The Enemy: Cyber Criminals
The list of categories of cyber crime is growing, & is, for the most part, advancing in lockstep w/ technology advances. Some of these crimes overlap, but a non-exhaustive list of tools used to commit these crimes includes:
1. Viruses
2. Trojans
3. Malware
4. DOS & DDOS tools
5. Botted or Zombied Computers, iPads, & Smartphones
6. ISO layer 2-4 Spoofing tools
7. Plus, an enormous toolbox of legitimate networking tools, which can be retasked for scanning, reconnaissance, intel gathering, & attack.
These tools are used in the commission of the following cyber crimes:
- Doxing: Publishing an individual’s private information online. This information often includes an individual’s real name or aliases, real world contact information, passwords, political leanings, & financial information. In the past several years, the release of private email, pictures, & video has accelerated.
- SPAM: Spamming refers to the practice of sending unsolicited bulk messages (mostly by email, but also by SMS, blog SPAM, junk faxes, etc.), especially advertising, indiscriminately. Spamhaus estimated that in the year 2011, the number of spam messages is totaled ~ seven trillion (7,000,000,000,000). Given that there exist ~ 7 billion people, simple math tells us that in 2011, >100 SPAM messages were sent for every person on Earth.
- Phishing: The message is the “bait” – relies on deception in order to either acquire private information such as usernames, passwords, or credit card details, or to install malware without the user’s knowledge on the user’s computer, by masquerading as a trustworthy entity. Typically email is the vector, however, IM & other social media channels are often used. Closely related to phishing are Pharming (malicious website redirection) & Vishing (use of Voice over IP – VoIP – as the vector).
- Technical Hacking: The use of the tools mentioned above to literally break into & assume root or administrative access on a networked device by taking advantage of poorly written software or poorly secured hardware. Once root access is gained, the criminal can transfer a subset of the tools mentioned above to the compromised device in order to continue their criminal activities with the benefit of reduced risk of detection, since the IP address of the attacking device is no longer directly associated w/ the criminal.
- Social Hacking: This takes many forms (some have been mentioned above) & relies upon deception or intimidation in order to obtain – typically – private or confidential information.
- Intellectual Property Theft: This category includes activities such as plagiarism, warez distribution, direct IP theft, & DRM violations.
“& the beat goes on… Da da dum da dum da da”
– Marshall Mathers
The goal of cyber criminals is to commit one or more of these crimes using a subset of the tools listed above, to minimize the probability of prosecution (& as part of this, to avoid detection altogether), & to – generally – profit economically from the endeavor.
One particular class of attack – DoS & DDoS — is gaining popularity due to its ease of use, its relatively untraceable path to the attacker, its ability to target a particular victim or class of victims, & its devastating adverse effect on the commercial activities of the victim(s). More on this in the next article…
Tagged: Bots, Botted, cybercrime, cybercriminals, DDoS, Denial of Service, Distributed Denial of Service, DoS, doxing, drm, hacking, hacktavism, intellectual property theft, internet, malware, pharming, phishing, root access, social hacking, spam, technical hacking, technology, trojan, Virus, vishing, Zombies Image may be NSFW.
Clik here to view.
