Slashdot Mirror
Security Attacks Increasingly Motivated By Greed
earthstar writes "E-commerce has emerged as the "single most targeted industry" according to the latest Internet Security Threat Report from security software provider Symantec, with hackers now appearing to be motivated by economic gain rather than notoriety.
"We're seeing an increase in profit-motivated attacks," says Vincent Weafer, senior director of Symantec's virus research team. Also in
Information week"
It was discovered recently, that majority of activities of humans are driven by economic gain ...
...being a l337 hax0r isn't good enough for some people.
tasks(723) drafts(105) languages(484) examples(29106)
This is the equivalent of the pinhead bosses for attackers. The creative ones lead the way and did something interesting (though morally problematic) by working out attack strategies. Now the PHB-equivalents come in and focus solely on lining their pockets. Yawn.
Hacking (despite what the movies tell you) has more often than not had a profit motive. From people screwing around with banks, to corps trying to get info on their competitors ect...
It seems now though more and more of the stupid amateurs are trying to get in on the Hacking for Fun & Profit gig.
...they are called crackers, not hackers.
Many "kiddies" start out to "see what they can see" and end up stumbling upon something they perceive as serendipitous: a database of credit card numbers, a company's financial statements, etc. Once just curious, they "see green" and the gears start churning. Before too long they are making purchases with credit card numbers not theirs and/or they're trying to threaten/extort/blackmail a company into paying them money so they'll not release some damning information they've uncovered.
So for those who advocate the freedom to "see what I can see" take note of the small leap toward real criminal behavior....
"All great things are simple & expressed in a single word: freedom, justice, honor, duty, mercy, hope." --Churchill
If your gonna hack nowadays, its MUCH more likely you will be caught.
Might as well make it worth your while.
liqbase
Not really news. Spammers hijack a PC in China, then hack peoples PCs to deliver spam. Seems kike theyy have been doing this for a few years now...
Old news.
1-[insert crime] 2-?? 3-Profit
It sounds like Texas style accounting has come to hacking. Any thing goes.
I prefer the "u" in honour as it seems to be missing these days.
Is it Obvious Day on /. or am I just crazy?
I'm in the hole of the broadband donut.
Even money... why do we all want money? To impress chicks! It's all about sex...
www.weberseite.at
They want to be a r1c|-| 1337 h4x0r.
people have two legs! seriously, why was this posted? really, does taco have nothing better to post? quizzes about staplers and aol policies. YAWN! man, this site's goin downhill
Apparently Symantec's current marketing strategy wasn't working, so now they have to use profit-related scare tactics. "Vested interest" anyone?
Is this going to, or has this, resulted in more virii that are driven by financial gain?
It'll be interesting to see the move towards LInux/Mac if(when??) that happens..
Other than that, Mrs Lincoln, how did you enjoy the play?
"Companies using e-commerce also retain a lot of data about customers, account numbers and personal information, and a lot of smaller businesses conducting transactions online don't put the money into security, so they become easy targets," said Donovan.
According to Donovan, many small businesses still do not have an "appropriate level of security".
The larger problem is that many small business do not have an appropriate level of *clues* about security.
Small business owners that are not tech-savvy are no better off than the average Joe Six-Pack that gets on the internet. Most unfortunately wouldn't know what it means to update your anti-virus/malware/spyware signatures, much less do it. By the time they do finally call for tech support their network and much of their IT assets, have been 0wn3d.
The problem with socialism is that they always run out of other people's money. - Margaret Thatcher
When you're young and living in the basement of your parents, you can create network disruptions for fun, but when you get older and move out, you have bills to pay.
So you get a job, naturally, with your skillz, the people willing to hire you aren't exactly altruistic.
I don't know the meaning of the word 'don't' - J
.
"We have seen a pretty rapid shift in the style of threats by hackers as they focus more on key-logging and phishing scams for financial gain," he said.
Oh really? Is Symantec able to quantify an increase in the number of "hackers seeking financial gain" that would qualify the headline of the article? I don't see any stats.
"Companies using e-commerce also retain a lot of data about customers, account numbers and personal information, and a lot of smaller businesses conducting transactions online don't put the money into security, so they become easy targets," said Donovan.
Oh. So businesses should give money to Symantec, right?Where do I sign, and where do I wait patiently for my turn?
I mean are these people like convience store robbers or jewel thieves? Convience store robbers are thieves of opportunity, they just see a place that seems vunerable and hit it. Do the attackers just release exploits out into the wild(or just use other peoples exploits) and see what sticks?
Or are they more along the lines of jewel thieves, carefully staking out their victim and carefully planning their heist. My guess is that they are more like the former than the latter, but the study doesn't really say much.
Monstar L
This is just payback for all the hackers that became day-traders a few years ago. Now, stock brokers are trying their hands at hacking....
is that this is purely about money. And yet it is IIS and MSIE that are targeted, not Apache and *nix. I guess that must be becuase IIS has the vast majority of the market and therefor the money folks go for the larger number of machines.
I prefer the "u" in honour as it seems to be missing these days.
I disagree entirely with the conclusions the media proposes on a regular basis. I suppose being a moderator of a "script kiddie" security forum (or so it has been called by those that don't like our audience) at www.governmensecurity.org means that I'm out of the loop as to what true hackers are doing.
The reality is that North and South American hackers are primarily motivated to participate in FXP, or file-sharing using their compromised computers. Russian hackers work with US companies to sell spam drones. German hackers do a mix of both but mainly use their computers to compromise more. Canadians DDoS other hackers. I don't intend to generalize, but it is important to note that the primary objective here is *still* file sharing.
Sites like www.packetnews.com and the like have XDCC searches that help people find free software, like Sims2 the week it comes it. Some movies come out before they are in theatre. I remember seeing Mr. Deeds a month before it came out and Signs about two weeks before it came out.
You don't get that kind of dedication from most hackers. In fact, I would venture to guess that the Russian groups that are doing the majority of the spambot installations have one or two knowledgable people in them, and that is essentially it. The others that work with them are just trying to siphon money. Still, there are a good deal of them with 0-day IE exploits, but unfortunately they haven't been well to adapt to one of the changes Microsoft made blocking an easy way to get files to your computer.
Now, if these guys were bright, they'd keep using the same method and just change the registry so that they can use that method. But it would appear that they don't know how to do that. SP2 also seems to be causing some trouble.
1. Outsource all IT jobs.
2. ???
3. An army of angry, unemployed zombie hackers!
"It's too bad that stupidity isn't painful." - Anton LaVey
It's not just attacks though, seems nearly every security threat (worms, viruses, hacking attempts, etc.) are all converging on one overriding purpose -- SPAM!!! Someone hacked your server? They've probably installed a trojan that makes it a zombie spam relay. User clicked on the blatantly obvious virus in their E-mail and infected their system? It's now a zombie spam relay. Worm managed to get into an unpatched system? Yay, another zombie spam relay!
Even a few years back I felt a lot of hacking and virii/worms were caused by script kiddies playing with hackers tools they found online. Nowadays it's starting to look incredibly organized and methodical. It makes you wonder who's really behind the whole thing. It's getting to be far too orderly (from a spam relay acquiral front particularly) to just be lots of independant greedy folks with no morals trying to make a quick buck. Not to sound like I'm wearing a tinfoil cap but I'd say it's a fair bet that organized crime has moved into the arena and taken charge behind the scenes.
Enron and many other companies have been seen to steal money from innocent citizens. Flying directly in the face of previous accounts that said this was for charitable purposes, accounts are now saying that these deeds were based strictly on greed.
Crime = greed? Wow! that is news.
Now we'll finally see if Linux is as hackproof and bugfree afterall.
This is free for interpretation.
I think we can keep recursing like this until someone returns 1
Five years ago, if you were l33t (= had a few technical skills you could show off), you could work for a .com and get big bucks just for showing up. Now that most .coms are .deads, getting money for technical skills is harder.
It makes sense that as legit jobs are harder to get, some people, especially those who got addicted to the easy money, will look for non legit work.
-- Support a free market in the field of government
Greed, for lack of a better word, is good. Greed is right. Greed works. Greed clarifies and cuts through and captures the essence of evolutionary spirit. Greed in all of its forms, greed for caffein, for FLOPS, for frags, knowledge has marked the upward surge of mankind. And greed, you mark my words, will not only save OSS, but that other malfunctioning corporation called Microsoft.
That's it, i'm preparing my "Will hack for food" sign right now.
Does this really shock anyone with the economy is a whole being in the dumpster and with tech jobs being so scarce since the dot com crash?
I think this will continue for some time...
This has been the way of things since the beginning of time. For each accomplishment that results from hard work, inventiveness, and bonds of trust there is a group of free loading dirt bags that will exploit it's weaknesses for selfish gain.
E-Commerce is big enough now to attract the attention of criminals. I suppose that's an expected milestone for E-Commerce. The cowboy days of fast progress in an arena of trust and goodwill are over.
Symantec is releasing daily reports, apparently motivated by economic gain.
I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
When times are good, crime is not attractive. But when things are really doing bad, crime becomes more and more attractive...
So in the past all these people who pay spammers to send out millions of e-mails every hour asking to "update your account", sign up for web hosting accounts to set up phishing sites with stolen credit card numbers, extort money from companies by threatening DOS attacks, set up vast networks of zombies... ...were motivated by notoriety???
Now that there's (at least apparently) a viable business model for cracking machines, I think maybe Windows, which is fundamentally unsecurable partly by design and partly by historical practice Microsoft can't/won't break from, will just get overwhelmed. Certainly most of the home Widnows computers I run into have at least one spyware infection, and some are so infested as to be unusable.
Of course, in nature the really virulent pathogens tend to evolve into less nasty forms - killing off all your hosts is not a good long-term strategy. The spyware and zombie bots might become less overtly intrusive and more 'asymptomatic'. Imagine the future of computing... most computers carry some 'viral load' more or less constantly... [shudder].
PHEM - party like it's 1997-2003!
I get at least one purchase made by a stolen card every week, and in some instances I've been able to trace the owner of the card details.
In every single case, they've told a tale of how their PC got trojaned a few weeks back and they had to get it cleaned up. They're always quite shocked to learn of the real effects of what happened. Up until then, they just see it as an inconvenience and something you just have to put up with once in a while, like unblocking the kitchen sink.
Sometimes though, they review their credit card statements and find other small purchases that they're overlooked, then realise that they had been screwed little by little over a long period.
In every case, they've been more than happy for me to send them a copy of TheOpenCD or Knoppix so they can either install Moz or use Linux at least for their online stuff.
The recent activities of the botnet barons and phishers have certainly caught the attention of the mainstream press though, which is great publicity.
Like tinyurl, but one letter less! http://qurl.co.uk/
Next, I guess we'll learn that Symantec produces anti-virus software for a profit.
"Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
We're seeing an increase in profit-motivated attacks,
You mean like Microsoft writing buggy and insecure software and then charging everyone for the next version where they claim everything is fixed?
You are in a maze of twisty little passages, all alike.
Seeing as how
I am Bennett Haselton! I am Bennett Haselton!
No, the ring-leaders were native texans.
Of course Symantec is going to put out reports stating that attacks of some sort are on the rise. Its what they do. But as others have posted here, I dont see any stats. Most of the time these things are all marketing bs - I mean say that the total percentage of haxx0r crime has really dropped, but that the profit motivated atttacks have risen (even though the total crime has dropped!) - which will Symantec report to you? They will never say that Haxx0ring has declined. Will that make them money?
---
My sig was stolen - the insurance company replaced it with this one.
"We're seeing an attempt in exploiting Linux environment and as it becomes more widely deployed it will become more of a target," he said.
Oh really? Donovan being the Director of Symantec, this means his company is seeing exploits on Linux?
That's front page news. Who? Where? What vuln? Which distro?
Or do you mean "we think we will see"? That's not quite the same thing, Sym-boy. Careful with that FUD gun, will ya. You're gonna shoot your other foot too.
Then again, if you think of it, companies like Symantec are part of the vast cottage industry that popped up for the sole purpose of plugging the leaks of Windows. The last thing they need is more Linux boxes around. Hence the FUD.
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
Up until last night, I was almost the same, except that I moved to a mac _from_ linux.
Last night I tried to port a Java application to my phone, and tonight I'll be installing Fedora Core under Virtual PC just to be able to write J2ME code.
Bah!
All of this virus scanning stuff is like using
a condom with a hole in it. I cannot even remember the number of owned machines I have fixed the last couple of months with a virus scanner installed and sitting behind a firewall. In nearly every case the machines are being exploited through the browser or preview in outlook. I run a virus scanner on a system now as a initial pass but then go to the process list to see how many bots are running on the machine collecting and sending data.
If enjoy sharing your credit card information with internet vandals keep using Windows and Internet Explorer.
Got Code?
earthstar writes "Fear among pc users has emerged as the "single most targeted industry" according to the latest opinions from IT users with news releases by security software provider Symantec now appearing to be motivated by economic gain rather than information. "We're seeing an increase in profit-motivated attacks," says Area man. Also in Information week"
How about them there Evil Terrororists?
Hide your messages in spam with steganography and broadcast them. This way, traffic-flow-based techniques won't work.
By this premise, the DHS has a valid and critical reason to go after spam and zombies.
The living have better things to do than to continue hating the dead.
And in other news, the barber told you it's time for a haircut.
Money makes people come?
You better watch out, there may be dogs about . .
Hmmm, crime is motivated by greed. I never would have guessed.
Yes, and oncologists need cancer victims. What's your point?
It's wrong to use a phrase like "economic gain" to describe the money stolen through criminal actions like fraud and extortion. People who do this are destroyers of economic value, not creators of it.
Jeff skilling born and raised in Texas
Ken lay was in texas since he was in 20's, but born in MO.
Richard A Causey was educated at UT-A (I believe that he is a true native)
This was a pure Texan-Style Accounting that goes for the easy marks.
*smirk*
-I am an elective eunuch.
The referenced site is unreadable because its ad server is overloaded. Now that's a denial of service attach.
But the Dillenger gang sometimes took a break from robbing banks to knock over a police station or two. There wasn't much money there, but it was fun freaking out the cops. In WW2, the US organized crime syndicates turned down repeated financial incentives from the Overseas espionage division of Hitler's SS, with the arguement that they were patriotic American citizens, not saboteurs and Nazi stooges.
Who is John Cabal?
... to see pure malice adulterated by greed.
The problem with computer security, with windows PCs in paticular, is that the OS administration is still designed with the expectation that the PC resides on a token ring network with no net connection, or one that goes through a Unix mainframe. Currently all operating systems seem to expect a sysadm to be a phone call away in order to be updated, patched and administered.
This is clearly unrealistic. We already know that this expectation coupled with the obvious lack of systems administrators for lone PCs, has lead to a great many slashdotter being the de facto sysadm for their friends and family. Clearly this solution falls on its ass when faced with PC owners with no such tech head to call upon. These PCs are probobly doomed to become spam zombies or to take part in DDOS attacks.
It's 2004, not 1984. Most PCs will likely never even be looked at by someone who can admisister them. I'm not just talking about patching and updating virus scanners. What about simple tasks like defragging? Does anyone really think that Aunt Tilly will defrag her PC? What about firmware updates?
At this point PCs should support self administration and self diagnostic and repair. Before you laugh me out off the board, I know that feeble attempts at this have failed miserablely(Windows autoupdate, system restore). But in the age where four year olds, business students, lawyers and Aunt Tillies everywhere are using broadband connected PCs and haven't a clue how to keep them up and running, it's either MUCh better selfadm or you and I will have to become fulltime sysadms.
May the Maths Be with you!
Isn't there a word for that? Oh yes. computer criminals maybe?
I did not expect the misuse of the hacker work here though.
Damn! Your url had a typo in it. Well, I'm guessing it was supposed to be http://www.governmentsecurity.org/ anyway.
So what are the trends coming from romanian hackers and middle-eastern hackers? I'm guessing the Romanians are pretty much in line with the Russians. But I've seen more activity coming from the middle-east in the past couple months. What are they primarily doing? Just trying to play havoc because of current political motivations?
You've pretty much nailed the other countries/regions from what I've seen myself, I'm curious as to your take on some others though.
Keith D.
Used to be a hacker made enough money at his day job to allow him to hack for fun and 1337dom at night. Now that his day job has been offshored he's forced to use his skillz to pay rent.
It was only a matter of time.
Veritas patesco per quaestio questio. Truth is revealed through questions.
http://shit.slashdot.org/article.pl?sid=04/09/21/1 224223
Because that is most certainly what is happening. You should have seen the discussions in the union groups before somebody pointed out that if we did THAT to the corporations, high tech unions would end up going the way of the IWW.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
It's kind of like hacking cars - taking off the muffler might have been fun for 15 minutes when you were 16, but everybody's heard it before and it just sounds like you did it because your muffler had rusted out anyway, so no sense annoying the neighborhood, and that 42-tune electronic horn widget had gotten old by 1980 and makes you look dorky, not retro. There's the occasional quasi-new hack, like the Bubb Rubb Car Whistle , but even that just invites people to break your car windows or spackle your muffler shut.
So all that 1337 h4x0rin's become just another day job, like stealing hubcaps for profit, or graffitiing telephone poles with signs about "Make Money Fast - call 1-800-SCAM-MER"; it's mostly taken over by automated systems or underpaid losers selling to spammers. If you want to have _fun_ hacking cars, you can just as well do legitimate things like make art cars or improve your gas mileage, and if you want to do 31337 on your computer, might as well do something interesting like write new software, or hunt down spammers, or at least find ways to hack MMORPGs so you can frag your friends.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
...and so is Symantec.
I was going to RTFA, but I think the title says it all. Considering the conflict of interest here. Thanks for playing. I'm going to ifdown eth0.
From the Journal of HeironymousCoward
Sig for sale or rent. One previous user. Inquire within.
well some folks do think money is sexy, yes.
Large print giveth, and the small print taketh away