CRIME: The Sophisticated Hackers

Sophisticated attackers have eclipsed hackers as the largest threat to organisations, as protecting the amount of data in an organisation proves to be more challenging. Speaking at the Symantec Vision conference in Barcelona, Francis deSouza, senior vice president of the enterprise security group at Symantec, said that there are four key trends when it comes to the threat landscape: attackers; complex heterogeneous infrastructure; information explosion; and the increasing cost of a security breach.

He commented that it was clear from analysis of the Stuxnet worm that such a sophisticated threat was not written by casual hackers. He said: “This was written by a very sophisticated team that has deep skills that crossed a number of different areas and that invested a number of man years into creating this piece of malware.”

Looking at the first key trend, De Souza said: “The hackers have really changed over the past few years, four years ago I would have talked about the primary drivers were that hackers were trying to take down infrastructure. But today hackers have dropped out of the top three in terms of factors driving security attacks, the number one group driving security attacks today are the sophisticated attackers.

“Hackers have dropped to number four, number two and number three driving attacks today are actually insiders, the number two group are well-meaning insiders such as employees or contractors or customers who have legitimate access to a corporate network, but inadvertently do things that put an organisation at risk.

“The third group are actually malicious insiders who have legitimate access to the network but are actually deliberately stealing information. They are doing it because they are disgruntled, or have discovered a profit motive to be had in stealing corporate information.”

He went on to claim that the second big trend was around the infrastructure that organisations have to protect, specifically as sophisticated attackers use evolved attacks. He said that the techniques being used are very different from those of hackers, particularly with the emergence of ‘custom malware’ to create an attack.

He said: “Custom malware means that you have never seen that file before. Some of the old methods of doing security around signature-based security just won’t work because you will not have seen that file before so you will not have a signature for that file and will not be able to block it.”

He said that CIOs have more to protect in their environment than ever before, such as more equipment in the data centre, more endpoints and more people to protect because suppliers and contractors reach into the network.

“Also the amount of information that they have to protect is growing expedentially, almost across industries, organisations are telling us that the amount of information that they have to protect is doubling every two years, that is a massive amount of growth,” he said.

“In addition to the amount of information, they are realising that the amount of confidential information is growing. They are seeing an information explosion and more that they need to protect.”

Via SC Magazine


Childish Prank Is Now DoJ’s Nightmare

The U.S. Department of Justice said it may have been the most sophisticated computer fraud ever. For Viktor Pleshchuk, it was the chance to buy a brand new BMW and an apartment in his hometown of St. Petersburg.

The 29-year-old last month pleaded guilty to participating in a worldwide hacking scheme that led to the illegal withdrawal of more than $9 million from cash machines worldwide operated by RBS WorldPay Inc., the U.S. payment-processing division of Britain’s Royal Bank of Scotland Group Plc.

The conviction shed light on a growing trend from Russia. Just as President Dmitry Medvedev seeks to persuade investors his country is a safe place, more technology graduates are turning to cybercrime. The FBI last week charged 37 suspects from Russia, Ukraine and other eastern European countries of using a computer virus to hack into U.S. bank accounts.

“The number of hackers reflects how many good engineers we potentially have in this country,” Vladimir Dolgov, the president of Google Inc. in Russia, said in a Bloomberg Television interview in Moscow.

Russians committed more than 17,500 computer-related crimes last year, or 25 percent more than in 2008, according to the Interior Ministry’s latest statistics.

‘Childish Prank’

While cybercrime is proliferating, Russian laws against it were written in 1998, when hacking was often perceived as a “childish prank,” Boris Miroshnikov, the head of the ministry’s anti-cybercrime department, said in a report posted on the agency’s website.

A ministry spokeswoman said the department has advised Russian lawmakers to impose stiffer penalties on hackers. She declined to be identified, citing department policy.

“We are working on that, but so far we haven’t moved beyond discussions,” she said.

Businesses around the world lose more than $1 trillion in intellectual property due to data theft and cybercrime annually, according to a report in January 2009 by McAfee Inc., the technology security company based in Santa Clara, California.

Seeking to thwart the attacks, U.S. legislators in March proposed to use trade restrictions to penalize countries that provide safe haven to hackers.

Via Bloomberg

CRIME: Man ‘Grooms’ Boys To Send Naked Pics

Copenhagen City Court this week charged a 28-year old man for ‘grooming’ underage teens.

(The unnamed pervert) is being prosecuted in Copenhagen City Court for ‘grooming’, where he allegedly used the online computer game ‘World of Warcraft’ to get the 12-16 year-old boys to transmit pictures or film clips to him.

'Run Away, Lil' Girl. Run Away!'

According to the charges, the man had a significant amount of ‘gold’ in the game, which can be used to upgrade a player’s strength or abilities. He allegedly offered the boys gold in exchange for the pictures, which in some instances involved (illicit acts). Read More

The report added, “the man chatted with the boys on World of Warcraft website and also via MSN Messenger, where more private exchanges could take place.”