Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Attacks Increasingly Motivated By Greed

Posted by CmdrTaco on from the money-money-money-monaaaay dept.

earthstar writes "E-commerce has emerged as the "single most targeted industry" according to the latest Internet Security Threat Report from security software provider Symantec, with hackers now appearing to be motivated by economic gain rather than notoriety. "We're seeing an increase in profit-motivated attacks," says Vincent Weafer, senior director of Symantec's virus research team. Also in Information week"

15 of 145 comments (clear)

  1. Curiosity.... by Himring · · Score: 5, Interesting

    Many "kiddies" start out to "see what they can see" and end up stumbling upon something they perceive as serendipitous: a database of credit card numbers, a company's financial statements, etc. Once just curious, they "see green" and the gears start churning. Before too long they are making purchases with credit card numbers not theirs and/or they're trying to threaten/extort/blackmail a company into paying them money so they'll not release some damning information they've uncovered.

    So for those who advocate the freedom to "see what I can see" take note of the small leap toward real criminal behavior....

    --
    "All great things are simple & expressed in a single word: freedom, justice, honor, duty, mercy, hope." --Churchill
  2. It's what happens when hackers go legit by Progman3K · · Score: 2, Interesting

    When you're young and living in the basement of your parents, you can create network disruptions for fun, but when you get older and move out, you have bills to pay.

    So you get a job, naturally, with your skillz, the people willing to hire you aren't exactly altruistic.

    --
    I don't know the meaning of the word 'don't' - J
    1. Re:It's what happens when hackers go legit by Progman3K · · Score: 2, Interesting

      I figure it's a lot like gravity, Paul.

      You gravitate towards what you're attracted to (hacking) and the more you run in those circles, the more there'll be people there to exploit you.

      It's too bad hackers (should I be using the term "crackers", really?) don't have a highly-developed sense of ethics.

      Like other scientists, they end up making tools that can be used to harm people, but maybe a combination of factors makes them even LESS ethically pre-occupied than most scientists.

      If you can indeed call hacking a science... Maybe it's more of a craft. I don't know really.

      --
      I don't know the meaning of the word 'don't' - J
  3. Re:In other news. by Jakhel · · Score: 4, Interesting

    Infamous bank robber Willie Sutton was finally nabbed after his illustrious 30+ year career of theft and prison breaks. When asked by reporters why he chose to continue robbing banks after being incarcerated several times, he replied 'because that's where the money is'. Go figure, criminals committing crime for financial gain. Who woulda thunk it.

  4. Money vs. FXP by Sheepdot · · Score: 5, Interesting

    I disagree entirely with the conclusions the media proposes on a regular basis. I suppose being a moderator of a "script kiddie" security forum (or so it has been called by those that don't like our audience) at www.governmensecurity.org means that I'm out of the loop as to what true hackers are doing.

    The reality is that North and South American hackers are primarily motivated to participate in FXP, or file-sharing using their compromised computers. Russian hackers work with US companies to sell spam drones. German hackers do a mix of both but mainly use their computers to compromise more. Canadians DDoS other hackers. I don't intend to generalize, but it is important to note that the primary objective here is *still* file sharing.

    Sites like www.packetnews.com and the like have XDCC searches that help people find free software, like Sims2 the week it comes it. Some movies come out before they are in theatre. I remember seeing Mr. Deeds a month before it came out and Signs about two weeks before it came out.

    You don't get that kind of dedication from most hackers. In fact, I would venture to guess that the Russian groups that are doing the majority of the spambot installations have one or two knowledgable people in them, and that is essentially it. The others that work with them are just trying to siphon money. Still, there are a good deal of them with 0-day IE exploits, but unfortunately they haven't been well to adapt to one of the changes Microsoft made blocking an easy way to get files to your computer.

    Now, if these guys were bright, they'd keep using the same method and just change the registry so that they can use that method. But it would appear that they don't know how to do that. SP2 also seems to be causing some trouble.

  5. Profit by way of spam relays perhaps by Maestro4k · · Score: 4, Interesting
    It's still profit motivated but judging by all the news of late, not to mention the number of spams coming from open (generally zombified PC) relays I'd say the number one motivator for attack is to gain new machines to use to shove spam through.

    It's not just attacks though, seems nearly every security threat (worms, viruses, hacking attempts, etc.) are all converging on one overriding purpose -- SPAM!!! Someone hacked your server? They've probably installed a trojan that makes it a zombie spam relay. User clicked on the blatantly obvious virus in their E-mail and infected their system? It's now a zombie spam relay. Worm managed to get into an unpatched system? Yay, another zombie spam relay!

    Even a few years back I felt a lot of hacking and virii/worms were caused by script kiddies playing with hackers tools they found online. Nowadays it's starting to look incredibly organized and methodical. It makes you wonder who's really behind the whole thing. It's getting to be far too orderly (from a spam relay acquiral front particularly) to just be lots of independant greedy folks with no morals trying to make a quick buck. Not to sound like I'm wearing a tinfoil cap but I'd say it's a fair bet that organized crime has moved into the arena and taken charge behind the scenes.

    1. Re:Profit by way of spam relays perhaps by babybird · · Score: 2, Interesting

      This began a few years ago, and yes you're right, it is organized crime. The biggest involvement that I've seen has been in the form of organized crime in Russia, although there are smaller players in Romania, Turkey and Greece (and of course scattered all over the globe, but these groups seem most active and collaborative in nature). Russian organized crime in particular has been involved in spam zombies for years now, and they're also involved quite heavily in child pornography rings around the world, and I would suspect plenty of other lovely things like that.

      It's a big issue with a lot of factors at play, and the organized crime aspect has been on my mind a lot for the past few months as kind of a mental exercise, but I haven't really sat down and thought it all through yet. There's *something* to it but I just can't put it in words yet.

      --
      Keith D.
  6. Re:What is amazing ... by antifoidulus · · Score: 1, Interesting

    From TFA:
    "We're seeing an attempt in exploiting Linux environment and as it becomes more widely deployed it will become more of a target," he said

    --
    Monstar L
  7. Linux by ZeroExistenZ · · Score: 2, Interesting

    Now we'll finally see if Linux is as hackproof and bugfree afterall.

    This is free for interpretation.

    --
    I think we can keep recursing like this until someone returns 1
  8. Helllloooo???? by Pig+Hogger · · Score: 5, Interesting
    Could there be a relation to the fact that IT jobs are going into the crapper????

    When times are good, crime is not attractive. But when things are really doing bad, crime becomes more and more attractive...

  9. Wake up and smell the coffee by gtrubetskoy · · Score: 3, Interesting
    hackers now appearing to be motivated by economic gain rather than notoriety

    So in the past all these people who pay spammers to send out millions of e-mails every hour asking to "update your account", sign up for web hosting accounts to set up phishing sites with stolen credit card numbers, extort money from companies by threatening DOS attacks, set up vast networks of zombies... ...were motivated by notoriety???

  10. Now that cracking has a business model... by Dr.+Manhattan · · Score: 4, Interesting
    A few dacades back, some paelontologists thought the dinosaurs were killed by plagues that the little mammals were fortuitously immune from. That theory has fallen into disfavor, but I wonder these days if that pattern might actually play out with Windows vs. Linux/Mac/etc.

    Now that there's (at least apparently) a viable business model for cracking machines, I think maybe Windows, which is fundamentally unsecurable partly by design and partly by historical practice Microsoft can't/won't break from, will just get overwhelmed. Certainly most of the home Widnows computers I run into have at least one spyware infection, and some are so infested as to be unusable.

    Of course, in nature the really virulent pathogens tend to evolve into less nasty forms - killing off all your hosts is not a good long-term strategy. The spyware and zombie bots might become less overtly intrusive and more 'asymptomatic'. Imagine the future of computing... most computers carry some 'viral load' more or less constantly... [shudder].

    --
    PHEM - party like it's 1997-2003!
  11. Linux under attack, sez Symantec by SysKoll · · Score: 4, Interesting
    Quoteth the ZDNet article: Donovan predicts that phishing and spam will increase by the next report, and open-source software, such as Linux, will become a bigger target on the hacker agenda.

    "We're seeing an attempt in exploiting Linux environment and as it becomes more widely deployed it will become more of a target," he said.

    Oh really? Donovan being the Director of Symantec, this means his company is seeing exploits on Linux?

    That's front page news. Who? Where? What vuln? Which distro?

    Or do you mean "we think we will see"? That's not quite the same thing, Sym-boy. Careful with that FUD gun, will ya. You're gonna shoot your other foot too.

    Then again, if you think of it, companies like Symantec are part of the vast cottage industry that popped up for the sole purpose of plugging the leaks of Windows. The last thing they need is more Linux boxes around. Hence the FUD.

    --

    --
    Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/

  12. virus scanning like using a condom with a hole by codepunk · · Score: 2, Interesting

    All of this virus scanning stuff is like using
    a condom with a hole in it. I cannot even remember the number of owned machines I have fixed the last couple of months with a virus scanner installed and sitting behind a firewall. In nearly every case the machines are being exploited through the browser or preview in outlook. I run a virus scanner on a system now as a initial pass but then go to the process list to see how many bots are running on the machine collecting and sending data.

    If enjoy sharing your credit card information with internet vandals keep using Windows and Internet Explorer.

    --


    Got Code?
  13. In OTHER other news. by Artifakt · · Score: 3, Interesting

    But the Dillenger gang sometimes took a break from robbing banks to knock over a police station or two. There wasn't much money there, but it was fun freaking out the cops. In WW2, the US organized crime syndicates turned down repeated financial incentives from the Overseas espionage division of Hitler's SS, with the arguement that they were patriotic American citizens, not saboteurs and Nazi stooges.

    --
    Who is John Cabal?