Zombie networkers

@RANDOM

The FBI maintains a list of well-known terrorists on its website, www.fbi.gov, where you can discover the relative rankings of Osama bin Laden versus Ali Atwah, if you're curious.

The US federal agency also maintains a list of cybercriminals, but there is no equivalent to Osama bin Laden here: the list consists of small-time bank fraudsters, the odd bright identity theft perpetrator and a bunch of paedophile-and-porn purveyors.

For much of the last decade, cybercrime has been the province of amateurs. There were hackers and crackers, the former just slyly clever at tweaking the net, the latter downright malicious.

There were the small-time porn rings that got larger, but also more legal. There were the spammers. (What am I saying? There are the spammers. Shoals and shoals of the little beasts.)

Some of the better scams grew in time to become a full-fledged industry, like the Nigerian begging letter scam, which is now estimated to be the fourth-biggest industry in that country. But on the whole, what you had was what was reflected on the FBI site: amateurs who got lucky until they got caught.

The situation hasn't been much different in India. The "cybercriminals" who've been hauled up under the new and very convoluted IT Act have been small-timers: disgruntled lovers trying to blackmail their former girlfriends with MMS pictures, weirdos and stalkers, the odd low-level call-centre or bank employee trying to make a fast buck by selling off information.

We're going to look back at this picture with nostalgia some day. According to McAfee, the online security experts, cybercrime is evolving in interesting directions.

Instead of individual hackers experimenting with strange bits of code that have unfortunate side-effects, the last three months alone have shown a rise in the number of "zombie networks".

Zombie networks are created by targeted attacks on PCs at home and in offices that have been left inadequately protected; "bots", little bits of software programmed to look for security holes, search the web for unprotected PCs, latch on and then use the computer for other purposes.

Unlike virus creators, the aim of those who run zombie networks is not to damage your computer: instead, they want access to its database and they use the computer as part of a larger network, to send out spam or trawl for information.

CipherTrust, another organisation, estimated that by May 2005, 172,000 PCs were joining zombie networks on a daily basis.

Think of it this way: the difference between your PC being hacked by an individual and your PC being hacked by a zombie networker is the difference between being mugged and being one of thousands who have their property confiscated by a new underworld ganglord.

What's really terrifying about zombie networks is how versatile they are. Once you have that kind of network power, you can use zombies for versions of online terrorism, by creating a Denial of Service attack that leads to a breakdown of the site, or for phishing frauds, or for identity theft and credit card theft on the kind of mass scale we haven't really seen so far.

The response of governments has been slow and ponderous ""the US only instituted a Homeland Security czar for cyberspace this week, for instance. But among security firms, providing and tightening cybersecurity is seen as a high-growth area that will only become more demanding and more complex over time.

No one knows-yet-who the Dawood, the Osama bin Laden of cybercrime is; but McAfee and other online security companies seem to be convinced that the underworld has now finally got its own cyberdons in place.