Cash-Crazed Cybercrooks Assault Mobile Devices - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Cash-Crazed Cybercrooks Assault Mobile Devices

A new breed of profit-motivated worm and virus writers is training their sights on nondesktop platforms, particularly cell phones.

A new breed of profit-motivated worm and virus writers is training their sights on non-desktop platforms, particularly cell phones.

Today's cyber-criminals are figuring out ways to steal a profit from hacking cell phones just as they puzzled out money-making schemes on desktops, a long-time security expert said Thursday.

Mikko Hypponen, the head of research at Helsinki-based F-Secure, was in the U.S. this week to consult with the Secret Service and FBI about ways to better communicate threats and leads on criminal hackers.

"I spent 17 years fighting kids," said Hypponen, explaining that until the beginning of 2003, hackers were mostly code-cutting joy riders who were after little more than an ego trip. "Once the enemy was only kids and teenagers, but now we're facing criminal and professional elements," said Hypponen.

The turn happened so quickly that it caught most security analysts, Hypponen included, unprepared. "At the beginning of 2003, we started seeing worms whose purpose was in some kind of way making money, often through connections with spammers. But it took us until late March or early April to realize that this was what was happening."

Fizzer was the first worm clearly written with that goal in mind -- plant a back door that could then be later accessed to turn the infected machine into a spam-spewing PC -- but Sobig.a, said Hypponen, preceded Fizzer by several months. "It was only much later that we realized what Sobig.a was doing, because it really tried to hide what it was doing," he said.

This new breed of worm and virus writers, said Hypponen keeps a criminal's low profile, unlike earlier hackers, and are for that reason much more difficult for law enforcement to nab.

"For all the news lately about arrests, you'll notice that the ones caught are script kiddies bragging to someone about their exploits," said Hypponen. "The real criminals, we have no idea where they're at. Take the author of the Bagel worms, for example. We don't even know what continent he's on. For a while it was thought he was Russian, then perhaps a Russian living in Germany. We don't know."

And these hard-to-catch, money-making cyber-crooks will inevitably repeat their patterns of discovery-exploit-profit on other, non-desktop, platforms, Hypponen said.

"Mobile, that's the next target. Until now the mobile worm area has been dominated by the teenagers and hobbyists, who have shown that it's possible to write and spread worms on phones, and have written concept code. But the criminals are right behind."

If a cyber-crook's goal is to make money, argued Hypponen, a Windows PC is actually a hard target. "Not only is writing advanced worms complicated, but computers don't have a built-in billing system," he said. "What does? Cell phones."

While there has been at least one known scam to bill victims' cell phone accounts and siphon off money -- the Mosquito game for Symbian phones, which was secretly sending messages to expensive toll numbers, billing the user and creating another revenue stream for the game's maker -- Hypponen expects to see more sophisticated schemes in the future, and a repeat of the way hackers make money in the desktop world by leasing out access to their bot networks to spammers.

"We'll see the same scenario now used in e-mail spamming when that moves to text messages," Hypponen said. "Spammers can't afford to send millions of spam text messages, so they'll pay for proxies. That's a nice game for them. They can send spam without paying for the messages as they hide at the same time.

"It looks like a perfect kind of crime," he added.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll