Difference Between Zombie Attacks And Cybercrime
In many instances, hackers are interested in more than simply releasing viruses on the Internet. Experts who are intent on breaking into remote systems can be chillingly resourceful in carrying out their intrusions. Once having infiltrated a system, they can leave secret “back doors” that will afford future entry without detection. They can install programs that will monitor keystrokes and perform functions to “sniff out” passwords and other useful information. And, leaving users completely unaware, they can secretly take over scores of computers at a time, turning them into “zombie” machines whose power can be used to launch and disguise subsequent attacks. Having secured an army of zombie computers, hackers can initiate a concerted onslaught against a commercial Web site or other target, overwhelming the system to such an extent that legitimate customers are unable to access the sites. Such “denial of service” attacks have been carried out against Yahoo!, eBay, and other popular Web sites.
Some of the worst attacks have represented so-called blended threats, combining the worst features of viruses, worms, hijacked computers, and denial of service. The “Code Red” worm of 2001, for example, was designed to order more than 1 million infected servers on a predetermined date to launch a denial-of-service attack directed at the White House Web site. Government officials, working with a cadre of computer-security experts, managed to deflect the attack from the White House, but Code Red still caused more than $2 billion in cleanup costs for infected computers.
While intrusive hackers represent a serious threat, the real danger in terms of the estimated $50 billion in computer crime each year unquestionably comes from within. Computer-security experts observe that the overriding threat to an organization is its own employees, whose theft, sabotage, or ineptitude can wreak havoc. For example, in a federal case from 2002, two people were convicted of using their access as employees of a major bank to steal credit-card information from several dozen accounts, then passing on the information to accomplices who made nearly $100,000 worth of purchases with the stolen accounts. In an even larger case from 2002, three New Yorkers were accused of using stolen passwords to access the personal information of more than 30,000 people, resulting in nearly $3 million in losses. According to figures reported by the Federal Trade Commission (FTC), stolen credit-card information posted on the Internet cost the companies that issue credit cards more than $3 billion annually.