This article can also be found in the Premium Editorial Download "Information Security magazine: Is your data safe from next-generation attackers?."
Download it now to read this article plus other related content.
From massive botnets to targeted phishing and transacting Trojans, today's new breed of attacker is more dangerous than ever.
More information from our sister site SearchSecurity.com
Learn how to protect your organization against organized cybercrime.
Visit our Guide to Thwarting Hacker Techniques for tips and expert advice on defending the enterprise against hackers.
There's not much West Coast-cool to Christopher Maxwell and Jeanson James Ancheta. Both Californians are young and cocky, don't have great jobs and are staring down the barrel of multi-year prison sentences for herding bots and dropping adware on compromised computers.
This is the face of today's hacker: someone like Maxwell who, by day, works at Wal-Mart and, by night, prosecutors say, corrals drones for his botnet. Or like Ancheta, who was driving a BMW before his 21st birthday, and made more than $60,000 from adware purveyors and from renting his botnet to spammers.
Their respective schemes were elaborate and lucrative.
In their wake are hundreds of thousands of unwitting victims preyed on through compromised corporate and home computers.
For some, like Northwest Hospital in Seattle, the toll was much more serious. Maxwell allegedly used the Sasser worm to exploit Windows machines running the vulnerable LSASS login verification service. The worm aggressively scanned the hospital's networks looking for additional vulnerable servers and clients and degrading service to the point where administrative functions like records management, patient admissions and billing were forced offline. Patient care continued, but the hospital had to reschedule one procedure and alter that patient's treatment schedule.
All of this, authorities say, to net a 15-cent commission for each bit of adware dropped onto an unsuspecting machine. But 15 cents on thousands of machines adds up quickly.
These cases, documented in voluminous court filings, are examples of the type of for-profit crime plaguing the Internet. The days of hackers vying for bragging rights with splashy tricks that show off their skills are long gone.
Today's cyberattackers are marshaling botnets, developing targeted code and hocking their exploits with one goal in mind: money. Although some attackers work alone--lone wolves, as one U.S. Department of Justice official puts it--others are part of large, organized operations.
For users, this trend can result in online fraud that drains bank accounts and steals identities. For businesses, the impact can be equally harsh. Confidential data gets lost, operations are disrupted, and reputations are tarnished.
This was first published in June 2006