A Different Kind of Insider Attack
Insider attacks are a growing concern. The more access and knowledge someone has, the greater the potential for theft and disruption. That's the case with the bot herder who worked for 3G Communications as a security consultant who used both home and work PCs to manage his botnet. From PC World:
John Schiefer, 26, of Los Angles agreed Friday to plead guilty to four felony counts, including accessing protected computers, disclosing illegally intercepted electronic communications, wire fraud and bank fraud. He faces a total of 60 years in prison and fines of $1.75 million for his part in building and then using the botnet. Several others, named only by their online monikers, were listed as accomplices.
Stealing passwords can be lucrative, but as when you mess with the banking system, the penalties get severe as noted in SC Magazine:
Jose Nazario, senior security engineer at Arbor Networks, told SCMagazineUS.com today that while Schiefer's botnet-building techniques are familiar, his wire fraud and bank fraud guilty pleas are the reason for the large maximum sentence he faces.
“Basically everything he's been doing as a botnet-runner is pretty stock, and he's using a common code base as well,” he said. “Banks have a century of law behind them and they take these things seriously.”
Andre DiMino of Shadowserver Foundation points out that botnets are not just for spamming and information theft is growing use for the networks:
We're seeing [botnet use] trend towards electronic wiretapping and PII (personally identifiable information) theft; that seems to be the major use of botnets these days,” he said.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
