlook/MSOffice.
Watch what happens if gBrowser does an auto-detect to switch to an ie-compatible mode for broken/ms/ie sites. It'll be the end of the beginning, as we can ALL then move forward (
Re: so what you're saying is (Score:1)
Re:In other news. (Score:1, Funny)
Re:In other news. (Score:2)
Re:In other news. (Score:2)
Re:In other news. (Score:4, Interesting)
In OTHER other news. (Score:4, Interesting)
Re:In other news. (Score:5, Insightful)
I love you! (Score:1)
Re:In other news. (Score:2, Insightful)
Because... (Score:5, Funny)
Re:Because... (Score:1)
Yeah, and hanging's too good for them, so they have to find some middle ground :o)
Yeah... (Score:4, Funny)
Re:Because... (Score:5, Funny)
If we were all passing around those women, (Score:2, Funny)
Re:If we were all passing around those women, (Score:1, Funny)
Boredom and Greed and Automation (Score:2)
It's kind of like hacking cars - taking off the muffler might have been fun for 15 minutes when you were 16, but everybody's heard it before and it just sounds like you did it because your muffler had rusted out anyway, so no sense annoying the neigh
the way it always works (Score:2, Insightful)
Trickle down Hacking (Score:4, Insightful)
It seems now though more and more of the stupid amateurs are trying to get in on the Hacking for Fun & Profit gig.
Re:Trickle down Hacking (Score:4, Insightful)
And unfortunately it seems to be working [theregister.com]. This little beast should be locked up, or at least made liable for damages. As is he will probably get a very lenient sentence which translates getting off more or less scot free. Let's just hope enough of his victims sign up [theregister.com] to ensure that he will spend a long while paying off the price of his little joke. If the norm for virus authors becomes a slap on the wrist in court closely followed by a fat job offer and not having to pay any substantial damages we are in for a Noah's flood of these idiots.
Re:Trickle down Hacking (Score:1)
That's why... (Score:4, Informative)
Re:That's why... (Score:3, Funny)
Re:That's why... (Score:1)
Not to mention, Cracker kinda implies that they're all white.. doesn't it? :P
-phixxr.
Re:That's why... (Score:1)
No, the phrase "cracker ass cracker" implies someone is white.
Re:That's why... (Score:1)
These less than elegant sections of code were referred to as a hack; hence, you were a hacker if you programmed that way all the time. In fact, if I recall, the programming text book made mention of it back then. I think it was the media who associated the word hac
Re:That's why... (Score:1, Troll)
Use defines language, get over it.
Re:That's why... (Score:4, Insightful)
Re:That's why... (Score:1)
What? No need to bring race into this. I'm sure there are plenty of 1337 @RF1c@n-@m3R1c@n hAxxOrS about...
Curiosity.... (Score:5, Interesting)
So for those who advocate the freedom to "see what I can see" take note of the small leap toward real criminal behavior....
Re:Curiosity.... (Score:5, Informative)
So for those who advocate the freedom to "see what I can see" take note of the small leap toward real criminal behavior....
Circumventing security measures (however weak) on someone else's system without permission is already real criminal behavior [cornell.edu].
Re:Curiosity.... (Score:3)
What, from your imaginary made-up scenario? That's like the government leafs talking about how pot is a gateway drug. If you smoke pot, you'll do all these other drugs.
As with everything else, there are gradients. I do not doubt that some happen to do what you outline, but others get into "cracking" to learn how to steal, while others stumble on to something and quickly decide the
Re:Curiosity.... (Score:2)
The real reason the gateway drug arguement has lost favor is that there are much higher correlations between early use of taba
Re:Curiosity.... (Score:1)
yeah, that's what I did back in High School...
--QTone
Re:Curiosity.... (Score:2)
Ah, the joy's of the "knowledge economy"
In a true free-info world, there would BE no blackmail.
"/Dread"
Payoff (Score:1, Funny)
Might as well make it worth your while.
Re:Payoff (Score:3, Insightful)
Most things people do are for money. Sex too, but if you can hack, you're already precluded from the latter
Texas style accounting soon to come (Score:1, Flamebait)
Is it me? (Score:5, Funny)
Your sig... (Score:2)
Last night I tried to port a Java application to my phone, and tonight I'll be installing Fedora Core under Virtual PC just to be able to write J2ME code.
Bah!
Re:Your sig... (Score:2)
Re:Your sig... (Score:2)
In other news... (Score:4, Insightful)
Ha! (Score:4, Insightful)
Apparently Symantec's current marketing strategy wasn't working, so now they have to use profit-related scare tactics. "Vested interest" anyone?
Re:Ha! (Score:1)
It's more than just security... (Score:5, Insightful)
"Companies using e-commerce also retain a lot of data about customers, account numbers and personal information, and a lot of smaller businesses conducting transactions online don't put the money into security, so they become easy targets," said Donovan.
According to Donovan, many small businesses still do not have an "appropriate level of security".
The larger problem is that many small business do not have an appropriate level of *clues* about security.
Small business owners that are not tech-savvy are no better off than the average Joe Six-Pack that gets on the internet. Most unfortunately wouldn't know what it means to update your anti-virus/malware/spyware signatures, much less do it. By the time they do finally call for tech support their network and much of their IT assets, have been 0wn3d.
It's what happens when hackers go legit (Score:3, Interesting)
So you get a job, naturally, with your skillz, the people willing to hire you aren't exactly altruistic.
Re:It's what happens when hackers go legit (Score:2)
Re:It's what happens when hackers go legit (Score:3, Interesting)
You gravitate towards what you're attracted to (hacking) and the more you run in those circles, the more there'll be people there to exploit you.
It's too bad hackers (should I be using the term "crackers", really?) don't have a highly-developed sense of ethics.
Like other scientists, they end up making tools that can be used to harm people, but maybe a combination of factors makes them even LESS ethically pre-occupied than most scientists.
If you can indeed call hack
Stats? oh. (Score:5, Insightful)
.
"We have seen a pretty rapid shift in the style of threats by hackers as they focus more on key-logging and phishing scams for financial gain," he said.
Oh really? Is Symantec able to quantify an increase in the number of "hackers seeking financial gain" that would qualify the headline of the article? I don't see any stats.
"Companies using e-commerce also retain a lot of data about customers, account numbers and personal information, and a lot of smaller businesses conducting transactions online don't put the money into security, so they become easy targets," said Donovan.
Oh. So businesses should give money to Symantec, right?The article is lacking in a lot of detail (Score:2, Insightful)
Or are they more along the lines of jewel thieves, carefully staking out their victim and carefully planning their heist. My guess is that they are more like the former than the latter, but the study doesn't really sa
Turnabout (Score:3, Funny)
What is amazing ... (Score:5, Insightful)
Re:What is amazing ... (Score:2, Interesting)
"We're seeing an attempt in exploiting Linux environment and as it becomes more widely deployed it will become more of a target," he said
Money vs. FXP (Score:5, Interesting)
The reality is that North and South American hackers are primarily motivated to participate in FXP, or file-sharing using their compromised computers. Russian hackers work with US companies to sell spam drones. German hackers do a mix of both but mainly use their computers to compromise more. Canadians DDoS other hackers. I don't intend to generalize, but it is important to note that the primary objective here is *still* file sharing.
Sites like www.packetnews.com and the like have XDCC searches that help people find free software, like Sims2 the week it comes it. Some movies come out before they are in theatre. I remember seeing Mr. Deeds a month before it came out and Signs about two weeks before it came out.
You don't get that kind of dedication from most hackers. In fact, I would venture to guess that the Russian groups that are doing the majority of the spambot installations have one or two knowledgable people in them, and that is essentially it. The others that work with them are just trying to siphon money. Still, there are a good deal of them with 0-day IE exploits, but unfortunately they haven't been well to adapt to one of the changes Microsoft made blocking an easy way to get files to your computer.
Now, if these guys were bright, they'd keep using the same method and just change the registry so that they can use that method. But it would appear that they don't know how to do that. SP2 also seems to be causing some trouble.
Other trends? (Score:1)
So what are the trends coming from romanian hackers and middle-eastern hackers? I'm guessing the Romanians are pretty much in line with the Russians. But I've seen more activity coming from the middle-east in the past couple months. What are they primarily doing? Just trying to play havoc because of current political motivations?
You've pretty much nailed the other countries/regions from what
Re:Other trends? (Score:2)
Don't get me wrong, they're not bad, it's just that, generally speaking, I have not yet met anyone from the Middle East or India/Pakistan that i
Re:Other trends? (Score:2)
Re:Money vs. FXP (Score:2)
You'd be surprised. A lot of groups are run/handled buy computer administrators in their early thirties or late twenties, have no family, and have tons and tons of money. They spend it on games, DVDs, etc, and make friends online by filesharing and filetransferring. (FXPing)
And why would someone not share files on their computer?
Bandwidth is the main issue. Why kill your own bandwidt
Profit by way of spam relays perhaps (Score:5, Interesting)
It's not just attacks though, seems nearly every security threat (worms, viruses, hacking attempts, etc.) are all converging on one overriding purpose -- SPAM!!! Someone hacked your server? They've probably installed a trojan that makes it a zombie spam relay. User clicked on the blatantly obvious virus in their E-mail and infected their system? It's now a zombie spam relay. Worm managed to get into an unpatched system? Yay, another zombie spam relay!
Even a few years back I felt a lot of hacking and virii/worms were caused by script kiddies playing with hackers tools they found online. Nowadays it's starting to look incredibly organized and methodical. It makes you wonder who's really behind the whole thing. It's getting to be far too orderly (from a spam relay acquiral front particularly) to just be lots of independant greedy folks with no morals trying to make a quick buck. Not to sound like I'm wearing a tinfoil cap but I'd say it's a fair bet that organized crime has moved into the arena and taken charge behind the scenes.
wearing a tinfoil cap (Score:3, Insightful)
Hide your messages in spam with steganography and broadcast them. This way, traffic-flow-based techniques won't work.
By this premise, the DHS has a valid and critical reason to go after spam and zombies.
Re:Profit by way of spam relays perhaps (Score:2, Interesting)
In other news.... (Score:3, Funny)
Enron and many other companies have been seen to steal money from innocent citizens. Flying directly in the face of previous accounts that said this was for charitable purposes, accounts are now saying that these deeds were based strictly on greed.
Crime = greed? Wow! that is news.
Linux (Score:2, Interesting)
This is free for interpretation.
Another side effect of the .crash (Score:5, Insightful)
It makes sense that as legit jobs are harder to get, some people, especially those who got addicted to the easy money, will look for non legit work.
Re:Another side effect of the .crash (Score:1)
It's too bad people need to work so badly that they can't look more closely at a company's business practices in determining whether or not they should be working for said company. *cough* SCO *cough* Enron *cough* <Investment Opportunity Du Jour> *cough*
Re:Another side effect of the .crash (Score:1)
Only in the sense that most cheating was done by manager types, not technical people.
GREED! (Score:3, Insightful)
cardboard road sign (Score:1, Funny)
A sad sign of maturity for e-commerce (Score:3, Insightful)
E-Commerce is big enough now to attract the attention of criminals. I suppose that's an expected milestone for E-Commerce. The cowboy days of fast progress in an arena of trust and goodwill are over.
Newsflash: (Score:5, Insightful)
Helllloooo???? (Score:5, Interesting)
When times are good, crime is not attractive. But when things are really doing bad, crime becomes more and more attractive...
Wake up and smell the coffee (Score:4, Interesting)
So in the past all these people who pay spammers to send out millions of e-mails every hour asking to "update your account", sign up for web hosting accounts to set up phishing sites with stolen credit card numbers, extort money from companies by threatening DOS attacks, set up vast networks of zombies... ...were motivated by notoriety???
Re:Wake up and smell the coffee (Score:2, Insightful)
Many hackers try to justify their activities (to judges, the media, their parents) by suggesting that:
-They weren't going to harm anything, just see if they could do whatever it was they were attempting.
-The
Now that cracking has a business model... (Score:5, Interesting)
Now that there's (at least apparently) a viable business model for cracking machines, I think maybe Windows, which is fundamentally unsecurable partly by design and partly by historical practice Microsoft can't/won't break from, will just get overwhelmed. Certainly most of the home Widnows computers I run into have at least one spyware infection, and some are so infested as to be unusable.
Of course, in nature the really virulent pathogens tend to evolve into less nasty forms - killing off all your hosts is not a good long-term strategy. The spyware and zombie bots might become less overtly intrusive and more 'asymptomatic'. Imagine the future of computing... most computers carry some 'viral load' more or less constantly... [shudder].
Re:Now that cracking has a business model... (Score:1)
Re:Now that cracking has a business model... (Score:2)
From 1 year ago on Slashdot... "plague" (Score:2)
Online fraud... helping Linux/OSS adoption? (Score:5, Insightful)
I get at least one purchase made by a stolen card every week, and in some instances I've been able to trace the owner of the card details.
In every single case, they've told a tale of how their PC got trojaned a few weeks back and they had to get it cleaned up. They're always quite shocked to learn of the real effects of what happened. Up until then, they just see it as an inconvenience and something you just have to put up with once in a while, like unblocking the kitchen sink.
Sometimes though, they review their credit card statements and find other small purchases that they're overlooked, then realise that they had been screwed little by little over a long period.
In every case, they've been more than happy for me to send them a copy of TheOpenCD or Knoppix so they can either install Moz or use Linux at least for their online stuff.
The recent activities of the botnet barons and phishers have certainly caught the attention of the mainstream press though, which is great publicity.
I'm shocked! (Score:2, Funny)
Next, I guess we'll learn that Symantec [cnn.com] produces anti-virus software for a profit.
The root of all evil (Score:1)
You mean like Microsoft writing buggy and insecure software and then charging everyone for the next version where they claim everything is fixed?
Really now (Score:1)
Seeing as how
Re:Really now (Score:2)
But it's not something that's known to happen often, is it?
Re:Really now (Score:2)
Security company reports attacks? duh (Score:1, Insightful)
Linux under attack, sez Symantec (Score:5, Interesting)
"We're seeing an attempt in exploiting Linux environment and as it becomes more widely deployed it will become more of a target," he said.
Oh really? Donovan being the Director of Symantec, this means his company is seeing exploits on Linux?
That's front page news. Who? Where? What vuln? Which distro?
Or do you mean "we think we will see"? That's not quite the same thing, Sym-boy. Careful with that FUD gun, will ya. You're gonna shoot your other foot too.
Then again, if you think of it, companies like Symantec are part of the vast cottage industry that popped up for the sole purpose of plugging the leaks of Windows. The last thing they need is more Linux boxes around. Hence the FUD.
Re:Linux under attack, sez Symantec (Score:1)
Re:Linux under attack, sez Symantec (Score:2)
That's front page news. Who? Where? What vuln? Which distro?
Have you been living in a cave? A quick look at BugTraq shows many vulnerabilities in Linux, some that could be exploited to create trojans. Just look at all the image loader holes that have been turning up the last few weeks. You can bet there will be more, too.
Of course, the problem is nowhere near as big as with Windows, but the statemen
Re:Linux under attack, sez Symantec (Score:2)
virus scanning like using a condom with a hole (Score:3, Interesting)
a condom with a hole in it. I cannot even remember the number of owned machines I have fixed the last couple of months with a virus scanner installed and sitting behind a firewall. In nearly every case the machines are being exploited through the browser or preview in outlook. I run a virus scanner on a system now as a initial pass but then go to the process list to see how many bots are running on the machine collecting and sending data.
If enjoy sharing your credit card information with internet vandals keep using Windows and Internet Explorer.
Security Articles Increasingly Motivated By Greed (Score:3, Insightful)
No "Economic Gain" Here (Score:3, Insightful)
Slashdotted the ad server (Score:2)
It's a shame... (Score:1)
Self-Administration Needed (Score:3, Insightful)
This is clearly unrealistic. We already know that this expectation coupled with the obvious lack of systems administrators for lone PCs, has lead to a great many slashdotter being the de facto sysadm for their friends and family. Clearly this solution falls on its ass when faced with PC owners with no such tech head to call upon. These PCs are probobly doomed to become spam zombies or to take part in DDOS attacks.
It's 2004, not 1984. Most PCs will likely never even be looked at by someone who can admisister them. I'm not just talking about patching and updating virus scanners. What about simple tasks like defragging? Does anyone really think that Aunt Tilly will defrag her PC? What about firmware updates?
At this point PCs should support self administration and self diagnostic and repair. Before you laugh me out off the board, I know that feeble attempts at this have failed miserablely(Windows autoupdate, system restore). But in the age where four year olds, business students, lawyers and Aunt Tillies everywhere are using broadband connected PCs and haven't a clue how to keep them up and running, it's either MUCh better selfadm or you and I will have to become fulltime sysadms.
MOD PARENT UP (Score:2)