Friday, August 03, 2007

The Religion Terrorists and the Information Technology Terrorists

The Information Technology terrorists are getting as sophisticated as the religious ones--particularly those of the Islamist type. Hearing what the information security companies are finding makes me think I'm back in Iraq.

The information terrorists seem to be learning a great deal from the religious terrorists. Their tactics continue to improve and their attacks mount. But the one thing they haven't learned yet is to try and make a moral case for their terrorism. It's been working for the religious terrorists--many people take their moralistic claims hook, line, and sinker.

Information Week reported recently about the number of phishing attacks on banks around the world.

The number of hackers attacking banks worldwide jumped 81% from last year, according to figures released at the BlackHat security conference Thursday. Researchers from SecureWorks also reported that hackers going after the company's credit-union clients increased by 62% from last year.

So why are there so many more hackers this year than last? Joe Stewart, a senior security researcher at SecureWorks, told InformationWeek that highly technical and savvy hackers are no longer the only ones in the game.

Hackers no longer need to be technical wizards to set up an operation to steal people's banking information and then rob their accounts or sell their identifying information to an even bigger cybercriminal. Hacking toolkits and malware are for sale in the online underground. All hackers need are basic technical skills and the knowledge of where to go to buy what they can't build themselves.

"You go to a Web site and pay a $100 to several hundred dollars, and you can buy a turnkey exploit package," said Stewart. "You can buy the malware too, and then you're in business You put these components up on a Web site and immediately start infecting people. All you really need to know how to do at this point is set up a Web site."

This new ease-of-use is evident in the numbers.
With time, terrorists improve their tactics. It doesn't matter if the religious ones are in Iraq or not, they'll find a way to become better at the atrocities they commit. They're getting very good in Europe, fairly good in Canada, and they're starting to appear in the US.

Below is the part of the IW article that sounded the most interesting. Change a few words of it, and it sounds like raiding terrorist hideouts in Iraq.

"The amount of stolen financial data we have found since the first of the year has been daunting," said Don Jackson, a security researcher with SecureWorks and the discoverer of the Gozi and Prg Trojans. "With the Gozi, Prg, and BBB Trojans alone, we found millions of dollars of data sitting in their stolen repositories. These data caches contained thousands of bank-account and credit-card numbers, Social Security numbers, online payment accounts, and user names and passwords, and we're finding new caches of stolen data every day -- evidence that more and more criminals are getting into the game."

"Criminals are getting into the game" ... you could say that about the religious terrorists as well. They're mostly just criminals.

Hopefully the information terrorists don't start studying Karl Marx and Vladimir Lenin and Josef Stalin to soon, or we might find them announcing to the world that they are simply getting their due from the greedy capitalist pigs of America as well.


rmwarnick said...

Phishing for fun and profit. Work at home, make $$$.

rm said...

... many of the them are "[] mostly just criminals" or bored kids or really bad guys or...

the internet is a (somehow distorted) mirror of reality with a slightly different set of rules.

i'm not worried about banks (they can protected themselves, no matter what you can read in the press), i'm worried about the "naive" internet user.
they will be "damaged"

Frank Staheli said...

Good point. I agree. It's the naive user that is to worry about.

My kids use our home computer, so I've taught them how to avoid these kind of scams.

rm said...

"My kids use our home computer, so I've taught them how to avoid these kind of scams."

yes, that's important.

here is a report from GAO about cybercrime in the US.

GAO Report

rm said...

and this is a short article (on a german website - but it's in english), how the FBI tracked down a student, who terrorized a high school.


Frank Staheli said...

Interesting article about the FBI. The internet makes for some interesting situations. I would be afraid that the FBI or some other agency would use this without a warrant and en masse without anyone knowing about it. Or that information terrorists would put this kind of technology to use against their enemies.

But it is good in this case that they caught the perpetrator.

rm said...

"I would be afraid that the FBI or some other agency would use this without a warrant and en masse without anyone knowing about it. Or that information terrorists would put this kind of technology to use against their enemies."

yes i agree. there are so many aspects about this, but i think, this is not a IT tec blog and i don't want to bore people to death :x)

Frank Staheli said...

The IT part of this story almost caused me to put the article on Simple Utah Mormon Politics. But at any rate, your IT-oriented comments are welcome here!

rm said...


there is a big discussion here in germany about a software package similiar to the spyware of the FBI.
what they say is that they can catch e.g. islamic terrorists with this piece of software.

that's like the US military presenting THE new weapon against terrorism to the public and that's, yes... bow and arrow.

this kind of software is somehow "lowtech". it will only work on machines of the average computer user.

- use linux and not windows and the spyware will not execute.
- anonymous yourself and it will be hard to traceback your ip.
- encrypt data into a picture, send it over the internet and nobody will notice, that you are sending a message in the first place and not a picture of your wedding.

the goverment needs and probably has much more hightech tools to fight against cyber criminals or terrorists, who uses the net as an information and messaging plattform.
i think, this spyware/trojan stuff can be used as a mass monitoring tool, but you will not catch a single "professional" with it.
who knows, perhaps i will be arrested some day, because i visited your blog, where you can find words like "terror", "islam", "war" (just kidding).

rm said...

terrorists training on SecondLife...

"THE bomb hit the ABC's headquarters, destroying everything except one digital transmission tower. The force of the blast left Aunty's site a cratered mess. Just weeks before, a group of terrorists flew a helicopter into the Nissan building, creating an inferno that left two dead. Then a group of armed militants forced their way into an American Apparel clothing store and shot several customers before planting a bomb outside a Reebok store."

Virtual Terrorists