Evolution of Cybercrime and current situation

From CyberSecurity
Revision as of 17:22, 2 December 2005 by Hema (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Categories of CyberCrime

1)Spam - Spam now represents more than 50 percent of all email transmitted over the Internet Its costs, which Internet service providers (ISPs) pass on to their customers, are enormous. With spam’s ubiquity comes a whole culture and industry devoted to fighting it. Large groups of people, such as the Spamhaus Project, spend lots of effort to identify spams’ sources so as to shut down spammers’ Internet access. They’ve even created new technology to flag its sources (DNS or border gateway protocol- [BGP]- based blacklists) and spam messages (Bayesian networks, distributed checksum databases, and heuristics) for filtering purposes. Increasingly on the defensive, spammers are fighting back by becoming more sophisticated, generating unique messages, and finding new open proxies or SMTP relays to send messages and hide their true sources.

2)Extortion & Reputational Damage—In the Internet variant of a protection racket, criminal gangs will threaten companies with disruption of their networks, denial of service attacks, or the theft of valuable information unless they pay ransom or security consultant fees into an offshore bank account. They can deface a company’s Web site, causing not just embarrassment but loss of sales. In other cases, spite or a desire to inflict harm means that the attack will be executed without warning.

3)Fraud & Phishing—The anonymity and opportunities for misrepresentation found on the Internet make fraud easy. Internet fraud has also become a serious problem. Consumer Sentinel, a complaint database developed and maintained by the US Federal Trade Commission (www.consumer.gov/ sentinel/), has recorded more than 390,000 Internet-related fraud complaints about transactions involving over US$540 million losses in 2004 alone. Fraud schemes are usually peddled by individuals who spam potential victims, such as the Nigerian, or 419, scam. But as the number of fraud cases has increased, so has the public’s awareness of them; fraudsters are increasingly forced to resort to more intricate schemes. We’re now seeing the practice of “phishing” gaining popularity with fraudsters. Using this scheme, criminals create email messages with return addresses, links, and branding that seem to come from trusted, well-known organizations; the hope is to convince the victim to disclose sensitive information. This practice is rooted in crackers’ first attempts to fool America Online users into parting with their screen names and passwords in the mid-1990s. The goal these days is to extract information from a victim that crackers can use for financial gain more than for tweaking AOL users. A commonly targeted item is victims’ creditcard information (number, expiration date, card-validation value, and so on). Criminals also want access to Internet payment systems such as e-Bullion, egold, Evocash, INT Gold, Gold-Money, PayPal, and Swiftpay; online transaction services such as Authorize. Net, iBill, and Verotel; and Internet accessible banks such as Bank of America, Barclays Bank, Citibank, Halifax Bank, Lloyds Bank, Nationwide Bank, and Wells Fargo.

5)Service Disruption—A cybercriminal can use an Internet attack to disrupt a key service. Denial of service attacks are one method, worms and viruses containing malicious code are another. A major auto manufacturer was one of many companies that had to shutdown its e-mail network for a few days because of the Love Lettervirus. Some viruses will wipe clean computer memories, erasing payroll records or invoices.

6)Information Theft—The most damaging category of Internet crime, information theft can take several forms. Cybercriminals can extract personal identification information or credit information from a company’s database and affect thousands of consumers. Cybercriminals can also extract a company’s own financial information.Finally, cybercriminals can steal valuable intellectual property (designs,blueprints, and marketing plans) from a company. While the reportedcost of information theft is declining, it remains one of the greatest Internet risks a company can face.

7)Money Laundering—The growth of global financial services makes it easy to conduct banking operations across borders over the Internet. The Financial Action Task Force, a group of national law enforcement agencies, notes that “Within the retail banking sector, services such as telephone and Internet banking allow customers to execute transactions on a non face-to-face basis from any location with telephone or internet access.” While use of the Internet provides law enforcement agencies a greater ability to trace transactions through electronic records, the volume of transactions, the anonymity, and the lack of consistent record-keeping make itattractive to criminals and terrorists.

Cybercrime Tools

1)Bots—A bot (short for robot) is a computer on which a worm or virus has installed programs that run automatically and allow cybercriminals access and control. Cybercriminals use viruses or bots to search for vulnerable computers where they can load their own programs or storedata. A bot network is a collection of these infected machines, often compromised weeks or months earlier by attackers using worms or viruses to plant backdoor components that can be centrally controlled and used to launch simultaneous attacks. Spammers, hackers, and other cybercriminals are acquiring or renting bot networks, making it harder for authorities to track down the real culprits.

2)Keylogging—A program that covertly recovers the keys typed by a computer user and either stores the data for later access or secretly sends the information to the author. The advantage of a keylogger program is that the cybercriminal does not need to trick a computer user into supplying sensitive information.

3)Bundling—Covertly attaching a virus or spyware to a benign or legitimate download, such as a screensaver, a game, freeware, or an image. When the computer user downloads and installs the legitimate file, they are unwittingly also giving permission to install the criminal program.

4)Denial of Service—An attack specifically designed to prevent the normal functioning of a computer network or system and to prevent access by authorized users. A distributed denial of service attack uses thousands of computers captured by a worm or trojan to launch tens of thousands of e-mail messages at the target in a very short time. Attackers can cause denial of service attacks by destroying or modifying data or by using zombie computers to bombard the system with e-mails until its servers are overloaded and other users can no longer gain access.

5)Packet Sniffer—Software program that monitors network traffic. Attackers use packet sniffers to capture and analyze data transmitted via a network. Specialized sniffers capture passwords as they cross a network.

6)Rootkit—A set of tools used by an intruder after hacking a computer. The tools allow the cybercriminal to maintain access, prevent detection, build in hidden backdoors, and collect information from both the compromised computer and from other computers systems on the network. Rootkits are available for most major operating systems.

7)Spyware—Software that gathers information without the users’ knowledge. Spyware is typically bundled covertly with another program. The user does not know that installing one also installs the other. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather and relay information one-mail addresses, passwords, and credit card numbers.

8)Scripts—Short programs or lists of commands, usually available as shareware from hacker sites, that can be copied, remotely inserted into a computer, and used to attack and disrupt computer operations.

9)Social Engineering—Social engineering is not limited to cybercrime,but it is an important element for cyber fraud. Social engineering tricks or deceives the recipient into taking an action or revealing information. The reasons given seem legitimate but the intent is criminal. Phishing is an obvious example—a certain percentage of users will respond unthinkingly to a request that appears to be from a legitimate institution.

10)Malicious Code – Worms and Trojans

Trojan is a malicious program unwittingly downloaded and installed by computer users. Some trojans pretend to be a benign application. Many hide in a computer’s memory as a file with a nondescriptname. Trojans contain commands that a computer automatically executes without the user’s knowledge. Sometimes it can act as a zombie and send spam or participate in a distributed denial of service attack, or it can be a keylogger or other monitoring program that collects data and sends it covertly to the attacker. Many trojans now also attempt to disable anti-virus programs.

Worms are wholly contained viruses that travel through networks, automatically duplicate themselves and mail themselves to other computers whose addresses are in the host computer. They propagate by sending copies of themselves to other computers through e-mail or Internet Relay Chat (IRC).

One trick in the spammer’s arsenal is to use worms and trojans to create spam relays. Backdoor.Hogle’s creator designed it specifically for this purpose. After infecting a system, it checks to see whether the host’s IP address is listed in the blacklists that spamcop.net and abuse.net maintain; if it’s listed, the program terminates. Several other worms are suspected vehicles for installing proxies that spammers can use (for example, the currentcrop of MyDoom worms).

Reverse HTTP proxies Spam sometimes points the recipient back to a Web site. Antispam crusaders attempt to track down these Web sites, contact the responsible ISPs, and have them shut down. This denies the spammer satisfaction even if a user is fooled into visiting a site. A backdoor found in the wild, Backdoor. Migmaf, had a clever way to get around this counterattack. It acted as a reverse HTTP proxy (see www. lurhq.com/migmaf.html), infecting thousands of computers. The spammer sent out spam with links to hosts such as linkxxxsites.com, and then used the domain’s DNS servers to point the hostname to an infected machine’s IP address. The machine would then proxy the HTTP request to the real Web server and send results back to the client, thus hiding the true Web server’s IP address from the client. The spammer changed the IP address that the hostname pointed to every 10 minutes, so to shut down the Web site, antispam activists would have had to determine the IP addresses of thousands of infected machines and disable, disconnect, or disinfect them—a difficult job indeed. Backdoor.Migmaf also acted as a SOCKS proxy server, which permitted the spammer to send out anonymous spam. Infected machines participated in a PayPal phishing scam by acting as a proxy for the scam’s Web site (www.securityfocus.com/archive/1/328772). Evidence suggests that spammers similarly used an earlier worm, W32.HLLW.Fizzer, to point to their spam Web sites.

12)Virus—A program or piece of code that spreads from computer to computer without the users’ consent. They usually cause an unexpected and negative event when run by a computer. Viruses contaminate legitimate computer programs and are often introduced through e-mail attachments, often with clever titles to attract the curious reader.

13)Zombie—A computer running programs that give control to someone other than the user. Zombies automatically execute commands from someone other than the user, without the user’s knowledge. Zombies are created by placing executable code on a user’s machine (often through use of a trojan); a cybercriminal can gain control of the computer and have it automatically (and usuallycovertly) execute a command to initiate a denial of service attack, send spam, or perform other activities.

14)Internet message boards – Internet message boards dedicated to stocks are fertile ground for impersonators. A habit of many posters to these boards is to cut-and-paste press releases and news stories from other electronic sources into their posts to alert other posters and visitors to that information. Frequently, posters will paste in a hyperlink to direct a reader to a source directly, as Hoke did in the PairGain hoax. (http://www.sec.gov/litigation/litreleases/lr16266.htm)

Retrieved from "http://cubist.cs.washington.edu/CyberSecurity/index.php?title=Evolution_of_Cybercrime_and_current_situation&oldid=3075"