Hackers Find Crime Can Pay

The motives of Internet hackers have shifted from malicious behavior to monetary gain, and the growth of online identity theft, extortion and fraud are highlighted in the semiannual Internet Security Threat Report released Monday by the California-based security firm Symantec.

The threat from information-stealing software now exceeds the threat posed by computer viruses and worms that knock out computers and spread themselves via e-mail, Symantec said in its report, a much-read barometer of Internet security.

“Whereas traditional attack activity has been motivated by curiosity and a desire to show off technical virtuosity, many current threats are motivated by profit,” Symantec said.

Between Jan. 1 and June 30, malicious software code that revealed confidential information represented 74 percent of the top 50 malicious code samples reported to Symantec, up from 54 percent in the previous six-month period.

While information theft is on the rise, the ability of viruses and worms to spread has been limited because corporations are promptly patching known security flaws in their software, the company said.

Identity theft is often accomplished by phishing, in which a bogus e-mail message directs the recipient to an imitation website that mimics the appearance of a bank or Internet merchant website. Consumers are asked to “update” or “confirm” their personal information, and in doing so unwittingly disclose Social Security, credit card or bank account numbers. Phishing attempts are up 100 percent in the past six months, Symantec says.

Another identity theft technique involves spyware, which in its most extreme form steals Social Security numbers, passwords and other information stored on a computer’s hard drive, either by searching for it or by recording the computer user’s keystrokes. Spyware typically reaches a computer by being inadvertently downloaded from a website or by being secretly bundled with free downloadable Internet software used for listening to music or watching movies on a computer.

Both phishing and spyware are hard to block because they enter a consumer’s computer through the Web browser, said Elias Levy, San Francisco-based architect of Symantec’s DeepSight Alert Services, a subscription threat advisory service for corporations. The Web browser cannot be blocked by a computer’s firewall without bringing all Internet use to a halt.

Some extortion is on personal level. After breaching a PC’s defenses, a hacker can install a malicious program called Gpcoder that encrypts (or encodes to prevent reading) documents, spreadsheets and database files, Symantec said. The program leaves the computer user a message about how to obtain a $200 program to remove the encryption.

Other extortion efforts operate on a vast scale, such as threats to take down Internet gambling websites during during time-sensitive betting on sports events, Levy said. Gambling websites, illegal in the United States and therefore operate from outside U.S. borders, collectively had estimated revenue of more than $7 billion last year. As a result, hackers can demand that they be paid thousands of dollars in exchange for not shutting down these websites at crucial moments, he said.

Attackers can shut down a gambling site by using thousands of “zombie” or “bot” personal computers that have been secretly taken over by viruses or other malicious computer code. Those computers can be used to simultaneously deluge a website with incoming messages, which would paralyze the betting, Levy said.

Even relatively inexperienced attackers can use bot attacks because the software has been posted on the Internet for anyone to use, he said.

“If these gambling websites lose a time window for betting, they are done,” Levy said. “That makes it easier for attackers to hit the sites at the worst possible moment.”