Organised gangs are more likely than ever to be behind online attacks, according to a new VeriSign report.
The trend appears to be towards more sophisticated attacks by more organised groups, VeriSign said in its twice-yearly Internet Security Intelligence Briefing , released on Tuesday.
The criminal groups increasingly rely on massive numbers of compromised home PCs to launch their attacks, said Mark Griffiths, vice-president for VeriSign.
"It's gone away from kids having fun to criminals trying to get some financial benefits from what they are doing," he said.
Attackers can make money by holding online businesses ransom over threatened denial-of-service onslaughts, through credit card fraud or from spam income.
The report's findings are based on the data generated by the Internet services company's handling of online registrations, domain look-ups, credit card transactions and corporate network security.
The analysis suggests that PCs belonging to broadband subscribers based in the United States are unwittingly being used as a launching point for attacks. The number of security incidents has increased some 150 percent over the third quarter a year ago, and computers located in the United States account for more than 90 percent of the probes and attacks, the report found.
"It is so hard to trace these people [the attackers] back," Griffiths said. "Those computers [in the United States] are ones that are sending the attack, which likely makes them bots."
Compromised PCs, known as bots within the security community, have software surreptitiously installed by an attacker that allows the attacker to remotely control the machine.
The collections of controlled machines, or botnets, are typically used to prevent authorities from tracing the source of spam email and online attacks.
The VeriSign report found that bulk email, or spam, accounted for nearly 80 percent of all messages handled by its clients. However, bulk email also tends to be smaller in size than legitimate messages, and accounted for only 21 percent of the total bandwidth used by email traffic, the report found.
The company also found that e-commerce continues to expand, with the number of transactions up 25 percent from a year ago, and that the United States still accounted for the largest absolute number of fraudulent transactions.
However, countries such as the former Yugoslav republic of Macedonia; the African countries of Nigeria and Ghana; and Vietnam are homes of a higher percentage of fraud, VeriSign's analysis of data indicated. The company labels any credit card transaction from an IP address sourced in Macedonia as "risky", and more than 85 percent of such transactions from the other three countries are not be trusted, the company stated.
The United States' favoured status among online criminals, however, underscores that the country has to do much more to protect its online citizens, Griffiths said.
"Those users are not as sophisticated as they should be and aren't defending their systems adequately," he said. "That means we need more end-user education." He added that Internet service providers need to take a role in making customers' PCs secure.
Talkback
Take a look at what the Welsh Development Agency is doing to help address the issues in this article http://www.wda.co.uk/index.cfm/press_centre/november_2004/15_11_04 _new_partnership_in_the_fight_against_hi_tech_crime/en7079
Maybe microsoft should take the lead with a media campaign - even radio/tv, hilighting the plethora of free security updates and software to tackle this problem from the source....home users need educating in awareness...if they have the facilities to be part of a net-bot, they can access the tools and software to remove it. Teach them to help themselves prevent further vulnerability.
Until when will this misinformation spread?
Funny… This article is such a fine example of a mind virus, a rapidly spreading belief, and a false one at that. It spreads in such a way that people accept the info for granted without questioning it and spread it as if it were a scientific truth. It's not a white lie or even a harmless lie. It’s a harmful and destructive untruth in which the webmasters and online vendors are at loss and someone is stealing their profits (more on this later, bare with the story). Interesting, no? Especially since its coming from the advice of a company that is supposed to be working in their interest. How did it all begin though?
Well... There once were a group of teenagers living in a small little country. They found out about this new thing called "the internet". At first it was just fun and entertainment. But they pretty soon discovered there is much more that this “internet” thing offers. By some accident they found about this thing called "carding". They discovered they could get for free all the things they wished for as a present. It seemed almost miraculous. They spread this information to all their friends and they all got the joy out of it. It was wrong, very wrong, but they did not care. Their fun was of course short-lived. Apparently the only reason they could do that was because this "internet" thing was still in its infancy and there were many glitches in its security. But the glitches got handled and they could no longer get free "presents".
So what happened? The websites which had the security glitch fixed it and all was well. But someone had to take the blame, and it was decided that since a large percentage of the orders from a few small countries were fraudulent - " Hey terrorism fear is in vogue, why don't we call these countries internet terrorists and blame it on them?". So they published the percentages, leaving out on purpose the absolute numbers of orders (a few dozen orders in total). Somebody’s been reading "How to lie with statistics" by Darrell Huff.
So why was the percentage of fraudulent orders high, and the absolute number of fraudulent orders insignificant? Because in these countries the internet was just brought in (this was 5 years ago). And of course, as with any new technology, its always the hackers and geeks who get on first, not the housewives, retired folks, students, cheerleaders etc... The total internet population was small (a few hundred people) and consisted of mostly technological geeks. So of course what happened is these countries got listed on the blacklists and it became the internet "thumb of rule" not to sell to these countries. Everybody knew the “rule” saying not to sell to these countries, yet nobody knew exactly why, they just knew "hey everybody is doing it". The story doesn't stop there however. Eventually the internet in these countries boomed just like everywhere in the world. Everyone wanted to "get online" whether it was a girl looking for cosmetics advice, or a housewive looking for cooking supplies. Pretty soon the internet population went in to the hundreds of thousands. So now the internet population had of course come to be composed of the same percentage of legit users (99.999%) as anywhere else in the world. The untruth however stayed, the 5 year old percentage stuck as some sort of a dogmatic rule. So when the little teen girl went on to order her favourite Brad Pitt movie she learned that "we can't ship to you coz you're probably a no good stinking hacker, so bugger off".
So who's stealing your profits? Well... That's the most interesting point. You see... Those same companies that started the untruth as a part of their blame-game... They are shipping orders to these same “terrorist” countries like mad. Their response to the teen girl is "oh yes of course we'll ship your favourite movie order, we love your country! Right now! Thanks for doing business with us!". Interesting? - Yes. Hypocritical - YES!
L