A Door Way to a New Crime Wave


The Internet in and of itself can be an intimidating network filled with hoaxes and criminals that are out to make what was intended to be an new source of communication freedom, seem like a trap in which any one of us in this world can become an unsuspecting victim to a number of cyber crimes. As these crimes increase, so to does the terminology and definitions that describe them. Viruses are no longer the sole worry of those who look to defend themselves from a computer or information systems attack. There is a laundry list of definitions that the common user needs to be aware of to avoid making themselves and their private computer and information systems vulnerable, which would allow the cyber criminals of today to exploit the many door ways to their Identity Theft crime waves.

Malicious Software Codes

Have you noticed that your computer system is running unreasonably slow? Does it stall when shutting down, or refuse to turn off. Do some of your applications freeze on startup? Are you often prompted to download a Malware removal tool from a websites that had conducted a “Free Courtesy Virus Scan?” If you experience any of these frustrating and sickly computer symptoms, then your workstation is probably the victim of some form of malicious code. Malicious code is the first avenue that an attacker can take on a vulnerable information system. When the common computer user thinks of the Malware, the majority would probably think the words viruses, or spy-ware. Very view would be aware of the other malicious codes that exist, codes such as worms, zombies, logic bombs, software key-loggers, backdoors, or root kits. The US Department of Homeland Security has termed all of these codes as Crimeware, as they are typically used to breech the security of an information technology system, and perform criminal activities such as data compromise or theft. The old trend of attack was to knock down or disable the workstation, which probably forced the user to reinstall the operating system. But with the advent of e-commerce, a new trend of intrusion is emerging.

Cyber criminals now wish to gain as much access to a user’s data as possible and a clean install probably destroys the target. The trend now is to attack with out being detected, which would slow the system down to some degree, but would allow the attack to probe the user’s data, and possibly reveal credit card numbers, account information, and other data which could in turn be used to steal ones digital self.

Though the home user is more vulnerable to attack, due to the lack of major corporate funding to implement the advanced intrusion detection/prevention tools of today, the target is shifting to corporate America. According to the US Department of Homeland Security, and the Science and Technology Directorate, cyber criminals with the use of Malware or Crimeware, are targeting more and more corporations to gain access to intellectual property and general business data. Malicious code being Malware or Crimeware is dangerous enough when it is deployed on its own, but when coupled with social engineering, it becomes a dangerous avenue of attack for any unsuspecting user.

Denial of Services

According to Cisco Press Denial of Services is a type of network attack design to bring the victimized network to it knees by flooding the network with useless traffic. This attack is by far the most commonly feared among major corporations in that an attack on its services is an attack on the business model of the company itself. In other words, denying the web service of an online search engine, or the FTP service of online FTP site, causes down time, this in turn translates in to the loss of corporate income. Denial of Service attacks can be deployed using a number of venues. According to Michael T Simpson, the Ping of Death is a modified ICMP packet that is redesigned to violate the maximum ICMP packet size of 65,535 bytes, which is then used to crash or freeze systems as they attempt to respond to the oversize packet. This simple but effective packet can completely deny a Network Interface Card access to the Internet just by the overflow of pings that the host under attack is attempting to respond to.

The Distributed Denial of Services attack can use the malware code known as zombies which have been installed on a multiple home user’s computers, to then attack a single corporate information system. This type of attack is used to fool the Intrusion Detection Systems of the corporate office into logging the IP addresses of the zombie infected host, and hides the true origin of the attack. This has the added tactical effect of the attacked host being digitally surrounded by the attacker’s probes and spoofs, and an attack that can exist for extended periods of time due to the fact that the originator of the attack can reproduce the attack at will from a number of unsuspecting hosts. Zombies can be coded as viruses, worms, or logic bombs. The virus is downloaded when the user opens a non-suspicious looking email, probably a hoax, and would unsuspectingly download the virus onto the workstation. As a result the virus would then use services running in the background of its host machine to then carry out an attack on the destination server or workstation. Worms would act in the same manner, but do not have to be attached to a message to spread to and from the host. The logic bomb could exist as either a virus or a worm but would begin the Denial of Service attack at a predetermined date or the start of an event, rather than relying on the user to execute the malicious program.

Social Engineering and Identity Theft

According to Michael T Simpson, Social Engineering is using an understanding of human nature to obtain information from people, and is the most common form of information security breech. Human nature in the case of social engineering is people’s natural instinct to trust one another. Social engineering can take the form of the “chain letter email” where the attacker states that bad luck or other miss fortunes will strike the user who doesn’t pass the message on, and good fortunes await the user who passes the message on to a pre-determined amount of “friends.” Social engineering can also be exploited through a simple telephone call asking for an email address of a fellow employee. A social engineering attack is often just a precursor to more devastating attack. Though the leaking of an email address may not seem important, it may give the attacker a means to introduce countless forms of malicious code into the company’s internal information systems infrastructure.

As a result of these various forms of cyber attacks, a new and terrifying form of cyber attack that has emerged within the last decade. Identity Theft has evolved out of social engineering and malware attacks and now encompasses almost every aspect of information system security exploits. According to the Federal Trade Commission, this form of attack uses information technology to gain access to an individuals data to then reproduce a digital copy of that individual that can then be used to make false purchases with credit cards, pose a an citizen of a nation to which the attacker does not belong, or falsely accuse the Identity victim of a crime that that individual did not commit. The Federal Trade Commission also notes that nearly 8.5 million Americans were the victims of Identity Theft crimes in the year 2006. This form of attack is becoming more frequent and more destructive. According to reports Identity Theft 911 Inc., TJ Max and its subsidiary stores were victims to an Identity theft attack where more than 60 worldwide banks reported fraudulent charges that used the information obtained from this attack. A more dramatic and compelling article from Identity Theft 911 Inc. notes that the biggest banking security breech in American history was used to access 676,000 accounts during and inside attack from employees of Bank of America, Wachovia Bank, Commerce Bank, PNC Bank and the former manager of the New Jersey Department of Labor.

This attack also gives rise to the firm believe that employees, and not the advance cyber terrorist and hackers of today are truly the most dangerous attack in a corporation. A cyber-terrorist who wishes to attack and compromise data must first break in to the corporate network, by pass the Intrusion Detection Systems, avoid honey pots which are designed to fool and entrap attackers, and then locate the most useful and profitable information to make the attack worthy. An employee on the other hand could easily dumpster dive by not shredding documents as ordered, piggy back into a more highly secured area of the office due to their relationships with fellow employees, or shoulder surf passwords or other data by looking over a fellow employee, or a customers shoulder All of these internal attacks are another form of social engineering, which in the banking identity theft case, was used with disastrous consequences. The premise of this attack used a false collections agency under the scam name of DRL which sold its information to 40 law firms to conduct collections on behalf of the shell company using the Social Security numbers, account numbers, and account balances of the stolen data. Many of the targeted New Jersey customers had to close old accounts and open new accounts ranging from the normal checking accounts to some brokerage accounts.

Proper Defenses

What can be done to defend ones self from these advanced digital attacks. Well the most low cost form of defense comes from awareness and a little common sense. Leaving the workstation on even thought it is not in use is almost a sure fired way of being attacked with out the user’s knowledge. If the workstation is not password protected, an attacker can simply sit down and start obtaining data with little or no effort. Preventing a remote password guessing or brute force attack is as simple as shutting down the workstation during non-business or off hours. This will limit the attacker’s time frame in which the actual brute-force attack can be implemented. The easiest manner in which a user can prevent data theft or corruption is powering off the device which stores the data. However, turning of workstations or servers is simply not an option for some corporations. Advanced firewalls and Intrusion Detections Systems are often used as combined forces to deter or prevent attackers.

Firewalls are hardware of software systems that are designed to block specified TCP/IP ports that are used to access services both in and out bound on a network interface. Intrusion Detection Systems are most commonly used to track or log these port attacks base on administrative rules defined by a systems administrator or Chief Information Security Officer. Honey pots, which are information security traps that are designed to be vulnerable to attack to lure the criminal in to an unsuspecting trap can also be used in combination with an Intrusion Detection System to increase the corporations IT security. Still, these systems are not enough to protect corporations from attack.

As seen in the Bank Identity Theft Case, no firewall could have blocked the intrusion into the private lives of the holders of the 676,000 bank accounts of the Wachovia, Bank of America, Commerce Bank, and PNC Bank Identity theft crime. This crime was committed from inside these security barriers, which exploited another gapping and often overlooked hole of information security. Social engineering exploits peoples natural instinct to trust others, but more so, it exploits the lack of corporate training of recognizing this and other forms of attack.

As a home or corporate user, self awareness above all is your best defense amongst this digital crime wave. There are a number of websites and journals that provide the most recent news and information concerning the types of potential attacks that a computer operating system, network operating system, or corporate information systems infrastructure may be vulnerable to. Symantec, the corporation that has one of the most deployed Small Office Home Office security systems in Norton Internet Security, also lists the latest common Malware threats to computer operating systems on their Threat Awareness Website. IT professionals may also find the latest corporate level security exploits at http://cve.mitre.org/ which is a list the standardized names of the security vulnerabilities and exposures that has been submitted by various vendors and agencies associated with the information technology industry. Corporations should conduct quarterly and annual preventative training, with special focuses on social engineering.

Summary

The Internet, and networking in general has, become an intricate part of our everyday lives. As the businesses and countries of this world continue to link and communicate between one another, we must all keep a watchful and ever aware eye on the barrage of attacks used by the same technology that was meant to increase the standard of living and commerce. No Information System will ever be 100% secure from the attacks that are possible, but training and preventative maintenance can make the attacks more detectable, and reduce the downtime of a service if an exploit is breeched. We should all continue to be mindful that no matter what advances we experience in information technology, more and more the target in the end, is becoming the human individual themselves. Corporations and individual home users must learn from past mistakes, incorporate those mistakes and the lessons learned into training, so that the door way to these cyber crimes will ultimately begin to close.

Bibliography

US Department of Homeland Security, Science and Technology Directorate (2006) “The Crimeware Landscape” 3-5, 9-18

This is a joint report that defines and describes the affects of various Malicious Software Codes, termed Crimeware in the report, and how these codes are coupled with other forms of attacks such as hacking and social engineering.

Michael T Simpson (2006) “Hands on Guide to Ethical Hacking and Network Defense” 3, 50-57, 4, 76-83

This book covers in preventative measures, and tools used in the avoidance of information systems attacks. It explains the importance of vulnerability testing, and ethical hacking both at home and at the corporate office.

Federal Trade Commission (2005) About Identity Theft

Retrieved March 4, 2007 from http://www.ftc.gov

This website offers government recommendations and advice concerning protecting individuals from Identity Theft.

Identity Theft 911 (2006) “TJ Max being sued over ID Thefts”

Retrieved March 1, 2007 from [http://www.indentytheft911.org]

This article reviews the fall out from the TJ Max and Marshalls stores Identity theft crime that was discovered in January 2007. It review several civil lawsuits slapped against this company and the possible punitive punishments should any fault be found in the handling of this crime by TJ Max

Identity Theft 911 (2005) “Wachovia, B of A Nailed in Inside Job”

Retrieved March 1, 2007 from [http://www.indentytheft911.org]

This article reviews the charges and persons involved in the New Jersey Identity Theft crime spree that victimized 676,000 bank accounts of Wachovia, Bank of America, Commerce Bank and PNC Bank.

Symantec Corporation (2006) Latest Threats

Retrieved March 4, 2007 from
http://www.symantec.com/enterprise/security_response/threatexplorer/threats.jsp

This website is used to quickly identify the latest malware threats by name logged by the Symantec Corporation. Each threat in this list has a threat level, and has a detailed description on how to remove the threat should a system be infected.

US Department of Homeland Security, US CERT (2007) Common Vulnerabilities and Exposures

Retrieved February 3, 2007 from http://cve.mitre.org/

This website offers a standardize list and numbering system of information security vulnerabilities and exposures. It is an attempt to take all of the possible terms and syntax used to identify threats and convert those terms into a standardized IT language.

Cisco Press (2004) “CCNA 1 and 2 Companion Guide3rd Edition” 1, 5-6

This book describes internetworking, over viewing industry as well as Cisco proprietary routed and routing protocols, and various Cisco devices.

Related posts