For the average non-specialist computer user, it’s more important to understand the general shape and evolution of computer attacks than it is to know specific details. For the cyber threat landscape is forever changing – as soon as the technical detail and outward form of any one attack become public, there will be astute minds working on a new variant designed to keep ahead of public knowledge and outwit security measures.

Dave Endler, Senior Director of TippingPoint’s DVLabs security research team, goes through several aspects of cyber-crime today, including the various methods botnets are contributing to the finances of cyber crime, how affiliates make money from cyber crime, and the future of cyber crime and industry.

SV: How has Cybercrime changed over the last five years?

Dave The most significant development in computer attacks since 2005 has been the shift from cyber mischief to cyber crime. The traditional notion of the hacker was of a bright teenager (or ’teenager at heart’) out to crack the system and win peer respect for being ’cool.’ That type of threat has not gone away, but it has been eclipsed in recent years by cyber-crime attacks specifically designed for financial gain. The new breed of criminal hacker uses their power not to cause damage, nor to show off, but rather to make money.

SV: Most people are aware of ID and credit card theft, what other ways does cybercrime make money?

Dave: The most obvious ways to make money from breaking and entering a system are analogous to the housebreaker’s opportunities:

• theft – you can steal sensitive company information and sell it to a rival
• syndication – you can sell the entry secret to other criminals
• blackmail – you can simply threaten to sell the stolen information, or the entry secret, unless the company pays you to keep quiet
• protection racket – you prove that you are capable of entering the system and threaten damage, or to sell the secret, unless paid protection money
• kidnap – you can take over all or part of the company system and use it to do your illegal work, such as mass mailing spam e-mails .

SV: What about sales of botnets, fakeware and malware?

Dave: There has been an emergence of fakeware/malware through affiliate networks where programs such as fake anti-virus software are offered at a low price. The payout is usually small but that is where a botnet army comes into play. One would need to install a lot of links to make a good income. The best way to do this is to automate the process so that thousands of links can be set up via computers that have been infected to make them act as ”slaves” (botnet). Then these computers can send millions of spam e-mails, get unsuspecting users to click on the links and download malicious software and potentially “recruit” their computer into the botnet.

SV: So is there any good news?

Dave: This shift to criminal gain is disturbing, but it does offer one ray of hope. It doesn’t usually serve the criminal to cause real damage. Even under a protection racket, there is more to be gained by threatening to crash the system than by actually doing it. It’s nasty, it’s expensive, but it isn’t quite as scary as the grudge attacker or the hacker whose main motive to trash your system is revenge.