Monday, November 21, 2011

Organized crime on the Internet

One of the greatest threats of the Internet is the security breaches that can cause damage to individuals, companies, governments, and organizations. Since the advent of the World Wide Web, some have taken an interest in abusing and exploiting loopholes in the system. More commonly known as hackers, these people have the knowledge to develop malicious programs, write viruses, deface websites, steal data, and much more. Their actions can be traced to different motives, ranging from pure mischief, intended damage such as theft, to organized crime. As the complexity of security attacks increased over time, so did the seriousness of their motives. A single individual may no longer be the sole person behind a website defacement incident. Instead, groups of political activists or terrorists could be the ones responsible in today’s world.

FORMS OF CYBERCRIME

1. Script Kiddies

Script kiddies are usually individuals or a group of casual juvenile hackers. They utilize tools and scripts written by expert black-hat programmers to launch attacks over the Internet. In most cases, they do not have the technical proficiency to develop sophisticated exploits, but rely on powerful programs that can be obtained over the Internet. However, armed with just the knowledge on how to operate these programs, script kiddies still can cause potentially damaging effects. They do not usually have a clear motive, other than seeking thrill and prestige. One of the most well-known examples of a script kiddie is Mafiaboy, a high school student from Canada who performed denial-of-service attacks on Yahoo, Dell, eBay and CNN. The financial loss was estimated to be $1.2billion globally.

2. Fraud, Scams, and identity theft

Most of us have probably been targets of online fraud or email scams before. Nigerian scams, Eastern European scams or the Work-At-Home schemes are the common examples we often see. They come in the form of spam email, online banner ads, or malicious hyperlinks. These activities are usually organized and carefully planned. The perpetuators make use of people’s greed of getting rich overnight and bank on their foolishness to participate in the scam. A small payment is usually requested upfront as a starting fee, but bigger payments are demanded later on to ‘unlock’ administrative requirements or to reap higher investment returns. When the victim finally realizes that he or she will not be getting any real benefits, the perpetuators of the scheme will disappear along with the invested cash.

Another form of scam is identity theft. Identity theft occurs when online thieves manage to obtain confidential and private information of people such addresses, Social Security Number, or credit card and bank details. The victim can be tricked into revealing the information via phishing scams – whereby the perpetuator uses an email spoof to ask for the victim’s user name and password. Another method is to use a cross-site scripting attack to redirect the user from a legitimate website to a fake one. Hackers can set up seemingly real replicas of banking sites and an unsuspecting user will enter his login credentials without a clue of what is happening. The perpetuator then uses the information to make purchases, transfer funds, or impersonate the person online. Usually, victims do not realize that their confidential data are stolen until it is too late.

To recognize legitimate websites and learn tips on how to shop safely online, do visit this link: http://www.pcmag.com/article2/0,2817,2373130,00.asp

3. Hactivism

The next form of cybercrime takes the form of both activism and hacking. Hactivists usually have a political motivation or an agenda that they are campaigning for. They often operate in groups and work aggressively to attack the web server or websites of organizations that they are fighting against. Hactivists aim for high-profile operations to generate as much publicity as possible, in hope of garnering support from the public and put pressure on policy makers. This form of activism is fast gaining popularity in recent years, and infamous groups like Anonymous and Lulzsec have been making headlines in the IT world with their large scale and successful attacks on multinational corporations, multiple governments, agencies such as CIA, FBI - the list goes on.
The strength of hactivists is that they can harness the power of non-technical savvy people that are willing to participate in their cause. They develop special software that can be downloaded and it allows anyone to ‘lend’ their computers as part of the operation. This effect is potentially destructive as virtually no website can withstand a huge amount of data overload from different sources. Also, these cybercriminals utilize many forms of techniques in their operations. The four most common types are:

  • Virtual sit-ins: Activists visit a website repetitively together at the same time to generate so much traffic such that other users cannot reach it. In 1998, the hacker group Electronic Disturbance Theater (EDT) set up special sites with automated software that participants could visit and download. An estimated 10,000 activists engaged in the operation, causing floods to the sites of the Pentagon and the Frankfurt Stock Exchange.
  • Automated Email Bombs: Email bombs are massive amount of emails, usually with large attachments, sent to government policy makers. This will jam their mailboxes and prevent them from receiving their usual day-to-day work emails.
  • Web hacks and break-ins: This form of attack is a large category of many other methods. Essentially, it involves the intrusion into the server of the victimized website and performing malicious acts such as defacement, redirecting visitors to another site, or exposing user data and information.
  • Viruses and Worms: Hactivists can also utilize viruses and worms to propagate their message and damage targeted computer systems. In 1989, the Wank worm developed by anti-nuclear hackers infiltrated into NASA’s network. Scientists logging into computers on that morning were greeted with the message above.

4. Cyberterrorism and Cyberwarfare

The last category of organized crime is on the largest scale – possibly involving entire nations or terrorist groups. In April 2009, US officials reported that electricity grids could have been compromised by hackers, who had hidden software code that can potentially disrupt power supplies. A senior intelligence official told the Wall Street Journal that "The Chinese have attempted to map our infrastructure, such as the electrical grid, "So have the Russians." Although the attacks originated from China and Russia, both countries denied any government involvement in the matter. As such, it is unclear whether any terrorist groups had a hand in it or it was a politically motivated attack.

RECENT EVENTS

Recent events in late 2010 and the first half of 2011 brought the IT world to a jolt. It was a wake-up call for security professionals and government agencies when two hacker groups – Anonymous and Lulzsec, started a barrage of operations against numerous organizations. When Wikileaks came under pressure to close down, Anonymous launched attacks against Amazon, PayPal, MasterCard, Visa for their refusal to process transactions for Wikileaks donations. Many government websites were also targeted, such as Zimbabwe and Malaysia, for blocking accessing to Wikileaks.

As an international hacking group, Anonymous comprises of members which maintains their anonymity to each other. It is not led by any visible leader but has been described as “users simultaneously existing as an anarchic, chaotic, global brain.” The group runs many hacking operations, often with the help of willing individuals that have downloaded a software called Low Orbit Ion Cannon, which contributes their personal computer to a bot network. This army of computer bots is then used by Anonymous to launch massive Distributed Denial of Service (DDos) attacks.

Anonymous had also teamed up with Lulzsec, declaring war on all governments and big corporations. Read more about their statement here: http://gizmodo.com/5813560/lulzsec-and-anonymous-declare-open-war-against-all-governments-and-fat-cats

Lulzsec was a team of six people and possibly members of part of the larger Anonymous group. Formed in early 2011, the group made its debut by compromising the web server of Sony Pictures and posting 150,000 people’s passwords, names, addresses and emails online. Lulzsec has also broken into the US Senate’s website, stole information from the Department of Homeland Security, Arizona Department of Public Safety and published their sensitive information on the Internet. High-profile organizations such as the IMF and defense contractor Lockheed Martin were also not spared. The group has also claimed credit for a DDoS attack that took down CIA’s official website, www.cia.gov. Many have said that Lulzsec operations has brought hacktivism to a whole new level. They challenged authorities upfront, gave pre-warnings to companies before their impending attacks (while still succeeding), and made use of social media such as Twitter. This allowed them to achieve a remarkable marketing effect with the public media. By the time Lulzsec called it quits at the end of June 2011, their twitter profile had 283,000 followers. (http://twitter.com/#!/LulzSec)

THOUGHTS AND CONCLUSION

The above events have shown that organized crime on the Internet are becoming more borderless and transnational. Many people from different countries can participate in the same ‘hacking operation’ without knowing the true names behind their online identities. The rate at which cyber attacks are evolving is becoming an alarming situation which warrants strong and concrete defensive action. Law enforcement agencies are sometimes rendered helpless in dealing with these criminals. It costs too much time and effort to procure enough evidence to nail the hackers, and another issue is that the most talented people are usually at the dark side of the fight. This issue is so pressing that FBI had to issue a call for hackers’ help at an annual Black Hat security conference. (http://news.cnet.com/FBI-calls-for-hacker-help/2100-7348_3-6101475.html?tag=lia;rcol)

Governments and security agencies around the world have to step up their efforts and understand that the Internet has already become a war field. We are no longer living in an era where hackers merely deface websites for fun, or steal credit card information for their own petty gains. We are dealing with large-scale, coordinated attacks from powerful groups or even nations. They have motives and agendas that transcend personal gains, and no one is immune from these attacks. To be able to effectively counter all these, we must involve more than just security firms or rely on the government to tackle the problem. Companies should play a vital role and never compromise on the security of their own systems. No organization should view IT security as a cost center, but as an essential part of their businesses if they wish to safeguard their data and protect their customers and clients.

As for the everyday person, hacking news inthe headlines may seem interesting and fun to follow, but we should watch out too; for one may never know whether our own computers are being used as a part of the bot-armies for the hackers out there.


References

http://www.wired.com/science/discoveries/news/2007/02/72573

http://en.wikipedia.org/wiki/Script_kiddie

http://www.totse2.com/totse/en/technology/cyberspace_the_new_frontier/cyberspc.html

http://www.telegraph.co.uk/news/worldnews/asia/china/5126584/China-and-Russia-hack-into-US-power-grid.html

http://gizmodo.com/5815546/lulzsec-calls-it-quits

http://articles.nydailynews.com/2010-12-08/news/27083817_1_wikileaks-megrahi-lockerbie-bomber

http://www.pcmag.com/article2/0,2817,2387716,00.asp

http://www.cio.com/article/688260/Anonymous_Breaches_Another_US_Defense_Contractor

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)