Cyber warrior

This month Trend Micro reported on a mass web attack that has already been dubbed the 'Italian Job II'.

  • E-Mail
By  Sean Cronin Published  May 7, 2008

Trend Micro believes that Eastern European gangs are actively recruiting the best and brightest computing graduates to generate new and more deadly attacks.

"We have evidence of them running recruitment drives in universities in the Eastern Bloc where they are paying double or triple for a university graduate than that individual could expect to earn from working for a bank," says Doo.

Trend itself became a victim of such an attack in March when its UK and Japanese sites were hit by malicious 'iFrames', which are HTML tags that link to other websites.

As many as 165,000 other websites were also affected.

So has Chang ever been tempted to hire the hackers themselves as poachers turned gamekeepers? "Absolutely not," he says.

"We never hire these guys. Our credibility would be at stake. First of all you have to ask are they better than our own engineers and the answer is 'no'.

It's not difficult to write the script - attack is not the difficult bit, it is defence that is the difficult bit."

However Trend is not averse to going 'undercover' as Chang says, with its engineers visiting bulletin board sites under the guise of being hackers.

"We send our experts to their BBS groups in order to find out what new technology they're using," he says.

Like the viruses of the physical world, computer viruses are also developing into super-bugs or what software engineers describe as 'polymorphic' viruses - able to change themselves every time they infect a new computer host.

"They're like the flu virus - you can't immunise against them because they come out with these new strains," says Doo.

Attacks may increase this year as hackers seek to exploit the web traffic generated by events such as the Olympic Games or the US elections to steal personal information and attack networks.

Security experts expect a surge in so-called social engineering attacks, which exploit human error to steal from or damage computer systems.

"There will be an attack around the Olympics, there will be one around the US elections, anything like big sporting events, big political events, or big natural disasters will generate them," says Doo, citing the case of a website that was established to receive credit card donations for tsunami victims that caught the attention of the FBI's serious crimes unit.

"With this one the donations were actually being passed on but their credit card details were at the same time being logged and sold on three or four months later," says Doo.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code