Security-related mechanisms and process are aspects of a network which are continually under threat. The attacker’s goal is generally to breach network information security in such a way as to provide an opportunity that the attacker can exploit to their financial benefit.
This is undoubtedly the largest single motivation category for attempting to breach information security system defenses. The types of financial gain and methods of extracting it are just as varied. Humans can be truly innovated when motivated to financial reward or vengeance.
Identity Theft and Personally Identifiable Information Breaches
Identity theft and leakage of personally identifiable information being very notorious and since they are deemed to be “news-worthy” by the media we tend to hear a lot about them but in reality they literally constitute only the tip of the iceberg. The media always seem to project the image that the general public really couldn’t care less; that is until the malicious activity actually impacts each and every one of them personally which probably explains the noteworthiness of breaches of personally identifiable information security as it is our personal details that are placed in jeopardy.
Electronic Payment System Attacks
Financial attacks against electronic payment mechanisms such as those represented by the payment card industry are prime targets. Nobody is happy when presented with the bill for goods and services that they did not purchase, consume or otherwise authorize. So the individual will complain loud and clear for as long as it takes to rectify the situation even for what are truly trivial amounts of money. It’s the principle that matters.
As per usual the villains are able to take advantage of this state of affairs by obtaining your payment card information and using it to make transactions in foreign countries. You can prove to the bank that you were not in said country at the time the transactions took place and so the bank reimburses you. The villains get what they want, you get your money back and the bank wears it or so you think. Wrong; you still pay by way of higher interest rates.
Information Breakdown Attacks
Over the years numerous malicious attacks have been perpetrated based around the subversion of various parameters of standard networking protocols and the manner in which they handle data. In this way the very essence of the protocols functional integrity is corrupted to do the attacker’s bidding.
Denial of Service (DoS) Attacks
This usually translates to achieving some form of network functional degradation or some form of normal network operating mechanisms interference or breakdown. In this way the attacker perpetrates Denial of Service (DoS) Attacks which are two-fold in form.
On the one hand they deny normal network functionality to those legitimately entitled to that functionality. This may be as basic as denying customers access to a web site thereby denying the customer their right to an open competitive market place environment in which to conduct their affairs. It also denies the web site being attacked their rights to trade or promote their goods and services. Remember that even info sites can come under this type of attack. In their case their goods or services are primarily the offering of prepackaged information to all and sundry just for the asking.
Anti-countermeasure Denial of Service Attacks
Some antivirus sites have in the past come under attack from various forms of massive Distributed Denial of Service (DDoS) attacks. In these cases the perpetrator’s motives have been to prevent the antivirus organization from distributing a patch or fix for some specific piece of malware that the DDoS attackers are setting loose on the unsuspecting public thereby increasing the damage this other piece of malware causes.
Distributed Deployment Counterstrategies
Most antivirus companies have responded by establishing multiple mirror sites distributed randomly around the globe to make this form of DDoS attack less likely to bring their ability to distribute their wares to the paying public in a timely fashion. Bear in mind that in so far as the antimalware world is concerned “timely fashion” means immediately upon availability of a confirmed effective countermeasure. This may be as simple as closing a specific port on host computers. This was in fact the simplest way of counteracting one the most destructive pieces of malware of all time; the Blaster Worm (aka. MSBlaster) which targeted a specific TCP port on machines with NTFS formatted hard drives. Machines with FAT formatted hard drives were pretty much immune to this attack.
Subversion Attack Variations
Not all subversion attacks involve industrial espionage or revenge for some form of perceived wrong as their motivating factor. For example normal network entities can be subverted to do an attackers bidding in a Denial of Service attack or more sinisterly as a means of propagating one of the greatest scourges of the Internet; SPAM
SPAM – If a spammer can get a number of “innocent” and normally trusted machines to convey their message enormous numbers of emails can be sent and delivered under the “screen” normally provided by a Spam filtering mechanism’s filter lists. The enormity of this issue is such that a successful attack through subversion of trusted sites can deliver billions of unsolicited emails before drawing undue attention.
One way in which this is done is by using the trusted machine as a seed to notify recipients of the message and to have them respond by forwarding the message to every entry in the recipient’s address book. In this way a chain mail theory spam delivery mechanism has been turned into a truly “viral” delivery system that not only is incredibly hard to stop but just as hard to detect due to its distributed nature.
Recent research indicates that this form of spamming at times contributes up to 90% of all email traffic on the Internet. Due to this order of magnitude stopping this form of spamming will ultimately deliver improved Internet performance and increased bandwidth availability to us all. Once again it is the very few selfish unscrupulous individuals that make life just that little bit harder for one and all.