Misuse of Computers and Databases: The Bad Guys Get Smarter
The first image of computing that's burnt into my memory was a room populated with computer scientists wearing white lab coats. There's been a big change since then and today computing isn't populated only by scientists in white lab coats or good guys wearing white hats.
- Forrester Study: The Total Economic Impact of VMware View
- From Insight to Foresight: Using Business Analytics to Improve Customer Lifetime Value
The bad guys in the black hats continue to grow in technical sophistication, which is a nasty trend when combined with ubiquitous computing and universal connectivity.Decades ago the earliest threat from cyber-criminals was persons who had insider access to systems and physical access to facilities. This was how Stanley Mark Rifkin was able to steal millions from a bank using its wire transfer system. Then there was David Prouty, who worked for a company that supplied point-of-sale systems that processed credit cards. That gave him access to credit card information using the systems sold to customers of his employer.
The crimes committed by people who required no insider status or physical access increased with the advent of credit cards, ATMs and debit cards. The paradigm shift in the credit and payment industry permitted low tech solutions to stealing, such as obtaining cardholder information and using card encoding devices.
The Internet explosion dramatically increased the opportunities to make money by cyber-crime. It was no longer necessary to obtain insider status or figure out how to penetrate a physical plant. However, there has been a surge of thefts of laptops and disk drives, not because of the device's value but because of the value of the data they contain.
The value of data is what makes cyber-crime via the Internet an attractive proposition.
This type of crime has attracted a class of criminals who are more technically sophisticated than the carders with their encoding devices attached to PCs. Some recent schemes have involved hackers who've had the knowledge to exploit insecure wireless networks. Their use of private forums, virtual private networks and encryption have enabled them to set up international criminal conspiracies. They've used sophisticated money laundering schemes to avoid detection by the global banking system. They've been able to penetrate systems without detection.
Next we'll look at an example of one such operation that was able to exploit insecure SQL databases.The value of data is what makes cyber-crime via the Internet an attractive proposition.
This type of crime has attracted a class of criminals who are more technically sophisticated than the carders with their encoding devices attached to PCs.