Understanding Cybercrime

Cybercrime  is pervasive, pandemic and increasingly connected with other parts of the criminal ecosystem. It ranges from the theft of an individual’s identity to the complete disruption of a country’s Internet connectivity due to a massive attack against its networking and computing resources.

Friday, September 18, 2009

Cybercrime  is pervasive, pandemic and increasingly connected with other parts of the criminal ecosystem. It ranges from the theft of an individual’s identity to the complete disruption of a country’s Internet connectivity due to a massive attack against its networking and computing resources.

This is the first in a four-part series that will look at the history of cybercrime, its pervasiveness today, and how it has and will continue to impact society.

Cybercrime is a type of crime where the element of trust is exploited through the use of computers (mobile, embedded, stand-alone or networked). Additionally, cybercrime also includes traditional crimes conducted via the Internet.

For example, hate crimes, telemarketing and Internet fraud, identity theft, wire fraud, and credit card account thefts are considered to be cybercrimes when the illegal activities are committed through the use of a computer and the Internet.

The target of cybercrime centers on information -- the data that is electronically stored for retrieval and subsequent use.

To get an idea of the scale of the threat of cybercrime, let’s take a look at the overall use of the Internet, theft or exposure of personal data through data breaches and the amount of money (an estimated  billions of  dollars  annually) lost to a cybercrime called ‘phishing’ -- one of the most common online attacks.

Crime is a sociological problem that hasn’t been solved in 4,000 years of recorded history. Cybercrime is just the most recent vehicle.

Spam, Viruses and Worms

To understand the current role cybercrime plays in our society, it is important to understand where and how it began.
From its beginnings in 1978, spam messages, which began as mass mailings with the common goal of advertising, have evolved into mailings with a more malicious intent.

Moving off of simple email blasts, spam messages are now seen on blog comment boards, cell phone messages, instant messages (SPIM) and over VoIP networks. As the criminal intent has evolved, so have some of the tools to fight it.

The passage of the CAN-SPAM Act made it illegal to send these types of messages without offering a way to opt out.
A few years after the first spam messages, the first virus was written.

Much like spam messages, there was no initial ill intent with viruses. Rather than execute the malicious code they are now known for, early viruses were used as pranks -- silly messages would appear on the screen and then disappear.

Over the years, these harmless pranks evolved from harmless annoyances to code with the ability to destroy data and wipe out hard drives.

A natural and more dangerous evolution of viruses, worms, first tracked back to 1988, are self-propagating. While a virus needed a person to physically install it on each system, worms rely on vulnerabilities in software and networks to spread.

Microsoft  and other companies now work to address these vulnerabilities with various security patches each time a new vulnerability is discovered.

Trojan horse software, aptly named for the Trojan horse, installs itself on a user’s computer when the user unknowingly clicks on an infected link or attachment that then installs the program on the user’s computer.

Once the malware is installed on the user’s computer, criminals can remotely perform various tasks such as extracting sensitive information, downloading private data such as credentials (usernames and passwords), military files, unclassified data, or using the infected system to connect to a network of other similarly infected systems -- as in a botnet.

Phishing, DDoS and Botnets

The first widely known use of phishing occurred in 1996. Phishing attacks attempt to trick users into divulging their personal information to criminals who can profit, either from its use or resale.

Initial phishing attacks took the form of typo-ridden emails, though they have now become much more sophisticated, using exact company logos and wording to trick even the most knowledgeable user.

Phishing has become so successful, in fact, that it has been adopted by organized crime rings as a new channel for extortion, theft and blackmail.

What is possibly the first (and one of the largest) DDoS (Distributed Denial of Service) attacks took down several high-profile sites, including Banks, telecomunication companies ,web service providers such as the most commonly known in Rwanda (HI5 or TUBELY in February of 2000.

Much like viruses, these attacks began as simple pranks but quickly evolved into criminal operations. In some cases this is in the form of extortion, in which a criminal will threaten an attack unless a Web site owner pays him/her.

2003 marked the first known organized attempt to create a botnet, the Win32.Sobig worm, which infected approximately 500,000 machines.

In the past year, the size of botnets and their attacks have grown significantly to several million compromised computers. No one has the exact numbers, but some botnets can be comprised of approximately 2 million to 4 million computers.

These networked groups of computers, controlled by a bot herder, act as zombie computers and can be used to send spam, phishing attacks and crimeware.

The author is a sales manager of SECAM

alex@subizo.com