By Tony Waltham
February 01, 2007
Bangkok, Thailand -- Local companies should offer to familiarize the
country's cyber police officers with their networks and assist in
security training, according to a Cisco Systems Internet security
Internet service providers (ISPs), banks and other institutions really
need to ''invest in their law enforcement officers,'' said Barry
Raveendran Greene of Cisco's SP Architecture and Engineering Group, who
was here to conduct two cyber security seminars.
Greene spoke of a huge shift that has taken place in Internet security,
which has seen organized crime such as extortion and fraud move into
cyberspace. He said extortion can manifest itself as distributed denial
of service (DDoS) attacks on a Web site or network, whereas ''click
fraud'' can rob a company of its online advertising budget in favor of a
competitor or generate money fraudulently from clicks.
He noted that a complex underworld economy, or ''miscreant economy,''
has sprung up--one which has its own business cycles, peaks after
criminals figure out a new way to make money, and dips once potential
victims collaborate and find ways to mitigate losses or protect
themselves. The weapons used are very often millions of home PCs that
have been turned into ''botnets'', which are used to attack Web sites,
send spam or generate fraudulent clicks.
Even the way computers are being taken over or co-opted into these
underworld robot armies, and the way they are being controlled is
changing in what Roland Dobbins of Cisco's SP and Enterprise Security
Division likened to an arms race.
Asked how large the miscreant economy might be, Greene said one report
had revealed that the amount of money made by the ''bad guys'' exceeded
the amount of money made by people selling software to fix it, such as
Symantec, McAfee, Trend Micro and others selling antivirus software.
The fundamental problem with cyber crime is that there are no physical
boundaries, such as doors or locks, peer-pressure or family pressure on
participants. Moreover, there are no laws to keep international online
criminal activity in check. He added that service providers were
impacted when their customers were victimized, although helping them to
protect themselves could be a service opportunity, he said.
Children using computers are now being targeted by organized crime as a
gateway into a home network of computers by infecting the Web sites they
visit, he said, adding that ISPs might be able to counter this by
offering a ''kids safe'' service.
There has been a change in attitude with law enforcement authorities,
and the arrival of organized crime on the Internet is something that law
enforcement agencies understood and knew how to deal with, Dobbins said.
Even so, hacking techniques are constantly being refined. In the past,
it used to be high-profile Web sites that were subjected to DDoS
attacks, particularly gambling and adult entertainment Web sites. But
today, perpetrators' focus has shifted to online traders.
Dobbins cited the example of an estimated half a million misconfigured
open recursion DNS servers on the Internet that could be exploited or
spoofed by criminal hackers to generate a flood of attacks that could
lead to denial of service. This is much harder to spot when compared to
a traditional DDoS attack using raw bandwidth.
Other new techniques include exploiting back-end application
vulnerabilities on a potential victim's Web site, such as lengthy
database transactions. Dobbins said DDoS attacks using bandwidth could
be easily monitored and steps taken to counter, whereas ''database
churn'' would be harder to spot with a traffic-based approach.
Subscribe to InfoSec News