O'Reilly logo

Enemy at the Water Cooler by Brian T Contos

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

having career-long allegiance to a single organization, are experiencing this
problem. When I was in Beijing, I heard the same complaints from some of
their largest telecommunication organizations who worry about their intellec-
tual property and security safeguards being exposed.
IDC conducted a survey in 2005 in which they asked organizations if
they felt the most serious threats were from internal or external sources. The
results of the survey showed that as organizations get larger, their concerns
about internal threats increase while concerns related to external threats
decrease. Roughly 30% of the very large organizations felt that the threat was
about equal. This is illustrated in Figure 1.1.
Figure 1.1
Tools of the Trade
The number of threats is growing at an increasing rate.Techniques used by
criminals are becoming more sophisticated, faster, harder to detect, and can be
much more damaging than those of the past. A discussion of all the combina-
tions of exploits, techniques and threats from port scans,Trojans horses, viruses
and worms through buffer overflows, packet sniffing, and man-in-the-middle
attacks would require volumes and is outside the scope of this book.
However, the increased number of threats makes it worthwhile to explore a
www.syngress.com
34 Chapter 1 • Cyber Crime and Cyber Criminals 101
424_Wtr_Clr_01.qxd 7/26/06 12:58 PM Page 34
cross-section of tools, techniques, and concepts, because they help illustrate
the multitude of methods that criminals are using. Some examples of how
these tools have been used and how the malicious individuals using them
have been prosecuted can be found in Appendix A.
Application-Layer Exploits
With strong security safeguards, patched operating systems, and enhanced
security configurations on network gear, many attackers have moved their
focus to the application-layer.These are things like web applications, instant
messaging, peer-to-peer (P2P), media players, business applications, backup
applications, and even security applications. Since many security solutions
don’t protect these applications, it is now open season for attacks. It is worth
mentioning that there are new tools appearing in the marketplace, tools that
automate code vulnerability analysis—including applications. As these tools
become more mature, they may offer some relief to the growing problem of
application vulnerabilities as well as to vulnerabilities found in operating sys-
tems and other key components of IT.
Botnets
Botnets (short for robot networks, also called bots, zombies, botnet fleets, and
many other things) are groups of computers that have been compromised
with malware such a trojans, backdoors and remote control software.These
compromised systems are typically unprotected home-user systems connected
to the Internet via broadband. Once compromised, they can be remotely con-
trolled as a group to carry out malicious tasks. Many security professionals
believe that botnets—not spam, viruses, or worms—are the biggest threat on
the Internet.
Users typically have no idea that they have on their system malicious soft-
ware that allows a criminal to remotely control it.These fleets of botnets can
number in the hundreds of thousands, and the individual or group that con-
trols them has its own revenue stream. In fact, a new trend is the renting of
botnets as a distribution mechanism for other malicious actions. Botnets can
be used for a multitude of things, such as distributing spam, phishing scams,
the installation of malicious software, and conducting distributed denial-of-
www.syngress.com
Cyber Crime and Cyber Criminals 101 • Chapter 1 35
424_Wtr_Clr_01.qxd 7/26/06 12:58 PM Page 35

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required