The botnet peril

news — Mon, 09 Mar 2009 13:11:22 +0000

For as many times as we have heard that e-commerce is at risk due to the actions of sophisticated cyber-criminals, it is astounding how little has been done to protect against wholesale attacks against users and, more importantly, against the major retailers who are more and more dependent upon commercial trade over the Internet. It is this very dependency that accounts for the high value of so-called asymmetric attacks, and today’s nemesis in this regard is the botnet, ad hoc confederations of unsuspecting users’ computers that have been coopted by cybercriminals through the use of malicious software.

The Hoover Institution recently published a call-to-arms about botnets, provocatively declaring that botnets should be called “electronic weapons of mass destruction”, given the fact that critical infrastructure can be easily put at risk by botnet operators. And this point is driven home in the fact that major power and telecommunications utilities are already highly interconnected with the public Internet, thus allowing for the asymmetric leveraging of tens or hundreds of thousands of mundane home computers — via the illicit introduction of malware — into attacks on such things as SCADA (supervisory control and data acquisition) elements that manage critical infrastructure.

As a case study, the article’s authors explore the case of the April 2007 cyberattack against Estonia, both in terms of what was put at risk as well as how the world should respond to such cases. Although we still find it a stretch to make the parallels with military conflicts too concrete, the point is well taken that such forms of asymmetric warfare put the advantage in the corner of the attacker, whether that attacker is a sophisticated nation-state or a ring of profiteering cyber-criminals. Both of these groups are abetted by the same lack of security on the Internet.

Although the article is long on observation and short on prescription (aside from advocating a very active form of defence), it is a very well-reasoned summary overview of the threats that exist today on the Internet. In short, it explains why we need a call-to-arms and what might happen if we don’t heed the warning.

The article entitled eWMDs: the botnet peril by John J. Kelly and Lauri Almann appears in Policy Review, No. 152, Dec. 2008/Jan. 2009 by The Hoover Institution.

Underground digital economy spotlighted

news — Mon, 24 Nov 2008 11:58:16 +0000

In October 2008, the Symantec Corporation published its Report on the Underground Economy, which is the culmination of a year-long effort to observe and record the behaviors of bad actors in the cybercrime arena. By watching the activities of malicious botnets over a long period of time, Symantec’s researchers were able to identify likely interaction strategies for trading stolen digital cargo and services.

What’s most interesting about this report is not the specifics of any particular set of cybercriminals, but instead in the number of channels used to convey the goods as well as the pedestrian style of commerce, including several online How-To guides, used to entice would-be sellers to peddle their stolen goods.

Although this report is heavily biased toward reporting numbers and statistics, by enumerating price lists for stolen data and of the number of command-and-control networks used on a daily basis by cybercriminals, CISOs can put a much more firm opportunity cost estimate for failure to apply proper controls to sensitive customer data. In addition, in an appendix to the report, Symantec offers readers its recommendations for mitigation strategies to shore up data security risks.

seki » cybercrime

The botnet peril

Underground digital economy spotlighted