As criminals operating online have begun to realise the potential commercial value of Internet-related crimes, so they have started to investigate other ways of using malware to line their pockets.
As criminals operating online have begun to realise the potential commercial value of Internet-related crimes, so they have started to investigate other ways of using malware to line their pockets.
To me, the saddest part about this whole thing is the depths these people will go to in order to make a fast buck. I mean, if you’ve got to rob people blind in order to obtain what you think will make you happy, there is something definitely wrong with you. If you ain’t happy making $15,000 a year, you won’t be happy making $15 million a year either.
“To me, the saddest part about this whole thing is the depths these people will go to in order to make a fast buck.”
This same statement could apply equally to malware people, Hollywood, the Recording industry, the IT industry, the government, the Mafia, etc. Everybody wants your money. But whether it’s the corporations committing white collar crimes, the street criminals doing it their way, or the simply the government squeezing you out of extra taxes, somebody’s going to get it. Such is life.
We have long believed that internet crime was just about ruining ones computer with a virus or creating zombie pc’s for some mindless ddos attack. But now that e-commerce is becoming more mature and more people use internet for financial transactions, criminals have taken notice. As IT-professionals or hobbyist, we tend to view security in the context of technology, and would forget that this sort of crime could grow into a mulitmillion dollar ‘business’ with serious criminals/criminal organizations going after everyone cash and id’s. People will get killed over this kind of stuff, in fact, in my country there was a killing between members of gangs that were involved in the distribution of illegal software.
My point is, it might be the technical guys and girls (call them nerds if you like) who make these crimes possible, it will be bigshot gunwielding criminal organizations behind it .
The problem isnt the crackers breaking in to add malware spyware or adware for big business to display there ads.Its the big business who can care less how a client hired gets the work done.The company who will do anything for advertiseing.
The company who doesnt do research into an advertiseing company to see how it gets the advertiseing done.
Go after these scumbags and the crackers will go back to warez.
The net is still very young,the few laws related to the internet is nothing compared to whats needed.
I know of people getting big big money to spam cell phones and emails and pda’s.Its not only his fault for wanting to make money at his illegal craft,but its also the company who hired him and doesnt care how he gets it done.They are not dumb either,these companies know damn well how those few hired do there work…..there is no other way to do it but illegally.
A sad state of affairs. Being a (former) information security professional myself, I can say the security industry has deliberately made the mass user believe that computers can be made really or at least significantly safe by technology. This could not be farther from the truth — in fact solving security technologically is an asymptotically impossible undertaking. What the security industry has accomplished is it has been rasing the bar for the criminals, which in turn raise the bar, too, and then the process is repeated and perpetuated in a vicious circle. It is, in fact, true that the criminals are the ones who raise the bar first, and then the security industry is the one that plays catch up, not vice versa. Considering the above, I would like to make the bold statement that computer safety today as far as the end user is concerned is actually at the level of computer safety 15 years ago, given that both the criminals and the security people were at roughly the same technical capability level 15 years ago just as they were today. However, things have been approaching a turning point distinctly in favour of the criminals. Whereas in the past most viruses and spyware attacks have been random, today, as the article says, they become customized and as the article implies (although it doesn’t use this wording) the nature of the attacks changes. Just as it is impossible to catch all totally new viruses, it is impossible to catch all totally new threats, viruses, phishing or others, but this time it is closer to impossible, and it will ultimately become next to absolutely impossible. Think about it for a moment — as long as you use e-mail for example, it is possible your system to be compromised with a customized attack, even if you sit behind 3 firewalls and run every antivirus system available, and all your system and application software is maximally patched. It just takes one customized deliberately unpopularized virus and a bit of social engineering (yes, social engineering works even for the most intelligent and knowledgeable people — if you’ve received 1000 letters with attachments from your closest friend, but the 1001th letter has a “customized” virus, will you really think before opening the 1001th? And in most cases social engineering is not needed — there are multiple new system and application vulnerabilities released every day, bad people do have a few hours on their hands before a patches for them are issued, sometimes much more. They are /I judge by myself, because I am able, too, but I’m not a bad guy / able to write a customized virus to penetrate an organization of choice via the e-mail route quite easily — and the e-mail route is not the only one). Also, the virus can sit quietly and intercept your visiting e-commerce and e-banking sites — just the ones that your company or you as an individual use, and redirect you to fake ones. Nothing can save you except changing the minds of the people who are against you before they sent off the virus — by the time the virus has been identified, you’ll have lost. And the next time the virus is going to contain just enough different code as not to be caught as a variation, and don’t even think of any heuristics antivirus engine of saving you, either.
I’m a very optimistic person but in this case the road is only downhill from the current situation (and has been so for quite some time), unless the mindset of the people changes through proper education. I mean, what are criminals except people at whom education has failed? And we have to ask if there are so many criminals, is the quality and type of our education what it is touted to be — sorry if that comes off as philosophical but ultimately, ONLY discussing and considering technology is going to lead us nowhere, so philosophical or not, we are going to have to eventually face our problems unless we want to be in for a really hard time.
Don’t get me wrong, I am not under the delusion that by itself, security research is bad. Of course not — knowing ways to apply technology as a protective and corrective measure always will have value. However, it ultimately is not doing anything to solve the real reason for the problems, it only helps us to suppress the symptoms caused by those real problems, until the next time increasingly difficult to suppress symptoms appear.
Well said and agreed!
At some point with all the spam and phishing, there will be a “Internet Czar” appointed (ala Drug Czar – & we see where the “war” on drugs has gotten) – a cry will come out for someone to fix the internet because of <insert bogus reason here> (e.g. “the children…”, “terrorists”). So only the rich and few will eventually be able to host or be found in M$AOLTIMEWARNERGOOGLE search engines… so ends the free speech of the internet and it becomes a “TV wasteland” (almost there…).
Sorry to be pessimistic, but politics and short term thinking seems to overrule any real/intelligent solution/education.
That is likely, but it wouldn’t work. The US isn’t the only country online. The Internet would be fine. You’d just have to use offshore hosting.
True unless it is blocked by “Homeland Security”…hosting is no good if users can’t find/reach your hosts… or other countires go the way of “Enraq”… we may be the US, but the NWO’$ rule the world.
B wrote:
“At some point with all the spam and phishing, there will be a “Internet Czar” appointed (ala Drug Czar – & we see where the “war” on drugs has gotten) – a cry will come out for someone to fix the internet because of <insert bogus reason here> (e.g. “the children…”, “terrorists”). So only the rich and few will eventually be able to host or be found in M$AOLTIMEWARNERGOOGLE search engines… so ends the free speech of the internet and it becomes a “TV wasteland” (almost there…).
Sorry to be pessimistic, but politics and short term thinking seems to overrule any real/intelligent solution/education.”
Short-term thinking and day-to-day living is the hallmark of people all over the world, with few exceptions, and no wonder our politicians are SO “GOOD”…
The rise of such an Internet Czar or Czars is undoubtedly going to happen or perhaps it has already happened in some less prominent form.
The fact today is there are fewer and fewer good sites and discussion forums free of flames by ego-driven individuals, so it is kind of becoming a “wasteland”. At least the Internet will always be better from the TV, because at least you can choose your sites to visit.
I’m not sure about Homeland Security preventing foreign hosting — it is not unthinkable, of course, but if it happens, then the American government will start to resemble its supposed antipode, the Chinese government… If you start acting as your opponents, you become like them…