itNews reports a disturbing trend in the realm of cybercrime: Companies that offer malware software for a fee, as low as $400, and webhosting with custom configuration for a scant $50 more.
In other words, Cybercrime is being outsourced.
According to the CEO of Vasco Banking, Vlado Vajdic,
With all of the talk of AIG and banking collapse, people have begun to forget about how entirely weak their cybersecurity really is. In Eastern Europe, the hackers involved see themselves, most of the time, as the tried-and-true meme used by mobsters, "I'm just a respected businessman!"
According to these coder/hackers for hire, the software is for research purposes, and what the user does with it is the user's problem, not theirs.
But it doesn't stop there. The BBC bought, for investigational purposes, a 22,000 PC 'botnet.' The program, called 'Click,' used chat rooms to gain control of the computers and warn them of their vulnerabilities as well as provide information on how to shore up their defenses.
But if the BBC could do it, so could anyone else.
Botnets are an ad-hoc network of compromised machines waiting for a signal from their 'master,' which usually is to spam a list of targets or, more often, everyone in their address book. This is how a person gets spam from their Grandma. Less often, these compromised PC's are used to constantly send message after message to the same server until it crashes, an attack known as a DDoS (Distributed Denial of Service) Attack.
In fact, the BBC 'Click' investigation proved its concept by doing just that, against a backup site owned by the UK Security Company 'Prevx.' 60 machines, yes, 60, were enough to make it crash into a compromised state. Compare that to the power the entire botnet could have done to all of Prevx. Or to all of any other collection of services.
DDoS, the BBC notes, are usually the threat used to extort money. It's an extortion/kidnapping tool.
Last but not least, Botnets are also used to steal personal information from the machines themselves. The 'street' price for 1000 US or UK computers is around $500, due to the value of the information they contain. $11,000 later, the BBC did all but use the computers. There's a problem in US and UK law--'owning' a botnet isn't a crime. Using it is.
In other words, Cybercrime is being outsourced.
According to the CEO of Vasco Banking, Vlado Vajdic,
Kits for these turneky hacking operations even come with maintenance, tech support, and a pre-written user's manual. The software is even developed using the tried, true, and effective code-compile-build-test-repeat method."It was inevitable that services would be sold to people who bought the malware toolkits but didn‘t know how to configure them. Not only can you buy configuration as a service now, you can have the malware operated for you, too. We saw evidence of that this year. Investors get malware developers to write code for them and then get the writers to host and distribute it, too."
With all of the talk of AIG and banking collapse, people have begun to forget about how entirely weak their cybersecurity really is. In Eastern Europe, the hackers involved see themselves, most of the time, as the tried-and-true meme used by mobsters, "I'm just a respected businessman!"
According to these coder/hackers for hire, the software is for research purposes, and what the user does with it is the user's problem, not theirs.
But it doesn't stop there. The BBC bought, for investigational purposes, a 22,000 PC 'botnet.' The program, called 'Click,' used chat rooms to gain control of the computers and warn them of their vulnerabilities as well as provide information on how to shore up their defenses.
But if the BBC could do it, so could anyone else.
Botnets are an ad-hoc network of compromised machines waiting for a signal from their 'master,' which usually is to spam a list of targets or, more often, everyone in their address book. This is how a person gets spam from their Grandma. Less often, these compromised PC's are used to constantly send message after message to the same server until it crashes, an attack known as a DDoS (Distributed Denial of Service) Attack.
In fact, the BBC 'Click' investigation proved its concept by doing just that, against a backup site owned by the UK Security Company 'Prevx.' 60 machines, yes, 60, were enough to make it crash into a compromised state. Compare that to the power the entire botnet could have done to all of Prevx. Or to all of any other collection of services.
DDoS, the BBC notes, are usually the threat used to extort money. It's an extortion/kidnapping tool.
Last but not least, Botnets are also used to steal personal information from the machines themselves. The 'street' price for 1000 US or UK computers is around $500, due to the value of the information they contain. $11,000 later, the BBC did all but use the computers. There's a problem in US and UK law--'owning' a botnet isn't a crime. Using it is.
Posts
No comments:
Post a Comment