快猫短视频

It’s a steal

A SPATE of online attacks in the past month on well-known websites such as
Yahoo and CNN has left the Internet community reeling. But as the FBI continues
to hunt for the culprits, most security experts agree that such attacks are the
work of talented opportunists with too much time on their hands, and that they
merely dent the reputations of the companies targeted.

Far more dangerous, they say, is the emergence of real crime on the Internet.
As professional criminals become more computer-literate, we can expect a wave of
criminal activity mirroring the crimes that people encounter in the real world.
Government agencies are worried. So they should be, say legal experts, because
loopholes in the law and the inherent difficulty of catching cybercriminals will
severely curtail the authorities鈥 ability to fight back.

Blackmail, impersonation, fraud, drug dealing, information kidnapping and, of
course, straightforward theft, have all taken place in cyberspace. In fact, IT
security experts are finding that just about any non-violent crime that can be
committed in the real world can find its way onto the Internet.

And the increasing availability of downloadable 鈥減oint-and-click鈥 hacking
tools, supplied on the Internet by hackers, means serious criminals will be able
to carry out similar, albeit simplified attacks. With such tools the hacker
doesn鈥檛 need to understand 鈥渉ow鈥 they are hacking, only that the can do
it鈥攚ith worrying ease. A spokeswoman on Internet crime at Britain鈥檚
National Criminal Intelligence Service in London readily admits: 鈥淚鈥檓 sure that
they [professional criminals] will take advantage of these point-and-click
迟辞辞濒蝉.鈥

Thomas Olafsson, a security consultant with the Swedish IT firm Defcom WBK
International, agrees: 鈥淭here are more and more powerful tools becoming
available on the Internet. This is leading to a new crime wave.鈥 Olafsson is one
of a growing number of so-called white hat hackers鈥攃omputer experts
employed by companies such as banks and e-commerce businesses to break into
their networks and expose weaknesses before patching them up. He says fraud is
already an established industry on the Web.

In the course of his work, Olafsson goes undercover and hangs out in online
hacking communities to learn the latest tricks that hackers are using. These
communities exist in Internet relay chat rooms, unmonitored virtual groups that
are impossible to discover, let alone join, without an invitation from an
existing member.

And some of the hackers are not simply messing around. The boundary
separating mischief from serious criminal activity is often crossed in this
setting. 鈥淭his is where you can find out about the latest break-ins,鈥 he
explains. 鈥淭hey always like to boast about them.鈥 Lists of credit card numbers
are bought and sold in these chat rooms, usually via information brokers鈥攁
euphemism for the bagmen of organised crime.

Another example of an emerging Internet crime is 鈥渕ugging鈥, says Olafsson鈥檚
colleague Gary Grant, a risk management specialist with Defcom. This appears to
be another activity on the increase as online banking takes off. In the last six
months there have incidents in Russia, Israel and Scandinavian countries.

Muggers prey on the weakest link: account holders, who tend to have little if
any security on their home PCs. One technique, called a middle-man attack,
involves getting between the bank and the client during an online transaction.
In this way, the criminal can pose as the bank to the client, and as the client
to the bank, appearing legitimate to both while filtering money off to another
account.

It鈥檚 like taking money from someone as they withdraw it from a cash till, the
only difference being they won鈥檛 notice until it鈥檚 too late. 鈥淚n principle, it鈥檚
the same as a mugging but without the threat of being identified,鈥 says Grant.
And this is the crux of the problem鈥攊t is easy to remain anonymous online.
Even with the tightest security system and the best computer forensics labs,
catching the culprit is fraught with difficulty.

Intrusion-detection software already exists, but being detected while hacking
a network doesn鈥檛 carry the same risks as being caught red-handed committing a
corresponding crime in the real world, because the criminal鈥檚 presence is only
virtual. Detecting a breach rarely means catching an intruder. According to Mark
Owen, Internet lawyer with Harbottle and Lewis in London, cybercrime will
definitely increase鈥攁nd new legislation will inevitably need to be
introduced to cope with it. 鈥淎t the moment there isn鈥檛 legislation to cover some
crimes, such as spamming,鈥 he says. 鈥淪o people are having to stretch existing
laws to apply.鈥

The very nature of the game encourages such activity, says Grant. If a bank
heist goes wrong, it鈥檚 over at a stroke. If your cyber attack fails you can
simply switch off and try again later from another machine at another location.
The ability to strike with impunity encourages some hackers to attack targets
such as the Pentagon several times a day.

This creates an uneven playing field that the average Internet user, and even
the security agencies, are largely unprepared for. Mitch Dembin, founder and
legal adviser of the San Diego Regional Computer Forensics Laboratory in
California, is painfully aware of this. He has found that law enforcement is
frequently made even harder because a lack of standard procedures can result in
the tainting of computerised evidence by investigating officers.

Meanwhile, the NCIS and other national law enforcement agencies have no idea
of the true scope of the problem. According to the NCIS, estimating the precise
scale of criminal activity is difficult because online retailers鈥攏ot
wishing to attract bad publicity or expose themselves to further hacker
attacks鈥攔arely report such incidents. Credit card companies are also keen
to play down the problem, highlighting the security measures that their networks
have in place. But as a spokeswoman for Visa International reluctantly admits,
despite their best efforts to advise their clients, they can鈥檛 guarantee the
security measures taken by online retailers.

Civil rights

And there are rich pickings to be made by criminals from the rash of
e-commerce start-ups, according to experts like Frank Cilluffo, director of the
Taskforce on Information Warfare at the Center for Strategic and International
Studies in Washington DC. Why bother attacking an established credit card
company鈥檚 highly secure firewall, which may well have taken months if not years
to develop, when newcomers present such an easy target?

All too often, 鈥渆-tailers鈥 have rushed to go online in a bid to be first in
the market, and as a result security has suffered, says Charles Palmer, manager
of network security and cryptography at IBM Research. According to Palmer this
is the biggest threat to online security. 鈥淎nd it鈥檚 not just companies, it鈥檚
also Web servers,鈥 he says.

Palmer believes that 鈥減ublic key infrastructure鈥, an industry-recognised
encryption system, is the solution. This would allow people to encode messages
and transactions to ensure the security of their communications. But civil
rights groups see PKI it as a threat to privacy. This is because the authorities
would have access to sensitive personal information as a result of running the
encryption process鈥攃ritics say it鈥檚 akin to handing your house keys
over. But, says Palmer, 鈥減eople think they are interested in their
privacy but they give it up willingly鈥. Indeed, surfers often give personal
details over the Internet without a second thought for the consequences.

Perhaps a bigger concern arises from evidence that even PKI isn鈥檛 infallible.
Techniques have already been developed that allow a hacker to find private
encryption keys hidden on a hard drive or even a server
(快猫短视频, 15 January 2000, p. 10).

So while mischievous hackers might grab the headlines for the moment, there
could be much worse to come. As the Internet population grows, so too will the
number of 鈥渞eal鈥 crimes鈥攁nd real victims. And it seems nobody will be
immune.

Examples of crime on the internet

More from 快猫短视频

Explore the latest news, articles and features