Breaking bad: Drugs, bots, hackers, and cyber insecurity

Dread Pirate Roberts, the ZeroAccess botnet, and Russian data thieves all mark a big week in cyber crime

Page 2 of 2

The savings in energy costs alone are reason to cheer this blow against ZeroAccess, as estimated by Symantec researchers:

The bitcoin mining activity, which uses computational power to generate bitcoins, a type of virtual currency, would consume an additional 1.82 kWh per day for every infected computer, if that computer would be turned on all the time. Multiply this figure by 1.9 million for the whole botnet and we are now looking at energy usage of 3,458,000 KWh (3,458 MWh), enough to power over 111,000 homes each day.

Back on the dark side, security researcher Brian Krebs continued to roll out revelations about the Russian data-theft group known as SSNDOB. In addition to stealing massive amounts of personal data from firms like LexisNexis and Dun & Bradstreet, the Russian hacker group infiltrated the servers of the National White Collar Crime Center, a clearinghouse for data used by law enforcement.

But as InfoWorld's Serdar Yegulalp notes, "the most embarrassing aspect of these attacks is how they were executed via an exploit and a bug that in theory should have been fixed for quite some time." It seems all of SSNDOB's exploits attacked vulnerabilities fixed in the most recent versions of Adobe ColdFusion.

"[I] found it interesting that the attackers were able to dump an entire database without being authorized to do so," said Gary Alterson, senior director of Risk and Advisory Services at security consulting firm Neohapsis. "Dumping a full production database isn't normal behavior, and even if it were OK, it shouldn't be done without a change ticket. So the dumping of databases across the environment should have raised a flag somewhere."

Springing up to meet that need are companies like Hold Security, whose efforts contributed to uncovering SSNDOB's break-ins at the data brokers. The company recently expanded its security services to include monitoring of forums where cyber criminals sell or trade the data they've stolen. Hold Security then alerts organizations that their data is circulating on underground hacker forums. Founder Alex Holden says his company has profiles on as many as 10,000 data thieves who are causing security headaches worldwide. In the last month alone, Holden said company analysts came across more than 100 million stolen user IDs and passwords.

As in any other business, cyber criminals are in competition with one another. Holden says there have been instances of one hacker ratting out another to Hold Security's analysts in an attempt to shut down their competitor. "There is no kinship between certain thieves," he said.

For a closer look into the malware and malicious hacker gangs roaming the online world, check out Roger Grimes' account of 7 sneak attacks used by today's most devious hackers. Grimes looks at some of the most innovative techniques that "stretch the boundaries of malicious hacking," including fake wireless access points, cookie theft, file name tricks, waterhole attacks, and bait-and-switch tactics.

As ingenious as the methods might be, the fallout from these attacks is sobering:

When a hacker modifies your system in a stealthy way, it isn't your system anymore -- it belongs to the hackers. The only defenses against stealth attacks are the same defenses recommended for everything (good patching, don't run untrusted executables, and so on), but it helps to know that if you suspect you've been compromised, your initial forensic investigations may be circumvented and fought against by the more innovative malware out there. What you think is a clean system and what really is a clean system may all be controlled by the wily hacker.

In light of that bracing news, maybe John McAfee plotted his return to the spotlight just in time.

This article, "Breaking bad: Drugs, bots, hackers, and cyber insecurity," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter.

To comment on this article and other InfoWorld content, visit InfoWorld's LinkedIn page, Facebook page and Twitter stream.
| 1 2 Page 2
From CIO: 8 Free Online Courses to Grow Your Tech Skills
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.