July 6, 2005 4:00 AM PDT

Hacking for dollars

(continued from previous page)

is and how much supporting information is supplied, though--an account with little supporting information will go for much less. American Express cards fetch more, as those come without a preset spending limit, experts said.

Symantec has seen a clear change in the malicious code, such as Trojan horses, used in attacks. In the final six months of last year, 54 percent of the attack code was targeted at obtaining personal data. That is up from 36 percent in the same period in 2003.

"The motivation behind today's new e-mail-borne threats is far more sinister than traditional large-scale attacks."
--Mark Sunner, chief technology officer, MessageLabs

But as victims lose more money, consumers' defenses in general go up, Websense's Hubbard said. Many people now realize the importance of installing security software and patches, and technology to fight phishing, such as browser toolbars, is becoming increasingly popular. Also, Microsoft has said it will include phishing protection in Internet Explorer 7, a test version of which is due out this year.

MessageLabs, an e-mail security company, has also spotted the trend of targeted attacks--but this time, aimed at businesses. Last week, the company said it had stopped e-mail messages containing a malicious attachment that was sent to only 17 addresses at a global company. It appeared to be an attempt to gain access to the company's network.

"The motivation behind today's new e-mail-borne threats is far more sinister than traditional large-scale attacks," Mark Sunner, chief technology officer at MessageLabs, said.

Hackers are getting paid to create the malicious programs, which could then be used in industrial espionage or to collect sensitive company data.

In late May, Israeli police made 18 arrests in a case of industrial espionage using Trojan horses. The programs were designed to spy on computer systems and had been planted on the computers of some of the country's top companies.

Sneaky worms
The underground market means that programs that exploit security holes in software are worth too much these days to waste on an attention-grabbing worm. Such major outbreaks get detected soon, triggering mass patching by users and investigations by law enforcement agencies.

Instead, hackers are more likely to create a slow, stealthy attack that will get malicious software installed on many machines, said Steven Hofmeyr, the chief scientist at Sana Security.

"There is no real incentive to write those kinds of mass worms other than the graffiti incentive," Hofmeyr said.

The lure of money likely is not solely responsible for the lull in large worm outbreaks, experts said. After a string of worms in 2003 and Sasser last year, many people realized the importance of security software and patching their systems.

Also, Microsoft, whose software is often the target of worms, has been working to improve its act. Windows XP Service Pack 2, a large security-focused update for the desktop operating system, was released last year. On the server, Windows Server 2003 is deemed more secure than its predecessors.

"The world has become much more aware of malicious activity," Debby Fry Wilson, a director at Microsoft's Security Response Center, said.

In the future, intrusion prevention products could play a part in protecting systems against targeted security threats. Some tools look at the behavior of software and block suspect activity. Other products look more closely at the data leaving a corporate network and can block the transmission of credit card data, for example.

Attacks have changed, not vanished. Security companies and Internet users face increasing challenges to fight the sophisticated threats that often fly under the radar. With money as a spur, hackers are motivated to keep creating new attacks--and to keep one step ahead of the competition.

"I call it the chess game, where the bad guys have the white pieces and always get to go first," Gartner analyst John Pescatore said.

Previous page
Page 1 | 2

10 comments

Join the conversation!
Add your comment
System Intrusion - Think and Assess your Needs
The ever growing problem of network and computer intrusion has forced companies to take a harder look at how they treat their systems. No longer are the days of "hoping" that nothing would go wrong if you simply did nothing to protect assets. Instead companies, now more then ever, are working to actively deter hackers and malicious code. Implementation of more advanced firewalls, IDS and monitoring and filtering software are working to prevent the outsiders from entering and those on the inside from taking advantage of their position within the security of the network. Its the responsibility of those working in the IT field to place security at the top of their list of considerations when designing and implementing systems. Placing huge walls or cutting your company off from the rest of the world arent solutions. Taking time to weight the pros and cons of security productions and methods and making the best decision based on the level of security you need are important steps all companies should take.
Posted by (5 comments )
Reply Link Flag
System Intrusion - Think and Assess your Needs
This looks like a brochure.
Posted by (9 comments )
Link Flag
Holy cow, this is irresponsible.
I've read the article over twice, and I have yet to see one shred of evidence that supports almost everything claimed in this article, other than the word of a series of vendors that claim this. Aside from the publicized Israeli companies, they claim quite a bit without any real evidence. Frankly, their opinions, tainted not only by their desire to sell products and services, not to mention their companies resounding past failures in the security arena, makes their claims suspect.

Not once did the reporter produce any evidence other than what they said. No contact to law enforcement to back up anything that was said.

Aside from this, the term "hacker" appears to have changed (and no, I'm not debating hacker vs. cracker). In the past it was considered someone who used technical means to circumvent security. By their definition, it's someone who sends an email from a bogus address, or establishes a server front end to gather information from the very, very gullable. By this definition, any spammer could be considered a "Hacker". This being the case, the author and indeed the companies portrayed here show their ignorance of security, IT, and in general, the subjects that they're speaking of.

Their ignorance, combined with their commercial interests make this one of the most suspect articles written by an amateur I have seen on C/Net for quite some time, and that's saying a lot.
Posted by (9 comments )
Reply Link Flag
Had exactly the same thoughts...
Also, nothing new gets added, just recycling old news.
Must be a slow day at c|net...
Posted by Steven N (487 comments )
Link Flag
Bravo!
Right on!
Posted by Mister C (423 comments )
Link Flag
State Sponsored Hacking
Not to be overlooked is the considerable amount of State sanctioned/sponsored hacking. I've detected a fair number of intrusion attempts hitting my router from China. Given that China has a complete lockdown on their citizen's use of the Internet -- access control, logging everything everywhere, they are not oblivious to what is going on. Which either means they don't care, as long as other countries are hacked and not China itself, or they are actively sponsoring this activity to engage in espionage, theft, or disruption of other countries' infrastructure. I'd like to see CNET do a future story on what our "friendly" trading partners are doing to us, and what governemnt officials from agencies like Homeland Security have to say about it.

Examples of attacks:
Jul 06, 2005 20:37:31.671 UTC - (UDP) 222.136.251.125 : 49451
Calendar Protocol
descr: CNCGROUP Henan province network
descr: China Network Communications Group
descr: Beijing 100031

Jul 06, 2005 20:25:43.687 UTC - (UDP) 210.74.232.191 : 1261
SQL Slammer Worm
descr: Shanghai Global Network Co.,Ltd
descr: No.111 Zhongshan South Road


Jul 06, 2005 19:42:50.093 UTC - (UDP) 218.23.142.22 : 3987
SQL Slammer Worm
descr: CHINANET Anhui province network
descr: Data Communication Division
descr: China Telecom


Keith
www.techcando.com
Posted by Stating (869 comments )
Reply Link Flag
State Sponsored Hacking
..I don't think that this is really true.

Keep in mind, they're behind content filters, not firewalls. Being infected by a worm, and it spreading over to here isn't neccisarily state sponsored hacking.

Remember, China has an enormous software piracy economy. Patches generally aren't available to a lot of these people. How many of these are coming from China? How about Brazil? Pakistan? Any other countries?

Besides, if it were state sponored hacking, don't you think they'd give them something a little better than a 4 year old worm to do it with?
Posted by (9 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.