Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Attacks Increasingly Motivated By Greed

Posted by CmdrTaco on from the money-money-money-monaaaay dept.

earthstar writes "E-commerce has emerged as the "single most targeted industry" according to the latest Internet Security Threat Report from security software provider Symantec, with hackers now appearing to be motivated by economic gain rather than notoriety. "We're seeing an increase in profit-motivated attacks," says Vincent Weafer, senior director of Symantec's virus research team. Also in Information week"

28 of 145 comments (clear)

  1. In other news. by Anonymous Coward · · Score: 5, Insightful

    It was discovered recently, that majority of activities of humans are driven by economic gain ...

    1. Re:In other news. by savagedome · · Score: 5, Insightful

      Absolutely. Nothing in this article except another futile observation passed on as a study.

      If it contains money, they will come. Nothing new here. It has always been like that through the history of humankind. People used to keep money in the form of gold and *they* came. People started keeping money with their head of village and *they* came. People put the money in lockers/safes and *they* came. People started using banks and *they* came. Now people are using the web to store/trasnfer money and *they* are here.

      --


      Free XBox, PS2
    2. Re:In other news. by tomhudson · · Score: 3, Insightful

      ... as if Symantec's activities aren't motivated by economic gain? Seems to me that Symantec needs virus writers, and that Symantec makes more $$$ than all the virus writers put together.

    3. Re:In other news. by Tim+C · · Score: 4, Insightful

      Nevermind "economic", the majority of human activities are gain driven, whether it be monetary, sexual, power/prestige/social standing or whatever.

      --
      It's official. Most of you are morons.
    4. Re:In other news. by bamm · · Score: 2, Insightful

      I am not sure why everyone seems to be slamming the author of the article for being a "Master of the Obvious". Probably because much (all) of the content comes from the FUD farm called Symantec. If this study is true, then I would admit that this change is significant. No, it doesn't take a genious to figure out that hackers/crackers would shift from owning systems 'just to own them', to owning systems for economic gain. However, it is still very important to identify when then trend changes , as it impacts the threat variable which a companies risk is calculated on.

      For those of you who aren't sure how risk should be calculated, let Batman help you.

      --
      www.sguil.net
      The Analyst Console for NSM
  2. the way it always works by Anonymous Coward · · Score: 2, Insightful

    This is the equivalent of the pinhead bosses for attackers. The creative ones lead the way and did something interesting (though morally problematic) by working out attack strategies. Now the PHB-equivalents come in and focus solely on lining their pockets. Yawn.

  3. Trickle down Hacking by Anonymous Coward · · Score: 4, Insightful

    Hacking (despite what the movies tell you) has more often than not had a profit motive. From people screwing around with banks, to corps trying to get info on their competitors ect...

    It seems now though more and more of the stupid amateurs are trying to get in on the Hacking for Fun & Profit gig.

    1. Re:Trickle down Hacking by Savage-Rabbit · · Score: 3, Insightful

      "It seems now though more and more of the stupid amateurs are trying to get in on the Hacking for Fun & Profit ..."

      And unfortunately it seems to be working. This little beast should be locked up, or at least made liable for damages. As is he will probably get a very lenient sentence which translates getting off more or less scot free. Let's just hope enough of his victims sign up to ensure that he will spend a long while paying off the price of his little joke. If the norm for virus authors becomes a slap on the wrist in court closely followed by a fat job offer and not having to pay any substantial damages we are in for a Noah's flood of these idiots.

      --
      Only to idiots, are orders laws.
      -- Henning von Tresckow
  4. In other news... by Anonymous Coward · · Score: 4, Insightful

    people have two legs! seriously, why was this posted? really, does taco have nothing better to post? quizzes about staplers and aol policies. YAWN! man, this site's goin downhill

  5. Ha! by StevenHenderson · · Score: 3, Insightful
    "We're seeing an increase in profit-motivated attacks," says Vincent Weafer, senior director of Symantec's virus research team."

    Apparently Symantec's current marketing strategy wasn't working, so now they have to use profit-related scare tactics. "Vested interest" anyone?

  6. It's more than just security... by blcamp · · Score: 4, Insightful

    "Companies using e-commerce also retain a lot of data about customers, account numbers and personal information, and a lot of smaller businesses conducting transactions online don't put the money into security, so they become easy targets," said Donovan.

    According to Donovan, many small businesses still do not have an "appropriate level of security".

    The larger problem is that many small business do not have an appropriate level of *clues* about security.

    Small business owners that are not tech-savvy are no better off than the average Joe Six-Pack that gets on the internet. Most unfortunately wouldn't know what it means to update your anti-virus/malware/spyware signatures, much less do it. By the time they do finally call for tech support their network and much of their IT assets, have been 0wn3d.

    --
    The problem with socialism is that they always run out of other people's money. - Margaret Thatcher
  7. Re:Payoff by lachlan76 · · Score: 2, Insightful

    Well, any investigation will probably be a lot faster and more thorough if there's money involved than if someone just gets root access and leaves.

    Most things people do are for money. Sex too, but if you can hack, you're already precluded from the latter ;)

  8. Stats? oh. by wombatmobile · · Score: 4, Insightful

    .

    "We have seen a pretty rapid shift in the style of threats by hackers as they focus more on key-logging and phishing scams for financial gain," he said.

    Oh really? Is Symantec able to quantify an increase in the number of "hackers seeking financial gain" that would qualify the headline of the article? I don't see any stats.

    "Companies using e-commerce also retain a lot of data about customers, account numbers and personal information, and a lot of smaller businesses conducting transactions online don't put the money into security, so they become easy targets," said Donovan.

    Oh. So businesses should give money to Symantec, right?

  9. The article is lacking in a lot of detail by antifoidulus · · Score: 1, Insightful

    I mean are these people like convience store robbers or jewel thieves? Convience store robbers are thieves of opportunity, they just see a place that seems vunerable and hit it. Do the attackers just release exploits out into the wild(or just use other peoples exploits) and see what sticks?
    Or are they more along the lines of jewel thieves, carefully staking out their victim and carefully planning their heist. My guess is that they are more like the former than the latter, but the study doesn't really say much.

    --
    Monstar L
  10. What is amazing ... by WindBourne · · Score: 4, Insightful

    is that this is purely about money. And yet it is IIS and MSIE that are targeted, not Apache and *nix. I guess that must be becuase IIS has the vast majority of the market and therefor the money folks go for the larger number of machines.

    --
    I prefer the "u" in honour as it seems to be missing these days.
  11. Another side effect of the .crash by qbzzt · · Score: 5, Insightful

    Five years ago, if you were l33t (= had a few technical skills you could show off), you could work for a .com and get big bucks just for showing up. Now that most .coms are .deads, getting money for technical skills is harder.

    It makes sense that as legit jobs are harder to get, some people, especially those who got addicted to the easy money, will look for non legit work.

    --
    -- Support a free market in the field of government
  12. GREED! by Prince+Vegeta+SSJ4 · · Score: 3, Insightful

    Greed, for lack of a better word, is good. Greed is right. Greed works. Greed clarifies and cuts through and captures the essence of evolutionary spirit. Greed in all of its forms, greed for caffein, for FLOPS, for frags, knowledge has marked the upward surge of mankind. And greed, you mark my words, will not only save OSS, but that other malfunctioning corporation called Microsoft.

  13. A sad sign of maturity for e-commerce by wheelbarrow · · Score: 3, Insightful

    This has been the way of things since the beginning of time. For each accomplishment that results from hard work, inventiveness, and bonds of trust there is a group of free loading dirt bags that will exploit it's weaknesses for selfish gain.

    E-Commerce is big enough now to attract the attention of criminals. I suppose that's an expected milestone for E-Commerce. The cowboy days of fast progress in an arena of trust and goodwill are over.

  14. Newsflash: by justforaday · · Score: 4, Insightful

    Symantec is releasing daily reports, apparently motivated by economic gain.

    --
    I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
  15. Re:Curiosity.... by Anonymous Coward · · Score: 0, Insightful

    Curiosity... the gateway drug?

  16. Online fraud... helping Linux/OSS adoption? by terrencefw · · Score: 4, Insightful
    As the owner of an online store (see .sig), I get to see the nasty end of online fraud more often than the average Joe.

    I get at least one purchase made by a stolen card every week, and in some instances I've been able to trace the owner of the card details.

    In every single case, they've told a tale of how their PC got trojaned a few weeks back and they had to get it cleaned up. They're always quite shocked to learn of the real effects of what happened. Up until then, they just see it as an inconvenience and something you just have to put up with once in a while, like unblocking the kitchen sink.

    Sometimes though, they review their credit card statements and find other small purchases that they're overlooked, then realise that they had been screwed little by little over a long period.

    In every case, they've been more than happy for me to send them a copy of TheOpenCD or Knoppix so they can either install Moz or use Linux at least for their online stuff.

    The recent activities of the botnet barons and phishers have certainly caught the attention of the mainstream press though, which is great publicity.

    --
    Like tinyurl, but one letter less! http://qurl.co.uk/
  17. Re:Wake up and smell the coffee by McComas · · Score: 2, Insightful

    You're point is well taken and I am not going to challenge it, but I think I know why the mainstream media would make a big deal out of an insipid story like this. It involves the perception of hackers as highly motivated by notoriety, a perception that the hacking community brings upon itself.

    Many hackers try to justify their activities (to judges, the media, their parents) by suggesting that:

    -They weren't going to harm anything, just see if they could do whatever it was they were attempting.
    -They were doing a service by exposing vulnerabilities.
    -They were just joyriding.
    I think that these justifications have never sat well with established technophobes, thus we have spurious articles like these trying to paint all hackers with the same brush.

  18. Security company reports attacks? duh by StM.Rawder · · Score: 1, Insightful

    Of course Symantec is going to put out reports stating that attacks of some sort are on the rise. Its what they do. But as others have posted here, I dont see any stats. Most of the time these things are all marketing bs - I mean say that the total percentage of haxx0r crime has really dropped, but that the profit motivated atttacks have risen (even though the total crime has dropped!) - which will Symantec report to you? They will never say that Haxx0ring has declined. Will that make them money?

    --

    ---
    My sig was stolen - the insurance company replaced it with this one.
  19. Security Articles Increasingly Motivated By Greed by m1kesm1th · · Score: 3, Insightful

    earthstar writes "Fear among pc users has emerged as the "single most targeted industry" according to the latest opinions from IT users with news releases by security software provider Symantec now appearing to be motivated by economic gain rather than information. "We're seeing an increase in profit-motivated attacks," says Area man. Also in Information week"

  20. wearing a tinfoil cap by dpilot · · Score: 2, Insightful

    How about them there Evil Terrororists?

    Hide your messages in spam with steganography and broadcast them. This way, traffic-flow-based techniques won't work.

    By this premise, the DHS has a valid and critical reason to go after spam and zombies.

    --
    The living have better things to do than to continue hating the dead.
  21. Re:That's why... by arose · · Score: 3, Insightful

    So the guy tries to change the use, get over it.

    --
    Analogies don't equal equalities, they are merely somewhat analogous.
  22. No "Economic Gain" Here by IAmMaxHarris · · Score: 3, Insightful

    It's wrong to use a phrase like "economic gain" to describe the money stolen through criminal actions like fraud and extortion. People who do this are destroyers of economic value, not creators of it.

  23. Self-Administration Needed by ObsessiveMathsFreak · · Score: 2, Insightful

    The problem with computer security, with windows PCs in paticular, is that the OS administration is still designed with the expectation that the PC resides on a token ring network with no net connection, or one that goes through a Unix mainframe. Currently all operating systems seem to expect a sysadm to be a phone call away in order to be updated, patched and administered.

    This is clearly unrealistic. We already know that this expectation coupled with the obvious lack of systems administrators for lone PCs, has lead to a great many slashdotter being the de facto sysadm for their friends and family. Clearly this solution falls on its ass when faced with PC owners with no such tech head to call upon. These PCs are probobly doomed to become spam zombies or to take part in DDOS attacks.

    It's 2004, not 1984. Most PCs will likely never even be looked at by someone who can admisister them. I'm not just talking about patching and updating virus scanners. What about simple tasks like defragging? Does anyone really think that Aunt Tilly will defrag her PC? What about firmware updates?

    At this point PCs should support self administration and self diagnostic and repair. Before you laugh me out off the board, I know that feeble attempts at this have failed miserablely(Windows autoupdate, system restore). But in the age where four year olds, business students, lawyers and Aunt Tillies everywhere are using broadband connected PCs and haven't a clue how to keep them up and running, it's either MUCh better selfadm or you and I will have to become fulltime sysadms.

    --
    May the Maths Be with you!