AOH :: IS1827.HTM

Re: Cybercrime-as-a-service takes off




Re: Cybercrime-as-a-service takes off
Re: Cybercrime-as-a-service takes off



Forwarded from: Dave Dittrich 

> http://www.itnews.com.au/News/98524,cybercrimeasaservice-takes-off.aspx 
> 
> By Ry Crozier
> ITNews
> 12 March 2009
> 
> Malware writers that sell toolkits online for as little as $400 will 
> now configure and host the attacks as a service for another $50, a 
> security expert has said.
> 
> Speaking at the Vasco Banking Summit in Sydney yesterday, the 
> company's technical account manager, Vlado Vajdic, told delegates that 
> cyber crime was becoming so business-like that online offerings of 
> malicious code often included support and maintenance services.
> 
> Additionally, he said, cybercrime outsourcing would become a key trend 
> in 2009.

I'm sorry to have to burst the prediction bubble here, but this has been 
going on for several years.  I have maintained a web page on DDoS 
attacks since 1999. Search the page for the word "hire" and you will 
find several stories of cybercrime-as-a-service from 2005:

http://staff.washington.edu/dittrich/misc/ddos/ 

Specifically, start reading at page 15 of "U.S. v. James Jeanson 
Ancheta" and you will see an offering of malicious code, including 
support and maintenance services:

http://news.findlaw.com/hdocs/docs/cyberlaw/usanchetaind.pdf 

There are two other cases in the same section of the web page where the 
FBI successfully investigated and brought indictments on similar 
"DDoS-for-hire" cases. The other two do not involve selling the service 
to third parties (with support and maintenance), but do show that people 
have been paid to create/use botnets for financial crimes. When 
something makes it into the legal process, which means it is causing 
damages significant enough to justify application of the expensive legal 
process, I would say the trend has already been well established.

Note to reporters: When writing a story about predictions of future 
trends, check my web page first (or contact me directly) and see if the 
story is really new.

-- 
Dave Dittrich
dittrich (at) u.washington.edu
http://staff.washington.edu/dittrich 

PGP key http://staff.washington.edu/dittrich/pgpkey.txt 
Fingerprint  FE97 0C57 0843 F3EB 49A1  0CD0 8E0C D0BE C838 CCB5


_______________________________________________      
Best Selling Security Books and More!
http://www.shopinfosecnews.org/ 

Site design & layout copyright © 1986-2014 CodeGods