Security expert predicts criminals to take cyber extortion tactics to the U.S.
A research scientist with deep knowledge of the psychological factors that drive people in different countries to take on a life of cybercrime is predicting a new wave of cyber extortion tactics will be used in attacks against firms in the United States.
Max Kilger, a senior member of the non-profit research organization,The Honeynet Project, told attendees at the SOURCE Boston 2010 conference last week that cybercriminals based in emerging countries are stepping up their attacks methods, possibly by using cyber extortion to commit crimes against firms in the U.S. Similar tactics have already been documented in attacks on businesses in Russia, China and Eastern Europe.
Kilger, a member of the National Academy of Engineering’s Combating Terrorism Committee, which was charged with recommending counterterrorism methodologies to Congress and federal agencies, has been researching the changing tactics of the hacker community.
The economic and political power of some hacking groups is rising in many countries, Kilger said. In Russia a suspected member of the Russian Business Network, a cybercriminal organization, had enough money and power to get elected to the Russian parliament, he said.
“[The Internet] is changing the probability of success in attacking something and the magnitude of the damage is increasing exponentially,” Kilger said.
Kilger’s extortion prediction hinges on research that shows a loose coupling of cybercriminals and criminal enterprises. The cybercriminals collects information on the target, while the criminal enterprises can use their muscle to physically threaten the target.
A report released by the Center for Strategic and International Studies (CSIS) in January, noted that cybercriminals may be taking on more risk by using extortion tactics to reap greater rewards. It noted a rise in cyber extortion among companies that own oil and gas refineries and electric utilities; mainly cybercriminals using distributed denial-of-service (DDoS) attacks as an extortion tool.
CSIS surveyed more than 600 IT and security executives who work for many of the companies that run critical infrastructure facilities. The survey found that one-in-five critical infrastructure entities reported being the victim of extortion through cyberattack or threatened cyberattack within the past two years. CSIS said the figure may be higher, as some extortion attempts go unreported by companies attempting to protect their reputation.
The CSIS survey found extortion most common in India, Saudi Arabia, China and France. It was rarest in the U.K. and U.S.
Security experts have already determined that money is the biggest motivator of hackers. Kilger said the hacking community is also continually driven by individuals seeking to stroke their ego by creating elegant code or proving mastery over defeating security defenses. Other hackers are desperate to gain status in a social group and cybercriminal organizations serve that purpose, he said.
“The hacking community is an aristocracy,” Kilger said. “The more skills you have, the higher status you have in the group.”
Kilger contrasted the different factors motivating people to become cybercriminals in Romania against those joining China’s growing hacking community. In Romania, he said, there isn’t a big opportunity for legitimate business and “people turn to fraud to pay day-to-day expenses.” Ego plays a large role as well, he said. In China, where the economy has a 10% annual growth rate, the black hat world is evolving at a hyper rate, he said. Chinese hackers have a strong sense of nationalism and researchers have documented “synergistic interactions” between Chinese black hat hacking groups and the Chinese government.
“They’re growing huge pools of financial resources,” Kilger said of China’s hacking community. “As they’re hacking away, they’re making big money.”
Posts
Loading ...