04:22 PM
Thomas Claburn
Thomas Claburn
Connect Directly

Machine Wars

Cybercrime used to be personal. Today, it's professional and pre-programmed.

Cybercrime used to be personal. Today, it's professional and pre-programmed.Recall computer security expert Tsutomu Shimomura's effort to track hacker Kevin Mitnick in 1994. There was a personal rivalry fit for detective fiction.

But these days, as I discovered researching InformationWeek's upcoming security feature Machine Wars, hacking is automated.

There are many areas where expertise can be automated and made available through software. In medicine, we now have expert systems that automate aspects of the diagnostic process. So perhaps it's no surprise that hackers are releasing tools that automate attacks. But the advent of crime bots also owes something to emergence of organized gangs of cyber criminals. Experts indicate that such groups are increasingly funding the development of worms, viruses, and the like.

The arrest of members of a Russian cyber crime gang last July by the UK's National Hi-Tech Crime Unit and its counterparts in the Russian Federation represents an example of this trend. The gang is believed to have extorted hundreds of thousands of pounds from online bookmakers after crippling their servers with a denial of service attack to demonstrate the dangers of failing to pay protection money.

According to a spokesperson for the UK NHTCU, "The denial of service attacks were launched from compromised machines (ie: zombies) via a botnet."

Like John Henry in his storied race against a steam drill, IT admins are killing themselves trying to keep up.

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.