Hackers Change Attack Modes, Seek Financial Payoff

The typical picture of a hacker has often been one of an introverted, misunderstood teen with a great deal of repressed anger. Launching an attack and disabling thousands of computers somehow seems to compensate for those feelings. Increasingly, however, while the hacker profile remains much the same, the ways in which these individuals compensate for their feelings of inadequacy have been changing. “Hackers are now being lured by the promise of financial gains,” said Pete Lindstrom, research director at Spire Security, a security consulting company.

A number of factors are responsible for the change. Security products such as firewalls and virus protection systems are improving, as is the ability of vendors to fix problems quickly and easily. “Companies have hardened the outer perimeter of their networks, so it is more difficult for outsiders to penetrate them,” noted Rose Ryan, an analyst with International Data Corp.

In addition, users are more aware of potential problems. Consequently, they have become much more diligent in performing tasks, such as updating their virus protection software on a regular basis. “Many users will now delete an e-mail attachment that seems suspicious rather than open it up, so it has become more difficult for viruses to spread quickly,” stated Peter Firstbrook, research director at Gartner.

A Break From Tradition

The end result is it has become more difficult for hackers to use traditional techniques to spread their malware. Even when they are successful, the attacks usually are not as far-reaching as they were a few years ago. The number of viruses housed within e-mail messages dropped by more than 50 percent in 2005, for example, according to ScanSoft, a hosted e-mail security provider.

These improvements are forcing hackers to turn their attention to other areas. “Hackers focus on the weakest link in the security chain,” Spire Security’s Lindstrom told TechNewsWorld.

With desktop and server security tightening up, there have been more attempts to author malware for other platforms: Spyware and viruses are now available for mobile phones running Symbian and Microsoft Windows Mobile handheld operating systems, and programs are being developed that target game consoles, such as Sony’s PlayStation and Microsoft’s Xbox.

In addition, more hackers are looking to make a profit from their illicit actions. “There is a growing criminal element involved in hacking today,” said Gartner’s Firstbrook. Instead of writing malware that deletes information from thousands of users’ hard drives, a growing number of these programs are attempting to steal personal information, such as credit card and social security numbers.

Hackers have determined that they can make money from such escapades, because an underground industry has emerged where individuals or crime rings buy and sell items, such as electronic mailing lists, instructions how to bypass a product’s security checks, or the location of holes in organizations’ perimeter defenses.

Phishers, Pharmers and Spammers

Those items can be used in a number of ways. Hackers engaged in phishing and pharming try to entice users to visit bogus Web sites and enter personal information that is then used to perpetrate identity theft. A growing number of hackers are also turning into spammers. “Hackers looked at what they were doing and decided that they would rather get paid for their hobby than continue to do it for nothing,” said Firstbrook.

In their new ventures, it makes much more sense for the hacker to launch quiet, focused attacks rather than the massive viruses or denial-of-service outbreaks that were evident a few years ago. Rather than access a network and disable a number of computers, hackers want to break into the network, stay there, and either collect personal information or use an organization’s computing resources.

Targeted, rather than scattershot, attacks are becoming common. In 2005, the United Kingdom’s National Infrastructure Security Coordination Center found that more than 300 government departments and businesses were targeted by a continuing series of attacks designed to covertly gather sensitive and economically valuable information.

Targeted Attacks Tough to Trace

These attacks are troubling for a number of reasons. First, a company often does not know that a hacker has broken the network and is tinkering with its resources. Second, these attacks are difficult to trace. Many security programs were designed to monitor network anomalies, instances where unusual activity is occurring.

Typically, a hacker would try dozens or even hundreds or times before finding a successful password. In the targeted attacks, the hacker does not place as much emphasis on using brute force as he does on stealth entry.

The targeted attacks can be successful. In May 2005, a hacker sent a note exclusively to students and faculty of the University of Kentucky that told them: “After three unsuccessful attempts to access your account, your Online Profile has been locked. This has been done to secure your accounts and to protect your private information.”

The users were instructed to unlock their profiles by visiting a specific Web site — which was controlled by the hacker — and entering their personal information. Because such attacks are sent to small groups of persons, they tend to be more believable than the traditional large attacks.

The end result is companies now see fewer large scale attacks on their networks, but the current attacks are potentially more dangerous. “It makes sense that as soon as vendors and users figure out how to close one door, hackers would look for another opening,” concluded Spire Security’s Lindstrom. “With companies hardening their network perimeter, hackers are now concentrating on more insidious attacks.”

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels