Lurking hackers get harder to deteck, study reports
LURKING HACKERS GET HARDER TO DETECT, STUDY REPORTS

By THE ASSOCIATED PRESS
Published: November 25, 2008

SAN JOSE, Calif. — Internet criminals have been getting more "professional” for years, trying to run their businesses like Big Business to get better and more profitable at selling stolen data online. Now the bad guys of the cyber-underworld are exhibiting other unexpected traits: remarkable patience and restraint in stalking their unsuspecting victims.


Photo provided

Advertisement

A new report by antivirus software vendor Symantec Corp. details a trend that highlights the inventive ways criminals are figuring out ways to make money online.

Hackers are sometimes breaking into online businesses and not stealing anything. Gone are the bull-in-the-China-shop days of plundering everything in sight once they’ve found a security hole.

Specialized fraud

Instead of swiping all the customer data they can get their hands on, a small subset of hackers have concerned themselves with stealing only a very specific thing from the vendors they breach — they want access to the compromised companies’ payment-processing systems and nothing else, according to the "Symantec Report on the Underground Economy,” released Monday.

Those systems allow the bad guys to check whether credit card numbers being hawked on underground chat rooms are valid, the same way the store verifies whether to accept a card payment or not.

It’s a service the crooks sell to other fraudsters who don’t trust that the stolen card numbers they’re buying from someone else will actually work.

Quick and easy

The bad guys hardly touch anything. The customer data for that store’s clientele remains intact. The hackers don’t install malicious software that turns the compromised machines into spam-spewing robots.

Think of it like taking a used car to a mechanic for an inspection before buying. Only in this case, the mechanic’s a squatter who’s holed up illegally in some other guy’s shop and using the other guy’s tools when no one’s around at night. And he cleans up spotlessly, once he’s done.

"They treat these things fairly pristinely so they can maintain access,” said Alfred Huger, vice president for Symantec Security Response.

In the company’s yearlong look at 135 so-called "underground economy servers” — all public servers hosting mostly legitimate chat channels, with a few bad ones catering to cyber crooks — researchers found criminals have latched on to this tactic as a way to make money and self-police peers.

The company says it didn’t get inside the compromised servers that carry even more secretive back-channel conversations, because doing so would have broken the law.


Toolbar sponsored by: David Stanley Ford
Bookmark and Share

Related Topics: Science and Technology, Technology, Computer Technology, Software, Hackers


Your thoughts!

Thank you for joining our conversations on NewsOK.com. We encourage your discussions but ask that you stay within the bounds of our terms and conditions. Please help us by reporting comments that violate these guidelines. To review our rules of engagement, go to Commenting and posting policy.

Editor's note: It is not our intent to offer comments on local crime or fatality stories.

Leave a comment

Log in below or sign up (it's free).