Hackers for hire

What started out as an online businessman's dirty tactic lasted for almost half a year and cost victims over US$2 million.

The plan: disable the competitions' Web sites. The accomplice: a 16-year-old hacker-for-hire from New Jersey.

The U.S. Federal Bureau of Investigation arrested both businessman and hacker, but not before the damage had been done. This incident, which happened recently, demonstrates how much the nature of the cyber criminal has changed over the past few years -- from script kiddies and "cyberpunks" to hackers, crackers and cyber gangs -- according to a North American study on organized crime and the Internet.

The study, dubbed Virtual Criminology Report, was commissioned by Santa Clara, Calif.-based McAfee Inc. and authored by James Andrew Lewis, senior fellow and director, technology and public policy program for Washington, D.C.-based Center for Strategic and International Studies.

The objectives for attacks have also transformed from "bragging rights" to hacking for profit, terrorism and industrial espionage, said Lewis.

Over the last decade, he said, hackers have started to organize into sophisticated network-based global communities - exchanging recent exploits, plotting future attacks and yes, offering hacking services for the right price.

While shady businessmen could be counted, on a smaller scale, as among these hired cyber guns' customers, they are only a small piece of the pie. Professional criminals remain the biggest patrons of hackers-for-hire, according to Lewis.

"(Criminals) hear there's this new way to make money so they go out and find the talents that will let them commit the crime. In fact, in some of these hacker sites, people are available for hiring as consultants. It's part of the culture now."

According to Lewis's report, the FBI estimated that cybercrime cost the US economy about $400 billion last year. Losses from phishing schemes alone reached US$1.2 million in 2004.

The growth of e-commerce and the increasing wealth of information stored on network computers have been like magnets that attracted criminals into the Net, the study said. US e-commerce was valued at almost US$70 billion in 2004. Sixty million North American residents are currently engaged in online banking.

"As increasing valuable activities (occur) on the Internet - as people use it for business, for online banking, for commerce, for storing valuable information -- it has become very attractive to criminals," said Lewis.

Cybercrime tools -- keylogging, bots, denial-of-service, packet sniffer, spyware, trojan, worms and viruses -- have been emerging almost as rapidly as new technologies are being developed. Unprotected computers, for instance, are probed within minutes after logging on to the Internet, Lewis said.

Because the Internet provides anonymity and global connectivity, cyber criminals are almost always getting away with their crimes. According to the report, it is believed that only about five percent of cyber criminals are caught and convicted.

The borderless nature of the Internet is posing great difficulties for law enforcement agencies to pursue cyber criminals. Merely finding a hacker's Web site is not sufficient to locate him. They can register their identity in one country without ever having to be physically located there, Lewis said.

If the IP address comes from a particular country, almost always that's not where the attack originates, he said.

Increasing sophistication of cyber criminals is taking its toll on public confidence in online transactions.

According to Lewis, 49 per cent of North Americans polled in a recent survey said they are concerned about e-commerce security and 29 per cent are hesitant about online banking.

"That's where the cost of this really comes in. We have something that could make our economies more productive but the fear of cybercrime is reducing that opportunity," he said.

This story, "Hackers for hire" was originally published by ITWorldCanada.com.

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies