The Exchange

Cyber Crime Evolution: Spreading Threat, Changing Tactics

The Exchange

The recent series of malicious hacks and network infiltrations at well-known news organizations and social networks has put cyber crime back in the headlines, though the prominent nature of the targets isn't the biggest worry.

View photo

.
A member of the Cybercrime Center at Europol headquarters in The Hague: Credit AP
According to one computer threat researcher, meddlesome man-made software -- which can be meant to do everything from cause a temporary minor annoyance up to looting extremely sensitive information -- isn't what it used to be, and the trouble for the good guys appears to be worsening.

"I do think it is a problem that is growing," says Ryan Sherstobitoff, senior security researcher with McAfee Labs, a part of Intel (INTC). "It's no longer something that is [only] a consumer issue or an average, everyday user issue. That's still the case in a lot of these situations, but it's now shifting toward highly targeted attacks against organizations and governments."

For instance, Sherstobitoff authored a paper released in January examining the Citadel Trojan. Citadel is known malware that primarily was associated with exploiting online banking and stealing money, but that now is also being found in cases where information, often from governmental organizations, is the target. And of course, depending on the nature of the information being sought, it may well be more valuable than actual currency.

The McAfee study details the work of a hacker organization it calls the Poetry Group, named so because of their tendency to embed poetic verse, such as lines from Shakespeare's "Hamlet," in their code. Mentions of Denmark accompanied a cyber invasion in that country that was attributed to the group.

Malware can be easy to come by and deploy for random bad actors and "mercenary" groups who are in a rush to cause a disruption or crack into a network, Sherstobitoff says. Along with these less well-organized hackers, another type of attackers use highly developed, custom code to go after a specific target. What the two have in common is that they often use a break-in technique known as spear phishing. This particular tactic tricks an individual into letting an infection in by, for instance, opening an emailed attachment in a corporate account that appears to have come from a legitimate sender. Because of that perceived safety, spear phishing can be difficult to identify for an ordinary computer user.

[For a visual tour of a cyber attack, click on the image below.]

Anatomy of a Hack Link

Image credit: Siemond Chan

While viruses and attacks span the sophistication spectrum, Sherstobitoff says professional programmers are behind the attention-getting hacks that have been revealed against The New York Times, The Wall Street Journal and government agencies, among others, in the past few weeks.

"These people that are behind this are not amateurs," he says. "They're interested in finding and selling information."

Indeed, a report in the NYT details a number of sustained attacks suspected of originating from a unit of the Chinese military that engages in computer hacking. That is, not everything is taking over a Burger King or Jeep Twitter account for some 140-character mischief. Chinese officials responded to the paper and disputed the accusations.

To Sherstobitoff, the specifics of a hacker's motivation or location significantly trails in importance to the work of eliminating unwanted visitors. "Attribution and pointing fingers is really not the game," he says. "We're really more interested in -- regardless of where the threat comes from -- we're mostly interested in how to defend against it and how to protect."

Hackers, over time, have gotten better at their breaching operations, adapting as they do to defenses that are constantly being upgraded in an effort to stop unauthorized access. As a result, they've improved at getting where they don't belong. The challenge then, for McAfee or another security software maker such as Symantec (SYMC), becomes more complex. What they're after also is evolving, with stealing information becoming more of a goal than the straight-up financial crimes of the old days.

"I don't think it's something that's ever going to go away completely," Sherstobitoff says. "We have to be better-prepared to deal with these new targeted attacks and how best to address them."

Rates

View Comments (8)