Also referred to as DDoS-attacks (Distributed Denial of Service). Network resources (eg. web-servers) are limited in the number of requests serviced simultaneously — it is limited in capacities of the server as well as width of the channel used to connect it to the Internet. If the number of requests exceeds allowable, either operation of the server will become considerable slower, or users’ requests will be ignored at all.
Taking advantage if this, computer hackers initiate “garbage” requests to the attacked resource, with the number of such requests manifold exceeding potential of the victim resource. A “zombie-network” a mass DDoS-attack starts attacking one or several internet-resources entailing failure of attacked network nodes.
As a result, the attacked resource becomes inaccessible for common users. Usually Internet-stores, Internet-casinos and other businesses which are highly dependent on efficiency of Internet-services are affected. Most often distributed attacks are arranged either to discredit competitor’s business or request money for stop the attack — an Internet-racket of a sort.
In 2002-2004 this kind of criminal activity was quite common. Later it recoiled, which seemed to be accounted for by successful police investigations (at least several tens of people all around the world have been arrested) and due to quite successful technical countermeasures (to such attacks).
Botnets
Special Trojans – ‘bots’ (from “robot”) are created for this kind of networks, centrally managed by the remote “master”. The Trojan intrudes into thousands, tens of thousands or even millions of computers. This enables the master of the “zombie network” (or “bot-network”) to access resources of all infected computers and use them to own benefits. Sometimes such networks of “zombie-machines” come into the black Internet-market where they are acquired by spammers or rented.
Calls to premium-pay numbers or sending paid SMS
Cybercriminals, or groups of cybercriminals, create and distribute a special program which illegally makes telephone calls or sends SMS messages from mobile phones, which is not authorized by the user. Before this or in parallel the same time the same people register the company on whose behalf a contract with the local mobile provider on paid service is made.
Naturally, the provider is not notified that these calls are not authorized by the user. Then a Trojan calls a paid telephone number, the mobile company выставляет accounts for the numbers which initiated the calls and pays the hacker the sum defined by the contract.
Stealing electronic currency
To be more precise, this includes creation, distribution and maintenance of Trojan spy programs aimed to steal funds from personal e-wallets (e.g. e-gold, WebMoney). Trojan programs of this kind collect information on access codes to accounts and send it to their “master”. Usually the information is collected by searching and decoding files which store personal data of the account’s owner.
Stealing banking information
This is currently one of the most common types of criminal activity on the Internet. In this case numbers of credit cards and access codes to Internet personal (sometimes even corporate) bank accounts ((“Internet-banking”) are at risk. In such attacks Trojan spies use a wide range of methods. For instance, they show a dialogue window or image which duplicates the web-page of the bank and request login and password from the user to access the account or a credit card number (similar methods are also typical of phishing — spam mailings with imitation text which reminds a message from the bank or other Internet-service).
In order to get the user to enter his/ her personal data, social engineering tricks are used. The user is informed about negative consequences if he does not enter the code (e.g. internet-bank will cease to serve the account) or that something very positive will not happen (“a lot of money will be deposited on your account — please, confirm your account details”).
Often a keylogger Trojan (“keyboard spies”) are waiting for the user to connect to his original banking web-page and capture symbols inserted from the keyboard (i.e. login and password). For this purpose they monitor launch and activity of applications and if user uses a browser, compare the name of the website with the list of banks registered in the Trojan’s code. If the web-site is found in the list, the keyboard spy is activated and the tapped information (the sequence of keys) sent to the hacker. Trojans of this type (unlike other bank Trojans) do not reveal themselves in the system.
Stealing other confidential information
Hackers may take an interest not only in financial, but any other valuable information — databases, technical documentation e.t.c. To access and steal this information specially developed Trojan spies intrude into victim computers.
Also legal network applications are known to be used for the attack. An FTP-server, for example, would secretly intrude into the system or file-exchange («Peer-to-Peer» — P2P) program software would also be secretly installed. As a result, computer’s files became accessible from the outside. Due to numerous incidents, connected with felonious use of P2P-networks, they were officially banned in France and Japan in 2006.
Cyber blackmail and cyber extortion
Cybercriminals create Trojans which can encrypt a user's personal files. The Trojan penetrates the system, searches for and encrypts the user data and then leaves a message that files are not subject to restoration and that the decryption program can be obtained by contacting the address given in the message.
Archiving user files encrypted with a long password is another notorious method of cyber blackmail. Once the original files have been archived, they are deleted followed by a request to transfer a certain amount of money in exchange for the password to the archive.
This type of cybercrime (data encryption) is critically dangerous from the technical perspective. In other cases it is possible to protect the computer from the Trojan, however in this case one has to deal with firm encoding algorithms. If such algorithms and keys (passwords) are long enough, it becomes technically impossible to restore files without getting the information from the hacker.
Evolving “delivery methods”
To commit the crimes described above, cybercriminals have created and distribute network worms which have caused numerous Internet epidemics. Their major aim is to install criminal Trojans on as many computers as possible in the global network. Mydoom and Bagle, notorious since 2004, and the Warezov mail worm, which emerged in 2006, are examples of such worms.
In some cases the aim is not that of “maximum coverage” — vice versa, the number of infected computers seems to be purposefully limited, not to attract too much attention of law enforcement agencies. In such cases victim computers are intruded not by the uncontrolled network worm, but, for instance, through infected web-page. Criminals can register the number of visitors to the page and the number of successful infecting — and develop the Trojan code when the required number of infected computer is reached.
Targeted attacks
Unlike mass attacks, aimed to infect as many computers as possible, targeted attacks have an altogether different purpose — to infect the network of a certain company or organization or implement a specially developed Trojan agent to the single node (server) of the network infrastructure. Companies in possession of valuable information, such as banks, billing companies (e.g. telephone companies) e. t. c. are at risk in this case.
The reason why bank servers or networks are attacked is obvious: criminals are trying to access bank information, illegally transfer funds (sometimes — in very considerable amounts) to the account(s) of the hacker. When billing companies are attacked, the aim is to access clients’ accounts. Targeted attacks are seeking any valuable information stored at the network servers, i.e. client databases, financial and technical documentation — everything that can be of interest for a potential hacker.
Usually large companies holding critical and valuable information are attacked. Their network infrastructure is quite well protected from external attacks and without any internal help it is not possible to intrude it. Therefore most frequently such attacks are arranged either by employees of attacked companies (insiders) or with their direct participation.
Other criminal activity
Other cybercrimes do exist, but are not yet widespread. These are the theft (collection) of e-mail addresses from infected computers and selling them to spammers, search of exposures in operating systems and applications and selling them to other computer criminals. These businesses also include development and selling of custom-made Trojans e. t. c. Most probably, as existing Internet-services develop and new ones emerge, new crimes in the cyber-space will also appear.
