Information Technology Reference
In-Depth Information
Since terrorist organizations specialize in asymmetric attacks, some fear that DoS attacks
will become an important part of the terrorist arsenal [45, 46].
In a
distributed denial-of-service (DDoS) attack,
the attacker rents access to a
botnet from a
bot herder
. At the selected time, the command-and-control computer
sends the appropriate instructions to the bots, which launch their attack on the targeted
system.
Criminal organizations have discovered that a great deal of money can be made from
malware, so many of them have entered the arena, raising the stakes for corporations
and individuals trying to protect their systems and sensitive information, respectively.
Edward Skoudis paints a grim picture of the contemporary landscape:
Some attackers sell to the highest bidder customized malicious code to con-
trol victim machines. They may rent out armies of infected systems useful for
spam delivery, phishing schemes, denial-of-service attacks, or identity theft. Spy-
ware companies and overly aggressive advertisers buy such code to infiltrate and
control victim machines. A single infected machine displaying pop-up ads, cus-
tomizing search engine results, and intercepting keystrokes for financial accounts
could net an attack $1 per month or more. A keystroke logger on an infected ma-
chine could help the attacker gather credit card numbers and make $1,000 or more
from that victim before the fraud is discovered. With control of 10,000 machines, an
attacker could set up a solid profit flow from cyber crime. Organized crime groups
may assemble collectives of such attackers to create a business, giving rise to a ma-
licious code industry. In the late 1990s, most malicious code publicly released was
the work of determined hobbyists, but today, attackers have monetized their mali-
cious code; their profit centers throw off funds that can be channeled into research
and development to create more powerful malicious software and refined business
models, as well as to fund other crimes. [43]
In this section, we review a few well-known cyber crime incidents.
JEANSON JAMES ANCHETA
In 2004 and 2005, Internet cafe employee Jeanson James Ancheta created a network of
about 400,000 bots, including computers operated by the US Department of Defense.
Adware companies, spammers, and others paid Ancheta for the use of these computers.
After being arrested by the FBI, Ancheta pleaded guilty to a variety of charges, including
conspiring to violate the Computer Fraud Abuse Act and the CAN-SPAM Act. In May
2005, a federal judge sentenced Ancheta to 57 months in prison and required him to
pay $15,000 in restitution to the US government for infecting Department of Defense
computers. Ancheta also forfeited to the government the proceeds of his illegal activity,
including his 1993 BMW, more than $60,000 in cash, and his computer equipment
[47, 48].