Cyber-Criminals getting more sophisticated

Cyber-criminals and their tools are getting bolder and more sophisticated. Online crime is easier because tools for carrying out attacks are readily available.

Cyber-Criminals getting more sophisticated

Robert Hoyler thought hackers who brokeinto his computer stole only his bank account information. But it turned outthat the thieves also left something behind: a hidden software virusthat recorded his every keystroke.

So when Hoyler's bank issued him new account numbers andpasswords, the hackers got all that information, too. His health insurance,online shopping and Social Security data went into a file in a master databaseat a Web site controlled by the attackers, stashed among personal informationon more than 3,220 U.S.residents.

"These guys got everything, but all I knew was that my financialaccounts were compromised," said the 66-year-old Fairfaxengineer, who learned of the virus from a reporter who used forensictools from computer-security firm SunbeltSoftware in February to locate the Web server hosting Hoyler's privateinformation.

Such attacks are evidence of the sophistication and depth oftechnical manipulation by hackers, and the challenges facing consumers and lawenforcement agencies in fighting them.

 Online crime is easier, in part because tools for carrying out attacksare readily available and harder to purge from computers.

Moreover, for consumers like Hoyler, there is often nosurefire way to know how or what information has been stolen.

Notifying individual victims is time-intensive and expensive, and lawenforcement agencies and credit bureaus say it's not their job.

Many viruses that send junk e-mail also include password-stealingcomponents, and some combine such technology with fake Websites mimicking trusted online brands, which can be particularly deceptive.

More than 1,000 fraudulent sites known as "phishing" sitesare erected each day, according to the Anti-Phishing Working Group, anindustry organization.

Scammers can net 20 to 100 victims per case, according to CastleCops, avolunteer group of security experts that analyzes malicious software andphishing sites and provides information to police, Internet service providersand affected companies.

 Contributing to the proliferation of Web-based crime is the broadavailability of online tools.

"Basically we're at the point where the scammer can go into the virtualtackle store and buy all the equipment he needs to get a phishing scamworking," said Lance James, founder of security-softwaredeveloper Secure Science.

"There's the guy who writes the [virus] who says, 'Here's your phishingrod, here's some of our best bait, here are the best sites to attack, and ifyou pay me an extra $200, I'll tell you some of the best sites you can hackinto.' "

The virus that stole Hoyler's information came from Websites based in Eastern Europe, according tothe information tracked by Sunbelt Software. It infiltratedthe new-accounts department of a major U.S. bank, a medical patient database inGeorgia and an Alabama district attorney's office containing a databaseused by police departments to trace people, according to information obtainedwith the Sunbelt software.

Hoyler's bank told him in January that someone had tried to wire money outof his account. Days later, Fidelity Investments notified himthat someone tried to use his log-in information to purchase thousands ofshares of an adult-entertainment company.

The USgovernment has acknowledged a need to do more for identity-theft victims. Lastyear, the USadministration created an identity-theft task force that has proposed creatinga center that would help victims.

The United States Federal law enforcement officials said they routinelyprovide data they uncover on compromised credit and debit accounts toMasterCard, Visa and other credit-card issuers.

The FBI also said it recently began sharing caches ofstolen consumer data with the fraud departments of the three majorcredit-reporting bureaus.

But because credit-card companies often do not get any more informationabout the extent of the breaches, victims of viruses or scams may think thattheir problems have been resolved after being issued new credit or debit cards.

And such agencies as the FBI handle too many incidents tonotify online crime victims individually. "We're just getting overwhelmedwith this [compromised] consumer data, but it's not exactly law enforcement'sjob to call each victim and explain the situation," said DanLarkin, an FBI agent who heads the National Cyber-Forensics& Training Alliance in Pittsburgh.

Credit bureaus are not required to notify consumers. "The creditbureaus work on behalf of banks and companies that grant credit," said AriSchwartz of the Center for Democracy and Technology, a consumeradvocacy group in Washington.

"They're not set up to be consumer-oriented businesses." And thecredit bureaus say they are not in the habit of reaching out to consumers whoseprivate information may have been compromised.

"Normally we would not put a fraud alert on a file without a consumerbeing involved" or initiating it, said Maxine Sweet, avice president with Experian, one of the three majorcredit-reporting bureaus.

"That's just not something we generally do."

Source: The Washington Post


Güncelleme Tarihi: 20 Eylül 2018, 18:16