Botnet saturation points to rising crime

March 16th, 2008

Our USA Today cover story today on botnets saturating the Internet revealed Support Intelligence’s astounding finding that, on any given day, 40% of the computers connected to the Internet are engaged in delivering spam, implanting malware, harvesting data, launching denial-of-service attacks and generally causing mayhem. On some days that rate spikes to 70%, says Support Intelligence CEO Rick Wesson.

That’s nightmarish.

IDC estimates roughly 800 million computers are connected to the Internet. A healthy Internet, says Wesson, would have less that 1 %, or 8 million machines, botted. On an average day, Wesson see more than 300 million bots engaging in nefarious activities.

Here’s part of an interview with CSIdentity CEO Bill Morrow about the backdrop of rising cyber crime:

Q. Are Internet-enabled attacks likely to extend deeper into mobile devices and Web 2.0 services?

A. Cyber criminals are going to attack everywhere they can. Mobile Internet is the new wave of mainstream technology. And where people go, cyber criminals will be quick to follow. You are going to run into similar problems on social networking sites that are being widely used by people of all ages.

Q: What are cyber crooks after?

A: For an identity thief, this is prime pecking ground where people have let their guards down and are freely offering up personal information. Even the smallest, seemingly worthless, piece of information allows a stranger to know more about you. With enough information, that stranger could use the information to his or her advantage.

Q Hacking and fraud toolkits make it almost child’s play to jump into cyber crime;why is this worrisome?

A. As the Internet continues to become more popular and easier to navigate, cyber crime also becomes easier.(Crime groups) can use a person’s small amount of technology knowledge and train him or her to become a cyber criminal. When they find a person with extensive knowledge, a little training and the right products can turn that person into a very skilled and dangerous cyber criminal.

Q. So are we seeing a minor league/major league scenario, with entrenched organized crime groups recruiting promising young freelancers?

A. Illegal entities see the amount of time children are spending on the computer today. The more time they spend, the more they know about the intricacies of the Internet and the more knowledgeable they are. That’s what these guys are looking for. They want people who know the ins and outs of the Internet.

Q. Two years ago, cyber crooks typically broke into a servers at a company or college and used them as hosts. What are they doing now?

A. System owners have become educated and are able to protect their servers from internal holes that would open their servers up to cyber crooks. To get around this, cyber criminals are coming up with alternative techniques that are easier than hacking a server, like phishing, in which a person receives an e-mail requesting personal or financial information. Depending on a criminal’s level of sophistication, he or she may be able to set up networks on innocent Internet users and have this unsuspecting user host stolen data or run distribution sites for content.

Q. What else are the bad guys doing to fly under the radar?

A. They use Dynamic DNS, with dial-up or wireless connections or stolen IPs. When cyber criminals are careful and do not get greedy, they can stay in the market for awhile without being detected.

Q. How come the Russian Business Network, and other host providers that supply “bulletproof” servers for criminal activities, are able to operate with impunity?

A. Many cyber criminals don’t work under their own name. They use stolen identities, stolen or open proxies, stolen IPs and annonimizers. When you are working under a false name, you are harder to trace and harder to prosecute. Just think: John Doe in Bismarck, N.D., could be minding his own business as a member of the RBN uses his name and personal information to steal other identities. If the criminal’s actions are ever seen, they will be traced back to John.

Q. How come so little is being done to stop U.S-based host providers like Host Fresh, Hop One, InterCage and others from also supplying host computers to criminals?

A. There are tens of thousands of ISP providers throughout the world. It is impractical to think law enforcement personnel could track down every one of them and then determine who the criminal truly is or whose identity is being used by a criminal. Since law enforcement agencies cannot track this activity, it is up to citizens to be their own watchdogs. This includes protecting your computer from viruses and protecting yourself from identity theft. You may not be able to stop every cyber criminal, but you can stop that cyber criminal from benefiting off of your information.