July 6, 2005 4:00 AM PDT

Hacking for dollars

Hackers have traded fame for financial gain, experts say.

In the past, lone hackers defaced Web sites or launched global worm attacks, mainly to gain notoriety among their peers.

Today, they use their skills for profit. They hunt for security flaws and find ways to exploit them, hijack computers and rent those out for use as spam relays, or participate in targeted attacks that steal sensitive information from individuals or spy on businesses.

News.context

What's new:
In the past, hackers wanted to gain notoriety by writing the biggest worm they could. These days, they're more likely to be motivated by money.

Bottom line:
Though the shift could lead to a drop-off in global worms, it still spells trouble. The targeted attacks crafted by businesslike hackers are likely to hit harder.

More stories on this topic

"In the last year, we have seen a dramatic shift to hacking for financial gain," said Oliver Friedrichs, a senior manager at Symantec Security Response. "The benefit of creating a widespread worm on the Internet has really been superseded by the potential of monetary gain."

Though the shift could mean the end of big worms like last year's Sasser, it still spells trouble. The targeted attacks crafted by businesslike hackers can hit individuals and organizations harder--and in the pocket, rather than just in the PC.

There is an underground market. A hacker who finds a way to exploit a security hole in Windows could earn up to $1,000, or much more if the hole is not yet known to Microsoft or anyone else, said Dmitri Alperovitch, a research engineer at security vendor CipherTrust.

That flaw could then be used to hijack PCs. These compromised systems, called zombies, can then be used to relay spam, to host malicious Web sites or to launch denial-of-service attacks--at a price. Spammers, phishers and others who want to rent out a network of about 5,500 zombies typically pay about $350 a week, according to security company Symantec.

These zombie networks, known as "botnets," are sometimes used to extort companies, who are threatened with a denial-of-service onslaught aimed at hurting their business. British online payment processing company Protx went offline after an attack and was warned that problems would continue unless a $10,000 payment was made, according to a recent report in The New York Times.

The FBI has also seen an increase in hacking for money. "We have seen a rise in the cases where the motivation appears not just to be for purposes of bragging in chat rooms, but to actually profit financially," said FBI spokesman Paul Bresson.

Underground markets for selling credit card numbers, software vulnerabilities or renting out botnets are also on the rise, he said. "We're seeing a lot more of that today then we ever have," Bresson said.

New breed
As the motive of those involved has changed, so has their profile, Symantec's Friedrichs said. "In the past, they were teenagers or others who did it to gain notoriety. Today's hackers are white-collar criminals and criminals in foreign countries," he said.

Among that group, though, are coders who realized that they could take the hobby they had for years and turn it into a profitable business, CipherTrust's Alperovitch said. "Unless they are really good at it, they probably won't become millionaires. But it is a good side business," he said.

The change has been accompanied by an increasing ingenuity in crafting attacks. Phishing scams, for example, are becoming aimed at smaller groups of victims. Also, companies are being targeted with Trojan horses meant to get access to corporate networks or to enable industrial espionage.

"The deception techniques are getting better, and the payload is also getting more sophisticated," said Dan Hubbard, a senior director at Websense, a San Diego, Calif.-based security vendor. "As more money gets made, the attacks get more sophisticated."

All this means that stakes are higher for individuals and for businesses whose systems suffer an attack. With a worm, they might have had to apply a patch or reinstall a PC. With financially motivated threats, victims could have sensitive corporate information or their identity stolen.

One fraud area seeing a rise in activity--and therefore, a likely lift in scam revenue--is phishing. These scams typically combine spam and fake Web pages that look like trusted sites to try to trick the victim into divulging sensitive information such as passwords or credit card numbers. The number of phishing e-mails tracked by IBM's Global Business Security Index reached an all-time high in May, the company said. It saw 9.14 million messages sent to its customers, up from a previous high of 7.7 million in January.

Credit card data sells for up to $100 per account, according to a report on the economy of phishing, released in June by San Francisco antispam provider Cloudmark. The price depends on how high the limit

CONTINUED:
Page 1 | 2

10 comments

Join the conversation!
Add your comment
System Intrusion - Think and Assess your Needs
The ever growing problem of network and computer intrusion has forced companies to take a harder look at how they treat their systems. No longer are the days of "hoping" that nothing would go wrong if you simply did nothing to protect assets. Instead companies, now more then ever, are working to actively deter hackers and malicious code. Implementation of more advanced firewalls, IDS and monitoring and filtering software are working to prevent the outsiders from entering and those on the inside from taking advantage of their position within the security of the network. Its the responsibility of those working in the IT field to place security at the top of their list of considerations when designing and implementing systems. Placing huge walls or cutting your company off from the rest of the world arent solutions. Taking time to weight the pros and cons of security productions and methods and making the best decision based on the level of security you need are important steps all companies should take.
Posted by (5 comments )
Reply Link Flag
System Intrusion - Think and Assess your Needs
This looks like a brochure.
Posted by (9 comments )
Link Flag
Holy cow, this is irresponsible.
I've read the article over twice, and I have yet to see one shred of evidence that supports almost everything claimed in this article, other than the word of a series of vendors that claim this. Aside from the publicized Israeli companies, they claim quite a bit without any real evidence. Frankly, their opinions, tainted not only by their desire to sell products and services, not to mention their companies resounding past failures in the security arena, makes their claims suspect.

Not once did the reporter produce any evidence other than what they said. No contact to law enforcement to back up anything that was said.

Aside from this, the term "hacker" appears to have changed (and no, I'm not debating hacker vs. cracker). In the past it was considered someone who used technical means to circumvent security. By their definition, it's someone who sends an email from a bogus address, or establishes a server front end to gather information from the very, very gullable. By this definition, any spammer could be considered a "Hacker". This being the case, the author and indeed the companies portrayed here show their ignorance of security, IT, and in general, the subjects that they're speaking of.

Their ignorance, combined with their commercial interests make this one of the most suspect articles written by an amateur I have seen on C/Net for quite some time, and that's saying a lot.
Posted by (9 comments )
Reply Link Flag
Had exactly the same thoughts...
Also, nothing new gets added, just recycling old news.
Must be a slow day at c|net...
Posted by Steven N (487 comments )
Link Flag
Bravo!
Right on!
Posted by Mister C (423 comments )
Link Flag
State Sponsored Hacking
Not to be overlooked is the considerable amount of State sanctioned/sponsored hacking. I've detected a fair number of intrusion attempts hitting my router from China. Given that China has a complete lockdown on their citizen's use of the Internet -- access control, logging everything everywhere, they are not oblivious to what is going on. Which either means they don't care, as long as other countries are hacked and not China itself, or they are actively sponsoring this activity to engage in espionage, theft, or disruption of other countries' infrastructure. I'd like to see CNET do a future story on what our "friendly" trading partners are doing to us, and what governemnt officials from agencies like Homeland Security have to say about it.

Examples of attacks:
Jul 06, 2005 20:37:31.671 UTC - (UDP) 222.136.251.125 : 49451
Calendar Protocol
descr: CNCGROUP Henan province network
descr: China Network Communications Group
descr: Beijing 100031

Jul 06, 2005 20:25:43.687 UTC - (UDP) 210.74.232.191 : 1261
SQL Slammer Worm
descr: Shanghai Global Network Co.,Ltd
descr: No.111 Zhongshan South Road


Jul 06, 2005 19:42:50.093 UTC - (UDP) 218.23.142.22 : 3987
SQL Slammer Worm
descr: CHINANET Anhui province network
descr: Data Communication Division
descr: China Telecom


Keith
www.techcando.com
Posted by Stating (869 comments )
Reply Link Flag
State Sponsored Hacking
..I don't think that this is really true.

Keep in mind, they're behind content filters, not firewalls. Being infected by a worm, and it spreading over to here isn't neccisarily state sponsored hacking.

Remember, China has an enormous software piracy economy. Patches generally aren't available to a lot of these people. How many of these are coming from China? How about Brazil? Pakistan? Any other countries?

Besides, if it were state sponored hacking, don't you think they'd give them something a little better than a 4 year old worm to do it with?
Posted by (9 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.