Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Expert: Online extortion growing more common

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Expert: Online extortion growing more common
Date: Sat, 9 Oct 2004 04:02:14 -0500 (CDT) 
http://news.com.com/Expert+Online+extortion+growing+more+common/2100-7349_3-5403162.html

By Dan Ilett 
Special to CNET News.com
October 8, 2004

"Six or seven thousand organizations are paying online extortion 
demands," Alan Paller said at the SANS Institute's Top 20 
Vulnerabilities conference in London. "The epidemic of cybercrime is 
growing. You don't hear much about it because it's extortion, and 
people feel embarrassed to talk about it." 

The SANS Institute, based in Bethesda, Md., offers training and 
resources related to information security.

"Every online gambling site is paying extortion," Paller asserted. 
"Hackers use DDoS (distributed denial-of-service) attacks, using 
botnets to do it. Then they say, 'Pay us $40,000, or we'll do it 
again.'" 

Paller added he was concerned that the same techniques used for 
extortion--that is, DDoS attacks--could easily be used to target 
organizations in the critical national infrastructure. 

Roger Cumming, the director of the U.K.-based National Infrastructure 
Security Co-ordination Centre, shares Paller's concern. 

"There's an enormous amount of extortion," Cumming said. "We are 
concerned...(that) the technologies of extracting money could be used 
to endanger the (critical national infrastructure). One of the things 
we are talking about is how to mitigate that threat." 

Paller called for tech companies to do better. He said that security 
vulnerabilities are vendors' responsibility to fix and that their 
products should reflect the suggestions associated with the SANS top 
20 vulnerabilities list. 

"Applications breaking after patching is the operating system vendor's 
fault," he said. "They tell developers to build applications on 
unprotected systems. But the other half of the game is that 
application vendors should have to test their products on safer 
systems. You do that with procurement." 

A representative for at least one prominent British gambling site said 
that he would rather not comment on the whole issue. 

Dan Ilett of ZDNet UK reported from London.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ISN] Purdy Tapped as Cyber-Security Director, InfoSec News
Next by Date:  [ISN] Linux Advisory Watch - October 8th 2004, InfoSec News
Previous by Thread:  [ISN] Purdy Tapped as Cyber-Security Director, InfoSec News
Next by Thread:  Re: [ISN] Expert: Online extortion growing more common, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]