Computer Crime Research Center

etc/eye.jpg

Computer crime: methods and techniques

Date: June 01, 2005
Source: smh.com.au
By: Patrick Gray

The romantic, almost noble notion of the lone-gunman hacker popularised in films such as War Games and Hackers has been replaced by a crude reality - they are usually criminals and they are far better organised than we are. Organised crime syndicates with thousands of members are turning to hacking and spamming techniques to dupe innocent internet users out of millions of dollars annually, delegates to this year's AusCERT security conference were told.

And despite speaker after speaker urging us to do more to protect ourselves while online, they grudgingly admitted that although big business has arrested its security slide, small businesses and individuals are at greater risk than ever and there is little they can do to counter the crime lords.

"It used to be you had the lone-gunman hackers, which you still have," said Christopher Painter, deputy chief of the computer crime and intellectual property section of the US Department of Justice. "Now, we have this new problem."

Mr Painter, who prosecuted infamous cyber-criminal Kevin Mitnick, cited the recently busted ShadowCrew - a US organised computer crime ring - as an example of the new enemy. The crew's 4000 members were organised into a tightly controlled and disparate hierarchy, he said. "They had various roles and responsibilities. They didn't know each other in person; they knew each other online."

Graham Ingram, general manager of Australia's cybercrime early-warning organisation and conference organiser AusCERT, told delegates the threat to individuals was growing "almost exponentially" - and authorities were losing the fight.

"The criminals are benefiting from this revolution, and currently they are winning," Mr Ingram said during his presentation about the militarised use of online identity theft.

Sophisticated technical operations that wage wholesale identity fraud for crime syndicates use many attack methods that interweave into a formidable capacity that's difficult to counter, he says.

Criminals are delivering worms and viruses through public computer networks, compromising internet banking and e-commerce credentials. Simple phishing scams, where users are tricked into typing their passwords into counterfeit websites, are giving way to more sophisticated attacks, he said.

Sun Microsystems security architect Lance Spitzner said two years ago his group took a month to write a research paper but "now it takes us five weeks just to review a paper". He is the author of a book on security and founder of the Honeynet Project - an attempt to use the criminals' methods against them by luring them to fake sites where their exploits are analysed. "The bad guys have got much more sophisticated. Three years ago, it was hackers hacking; now, it's criminals hacking," Mr Spitzner said.

The University of Washington's David Dittrich delivered a presentation on "BotNets" - vast networks of compromised computer systems used by criminals to send spam and attack other networks. Mr Dittrich said the increasing sophistication of malicious software code paralleled the growing organisational structures of crime syndicates. He said programming instructions used in malicious software was "very modular", which allowed it to be adapted quickly with deadly efficiency.
Add comment  Email to a Friend

Copyright © 2001-2024 Computer Crime Research Center
CCRC logo