Hackers Use Technology to Extort Vulnerable Companies

Malware is the main threat to Internet security, Dixon said. Some malware attacks network infrastructures, allowing creation or alteration of ID and pass cards criminals can use to enter facilities. Programs can lock users out of their own keyboards during a loan, bank account, or credit card application and view and manipulate sensitive data.

Bots enable financially motivated Internet crimes on a grand scale, said Danny McPherson, chief research officer- Arbor Networks. Botmasters use their weapons -- compromised computers -- to commit click fraud, install adware, view illegal porn or commandeer unknowing users’ webcams, he said. As many as 157,000 bots are recruited daily, according to CyberTrust research.

Sometimes all that’s needed is a threat. For example, during Super Bowl week, a botmaster could extort an online bookmaker by vowing to shut down its operations, McPherson said. Bots have become a commodity, and there’s “an entire economy involving the trade of the bots themselves,” he said: “People will pay for untraceable servers. People will pay for stolen information.” Spammers pay botmasters for e-mail addresses and other data, he said. When antispam services like Blue Security block bots, a botmaster can redirect them to attack Blue Security, McPherson said.

“Following the digital trail” to those responsible “is still very difficult,” McPherson said. NCSD relies on tips from network operators “noticing something is wrong,” he said, noting that NCSD has a secure instant messaging server that takes incident reports at www.us-cert.gov. All businesses need their own operational security teams able to “adapt on the fly” when threats emerge, Dixon said: “The landscape is rapidly changing, and awareness is an issue.” Simple fixes like firewall updates can screen many threats, he said: “If you're not staying on top of those things, you're just asking for it.”