Advertisment

Most-Haunted: Profile of today's tech-villains

author-image
CIOL Bureau
New Update

PUNE, INDIA: Do you know that as while I am sitting and writing this article, or while you are graciously sitting and reading it, there is a lot of underworld action happening around? Auctions with bulk discounts are going on. For what? For trading of data stolen from ignorant users, for merchandise of personal identity records and for hawking tools regarding spam and viruses!

Advertisment

Yes, you heard it right!

You can now actually buy tutorials on hacking and crimes, purchase the tools or easier still, pay someone for these services while you can use the data stolen by him online.

Over Internet Relay Chat-rooms (IRCs) and Botnet herds, there is a parallel black economy thriving, where a smart thief steals a password and sells it in the underground marketplace.

Advertisment

In fact, it could have already entered the 'Blackmail' territory. Statistics are hard to come by but from what Bala Girisaballa, VP and Head of Product and Marketing, iViz Security is gathering in an undertone at various conferences, CXOs have indeed talking about data theft and consequent blackmail attacks.

Symantec's recent report on the underground economy outlines how an online underground economy has matured into an efficient, global marketplace in which stolen goods and fraud-related services are regularly bought and sold, and where the estimated value of goods offered by individual traders is measured in millions of dollars.

"The potential value of total advertised goods observed by Symantec was more than $276 million for the reporting period. Credit card information is the most advertised category and while stolen credit card numbers sell for as little as $0.10 to $25 per card, the average advertised stolen credit card limit observed by Symantec was more than $4,000," Shantanu Ghosh, vice president, India Product Operations, Symantec explains.

Advertisment

"As calculated, the potential worth of all credit cards advertised during the reporting period was $5.3 billion."

During the reporting period, Symantec observed 69,130 distinct active advertisers and 44,321,095 total messages posted to underground forums. And, the potential worth of the goods advertised by the single most active advertiser was $6.4 million.

This underground economy is geographically diverse and for the period under study, it came up that North America hosted 45 per cent of such servers, while Europe/Middle East/Africa hosted 38 per cent; followed by Asia/Pacific with 12 per cent and Latin America with five per cent.

Advertisment

"The geographical locations of underground economy servers are constantly changing to evade detection," Ghosh mentions.

Is he necessarily a geek?

Yes, his sophistication might have improved galore from password guessing, cracking, hijacking sessions, vulnerability exploits, network management attacks, sweeping, sniffing, packet spoofing to automated probes, denial of service, staged attacks, advanced stealth scans or cross-scripting; but today's cyber criminal need not be just a geek.

Advertisment

Experts have a mix of views.

It could as well be anyone, a system administrator, a network expert or a normal figure from the streets. "The knowledge avenues and wires are growing all over," Srivastwa answers.

But don't tell me that the so-called-genre of Cyber crimes is actually technical, says security research engineer, Jonathan Brossard. "You tell me Phishing is technical. Bullshit! All these crimes are not technical attacks, but those playing on unawareness. If good people don't get smart, bad guys would."

Advertisment

Brossard's argument refuses to admit that the attacks in question today, spring from a technology fountain. Instead he reasons that his credit card number can be stolen by a waiter in mere 30 seconds with a magnetic strip and that stuff like SIM cloning is around for more than ten years now, something that can make an entire network hijack possible.

"Anybody who sells software works with constraints. That's why developing a software still takes 20 per cent time, the rest goes in finding bugs," he remarks.

In fact, Brossard is not completely unconvincing. Today's criminals are using more demographics and skills than those of the nerd world.

Advertisment

As Girisaballa points out, attackers are moving away from transaction orientation to people orientation and social engineering is gaining ground.

Today's criminal creed is increasingly using social engineers, who might not have any jaw-dropping technical skills. But they have social engineering skills.

"He may not be the guy who knows to crack a password but he could be one who could attract and beguile you online." says Symantec's Ghosh, adding that these are shadowy figures and can be anywhere across the world, let's say some big underworld online economy perpetrators sitting in East European countries.

"Last few years, some high-profile assets have been converted by American enforcement agencies into informers. What we have learnt is that there are no borders in the online world and that's making the job of the law more tough."

The new-age Villain is not a old-fashioned Gabbar Singh anymore. He has turned into a suave Mogambo and a sharp Shakaal. It's time the James Bond awakens on the other side too. What Say?

tech-news