This article can also be found in the Premium Editorial Download "Information Security magazine: Reflections on the impact of Sarbanes-Oxley."
Download it now to read this article plus other related content.
Evolution of a Hacker|
by Adam Stone
Internet pranks give way to crime.
The game, if it is a game, starts in the early 1990s with students and whiz kids breaking into corporate and government systems just to show it can be done. They leave calling cards, tokens of their presence: a bit of harmless nose-thumbing.
So much for the fun.
By the end of the decade, hackers begin tampering with systems as a means of humiliating corporate know-it-alls. The temperature rises as black hats leave systems hanging, stop traffic, destroy files and deface Web sites. Worms self-propagate throughout systems, delivering payloads that grow steadily more malicious.
By 2001 and 2002, password stealers, keyloggers and other crimeware enter the scene, harvesting personal data from users' computers. Trojans commandeer online banking and other secure services.
By 2004, the rapid rise of phishing schemes shows there is money to be made, at least in theory, but initially there is no market for this data,
| no infrastructure to convert scams into cash.
"It was analogous to stealing a Picasso or a van Gogh and then saying, 'OK, now where do I sell this thing?'" says Jose Nazario, a senior security researcher at Arbor Networks.
But by 2005, organized criminals geared up for lucrative profits. Today, complex international criminal interests scrub cash gained through diverse schemes and move it across borders, while underground organizations sell and lease do-it-yourself kits with all the code you need to commit your own online fraud.
Welcome to the world of professional crimeware.
This was first published in January 2008