The Hacker's Toolkit Returns

What does $8000 buy you nowadays? Enough iPads to equip the entire family, with matching MacBook Airs thrown in for good measure? A couple of 3D TVs?

If you're a cybercriminal, it'll buy you a pretty sweet hacker's toolkit. But don't worry if you're too dumb to understand complicated computer stuff. Contemporary hacker's toolkits are user-friendly. You can even purchase a support contract. If the security holes the toolkit exploits get patched, there's no problem--it can auto-update with new attack definitions.

All this is revealed in a new report by Symantec, which profiles the increasing sophistication of hacker's toolkits over recent years, and the criminal underworld that's grown around them.

Toolkits aren't anything new, and have been around since the days of DOS. Back then they gave rise to "script kiddies," young people (usually male) who lacked the expertise to hack but were able to download software and create worms or Trojans with little more than a few clicks.

Possibly the most famous script kiddie was Jan de Wit, who used the Visual Basic Script Worm Generator (VBSWG) to create the infamous Anna Kournikova worm that wreaked havoc back in 2001.

However, the big difference today is that the criminal world has learned from the mainstream software scene. Organized crime has an organized software scene.

As Symantec point outs, it's no longer lone hackers who are sharpening their claws by creating viruses, or even small groups of criminals who hire hacker expertise to create malware. Easy-to-use software that's widely available allows just about anybody to get in on the scene. Essentially, such software has allowed cybercrime to go mainstream, which is why it's become an increasingly larger problem over the last five years.

Contemporary hacker's toolkits are also smarter than those of old, which were typically one-trick ponies that were useless once their attack vector was patched. Software like ZeuS 2.0, highlighted by Symantec's report, is essentially a malware engine: It will use many different attack vectors to try and compromise PCs. Contemporary toolkits are often sold on a subscription model, with updates included, and there are even the black-hat equivalent of consultants who'll access your criminal needs and spec-out the required hardware and software.

The main entry point used by hacker's tookits is the Web browser and its various plugins, such as Adobe Flash. The goal is to install keyloggers to steal things like online banking passwords, or to turn the computer into a zombie that can further infect other computers. The intention is to infect the victim's computer without their knowledge.

Symantec's attack kit evolution timeline
Symantec suggests hackers are forced to infect computers this way because older methods of attacking computers via the services they run are no longer possible. For example, the Blaster worm in 2003 prompted Microsoft to begin taking security seriously and was arguably why the second service pack for Windows XP, released a year later in 2004, boosted the Windows firewall and featured data execution prevention.

All the signs show that toolkits are pretty effective. Last September it was claimed those arrested worldwide as part of Operation Trident Breach used the ZeuS toolkit to steal an estimated $70 million over several years. Suddenly that $4,000 asking price doesn't seem so excessive. There are up to 10 high-level gangs are currently using ZeuS to rake in the same kind of money, according to Don Jackson, who tracks ZeuS as part of his job at SecureWorks.

What can we do to protect ourselves? Nothing more the usual trick of keeping everything up to date, system software and virus definitions in particular. Not using Internet Explorer is a good idea, although Firefox and even Google Chrome are targets too. Switching to Linux is a pretty effective block, but isn't entirely easily.

Try installing a browser extension such as FlashBlock, which will block any Flash code on a Website unless you specifically opt to let it run (some Flash heavy sites like YouTube can be whitelisted). This way, if you inadvertently find yourself redirected to a site containing malware contained in Flash code, you won't be infected instantly and automatically.

Keir Thomas has been writing about computing since the last century, and more recently has written several best-selling books. You can learn more about him at http://keirthomas.com and his Twitter feed is @keirthomas.

Subscribe to the Daily Downloads Newsletter

Comments