Thuggery Thrives on the Internet

Blackmail, the shakedown and the sting are age-old forms of thuggery in the analog world, and now they're finding the digital world a fertile place for their poisoned fruits, according to security experts interviewed by TechNewsWorld.

The experts say that criminal elements -- including organized crime in Russia, Eastern Europe and Asia -- are increasingly using the Net to shake down companies with denial-of-service attacks and filch personal information from targeted employees for blackmail or to compromise corporate computer systems.

"This is Old World crime, but it's using new tools," observed Sam Curry, vice president of product management for Etrust Security Management, an affiliate of Computer Associates.

"I think you'll see people moving from Old World thuggery to Internet thuggery," he told TechNewsWorld. "This isn't a new type of crime. It's a new way to do it."

Low Risk, High Rewards

The aims and goals of these criminals remain the same as in the past, according to Panda Software chief technology officer Patrick Hinojosa. They just have a new venue in which to pull them off, he told TechNewsWorld.

That new venue makes it easier to preserve anonymity and more difficult to trace the crime. "They can upload stolen information to a hijacked server that isn't connected to them at all," Hinojosa said. "They don't ever have to leave a trail that can be followed back to them."

The tools used by Net thugs are similar to those used by mischievous hackers -- tools like key loggers, worms and Trojans -- but they're usually more refined in their construction and distribution.

"In these cases, what we're finding are sophisticated coders who are writing specialized worms and specialized applications that are targeting specific organizations," said Phillip Zakas, CEO of Intelli7, a maker of network traffic management tools.

"The purpose of a standard worm is for a 21 year old to have their software distributed across the Internet as quickly as possible," he explained. "For a targeted attack, the purpose would be to gain entry to a particular network, start attacking the individuals on that network to gain their credentials, and [transmit] that information so the bad guys will have access to the information inside that network."

Pandemics Uncool

Those kinds of targeted attacks mark a departure from the "pandemic" attacks that have made headlines in the past but have lost their glow among information highwaymen in recent times.

"Attackers have figured out that if they blast out a large number of e-mails, the anti-spam vendors would immediately detect their stuff and block it," Sophos senior security analyst Ted Anglace told TechNewsWorld. "If they use a small targeted group, chances are they can avoid a lot of that filtering, because they'll fly under the radar."

Mass mailings can also undermine a hacker's goals if they are too successful. "They can get back more information than they can process," Anglace noted. "With targeted attacks, they get less information that they can parse through quickly, validate and put to good use before an institution is alerted to their activities."

More Attacks, Less Limelight

The attack curve on information systems is likely to change in 2006, predicted Zakas.

"You're going to have fewer attacks that will have higher impact in much shorter period of time using these sorts of techniques," he said. "Rather than seeing hundreds of these, you'll see dozens of cases."

Most of them will probably remain out of the limelight.

"It's a very embarrassing situation," Zakas said. "It's not something people like to publicize at all."

"For one of our clients," he continued, "thirty percent of all the network transactions that they see on a daily basis are illegal transactions -- people trying to take down their network or steal credentials of key people inside that bank."