Forgot your password?
typodupeerror
Crime Security

Attack Toolkits Dominating the Threat Landscape 66

Posted by CmdrTaco
from the take-cover dept.
wiredmikey writes "The ease-of-use and ability to amass great profits through the use of easily accessible 'attack toolkits' are driving faster proliferation of cyber attacks and expanding the pool of attackers, opening the doors to more criminals who would likely otherwise lack the required technical expertise to succeed in the cybercrime underground. The relative simplicity and effectiveness of attack kits has contributed to their increased use in cybercrime — these kits are now being used in the majority of malicious Internet attacks."
This discussion has been archived. No new comments can be posted.

Attack Toolkits Dominating the Threat Landscape

Comments Filter:
  • May I suggest [youtube.com]?

  • I think that Linux is left out again.
  • 1337 hax0r (Score:1, Redundant)

    by korgitser (1809018)

    The new wave of scriptkiddie ftw!

  • by Anonymous Coward

    ....as opposed to those bothersome benevolent ones... Low orbit ion cannons at the ready!

  • And now cracking has turned into a business. If I buy a toolkit will I get a receipt for it? I need it for my tax benefits.

    • Now?

      Malware has been a business for at the very least a decade. Those toolkits have been available for at least 3-5 years.

      How the fuck is this news? Or did only now the general population learn of RBN [wikipedia.org] and similar "services"?

      • by nog_lorp (896553)
        Rofl! I recall reading about the RBN 2 years ago, when it had 'been shutdown' apparently.
        • by nog_lorp (896553)
          (According the the WP page at the time, that is)
          • Such pages are a bit like carpet stores. Constantly on end of business sale, only to move next door.

            Seriously, for a while we tried to shut down those drop boxes. Soon we realized that it's not worth the hassle. Modern malware comes with the ability to be redirected to other servers. And, before anyone gets the idea of using that against them, of course these functions are protected by keys.

  • Script kiddies aren't smart enough to code their own exploits. They rely on other people to release their code and then use / abuse it.

    It's like PHP; the fact that it's very easy to use leads to a lot of crappy code, even though there are real programmers using it who know what they're doing.

    • by timholman (71886)

      Script kiddies aren't smart enough to code their own exploits. They rely on other people to release their code and then use / abuse it.

      The feds should take a page from the RIAA playbook and release their own trojan versions of exploit kits, permitting them to track these little snots, or at least wipe their drives. It won't stop the hardcore professionals, but at least this tactic would weed out many of the braindead wannabes.

      • Oh, great plan. Ok, lemme clue you in if you don't mind, so you know what you're standing against. I'll try to dance around a few NDAs, but it should work.

        Some people with less ethics than greed develop a toolkit that consists of a malware that infects people's computers, a dropoff server where that malware sends its collected information and a service to deliver the malware (let's say, for simplicity's sake, spam. There are other, more sophisticated ways available, but this ain't Malware Business 101).

        Know

        • Sorry, forgot the important step two: This package gets sold to people with similar ethics and greed, but less computer skill.

          Please insert between paragraph 2 and 3.

          • Yeah. And they advertise openly, and the buyers discuss their experiences with the software and "bulletproof hosts" on public forums. It's hilarious. I didn't believe this until I saw it. I expected something invite-only or using only personal contacts between hardened criminals or something. Not gauchy banner ads.
            • Why bother?

              Writing malware is not illegal. Writing malware kits also isn't (at least in the relevant countries). USING them may be. But if you buy them for "research only" (interestingly, don't try to buy one "legally" for a malware research institute, they will refuse to deliver... odd, ain't it? :)), it's all fine and nice.

              Of course, this being a novelty, nobody ever wants to actually use them for nefarious reasons, of course!

    • There's no such thing as a hacker who writes all his own tools. To imply that people using tools written by others aren't "hackers" but are instead "kiddies" is absurd because it implies that no hackers exist.

      • This would be a good time to contemplate the difference between a hacker and a cracker.

        • A cracker is someone who breaks DRM. A hacker is a person who circumvents computer security.

          • Er no.

            hacker: A person who enjoys exploring the details of programmable systems and stretching their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.

            Jargon File [catb.org]

            cracker: One who breaks security on a system.

            JargonFile [catb.org]

            • In English, words have multiple definitions. A dictionary that fails to recognize this uncontested fact is useless as a citation.

      • by TheSpoom (715771)

        To imply that people using tools written by others aren't "hackers" but are instead "kiddies" is absurd because it implies that no hackers exist.

        Script kiddies are not hackers. Usually they're people with just enough knowledge to be dangerous who think that attacking someone or some entity would be fun. Alternatively, they could be doing it for the money. Nonetheless, in my experience such people don't really understand what they're doing and are forced to use full software packages from others, exclusively.

        If you can't understand the difference between that and using a library or open source application, then I really don't know how to explain i

        • The reason you can't explain it is because you don't understand it yourself. There is no line between "hacker" and "kiddie." It's just hackers (people who circumvent computer security) of different skill levels. Call a low-skill hacker any name you like, but he's still a hacker.

  • The real hackers write the toolkits and then distribute them to kids like this [youtube.com] who then get in trouble and get caught. Once caught, they occupy all the "cyber law enforcement" people's time they have to "protect" us and then the real hackers go about their way unnoticed and never caught. The internet is awash with people calling themselves 'hackers' while a very low percentage 1) actually investigate ways to hack systems and 2) never let their identities and preferably actions known for obvious reasons [slashdot.org]. It's obvious that they offer up a toolkit to let idiots run around painting targets on themselves so they can mess around unhindered.
    • by Haedrian (1676506)

      That video killed me.

      Norton Internet Security 2004
      Username: "HP User"
      "You need an internet connection" and having a "Really Solid One"
      "Run 'c m d'"
      "Http semicolon" ???

      Wait.. is that guy using traceroute to see other people's "Ip addresses"

      I may cry a little.

      • by drolli (522659)

        > Wait.. is that guy using traceroute to see other people's "Ip addresses"

        Have you never looked inside a router? Little Gnomes in every router, all watching in the same direction when a packet comes along. Thats why they are looking at the same website....

    • And this is what clogs my days and lets my boss claim huge "victories" while at the same time nothing gets accomplished.

      It's a bit like fighting the drug business by busting street dealers. Wow, we cashed in 5 kilos of coke that won't hit the streets. Never mind that 5 tons that got distributed while we spent the last year on this 5 kilo sting op.

      • A better analogy would be to consider it as trash collection. Just something that's gotta be done.

        • Nope. Usually all my trash gets collected, I just create more, but that doesn't mean that parts of it pile up in my backyard.

          It's like stepping on the ants that run from their hive to your bread box. Instead of digging out the hive or sealing the bread box, we keep stepping on the ants, hoping that we'll at least hit some of them.

          • Well, let me ask you this. Is your boss actually empowered to do any more than "step on the ants"?

            I contested your drug analogy because it is often mistaken that the authorities are trying to stop drugs when the truth is they want to control them. That's why only the small timers and freelancers get shaken down.

            • We're not even close to controlling it. We're going for the low hanging fruit. Unfortunately, this seems to keep the machine rolling and the projects come in.

              It's like the goose that lays golden eggs, even if those eggs are poisonous. Decapitating the whole criminal structure would possibly endanger this rather comfortable business model. So... low hanging fruits are easier to get, very juicy and they keep growing back.

              I don't question that this is profitable. I question that this is sensible.

    • "Methods" and "exploits" are not the same thing, of course. The methods are fairly well-known and/or obvious, the exploits found using them (tedious work) are not. The power lies in creating systematized implementations of existing ideas - look at the storm botnet, or the stuxnet worm. Or a particularly monstrous flash exploit. I think that releasing tools to use as a smoke screen would be a counterproductive strategy, because the more visible trouble they'd cause the more "eyes" would be on to the security
  • This is news? (Score:5, Informative)

    by girlintraining (1395911) on Tuesday January 18, 2011 @11:47AM (#34916524)

    News Flash: The proliferation of manufactured weapons is credited with a rise in use amongst those with limited training in the use of weapons. Also, technology is making things previously difficult to do easy, says spokesperson for Captain Obvious.

  • Well LOIC is technically an "attack toolkit" and has been getting a lot of press lately...
  • by vlm (69642)

    This is a dupe from the mid 90s when nmap was released.

  • If you outlaw exploits, only outlaws will have exploits.

    Seriously folks, It's illegal for me to craft a website that exploits the "attack toolkit" to disable the attack.
    I'm forbidden from fighting back...

    If someone breaks into my house and threatens me with a shotgun, it's perfectly legal for me to use my pistol on them; The same is not true for software. If my machine is infected by a botnet it's illegal for me to exploit the botnet to disable the threat.

    Take heed folks:
    Without the right to bear arms we h

    • by Securityemo (1407943) on Tuesday January 18, 2011 @01:34PM (#34917884) Journal
      Yes, but when you fire a shotgun at a burglar you can be pretty sure that he hasn't had his brain hijacked to believe he's planting bugs to find out if his wife is cheating on him (when in reality, he's been living alone for the past few years in a run-down one-room apartment). The malware is "served up" from hacked sites and botnets, so you risk disabling a critical system. Reliable "counter malware" that isn't custom-tailored to the specific version of a specific bot would require you to kill the networking of the whole host.

      If you don't believe me on that, just think about why/how antivirus doesn't just "remove the malware from the system" simply. Not to mention that it's unfeasible to expect this to work long, because malware are small pieces of software that can be hardened against exploits easily, and "stealing" them by spoofing their communications protocol also relies on the protocol being insecure.
      • > you risk disabling a critical system.

        The system is already compromised. Mission-critical, or "someone could die"-critical, it makes no difference. Once compromised, you have no guarantee that it will remain stable, or prevent that death. There's a reason that some systems (medical, avionics, etc) require government approval for use, and incredible scrutiny for approval, and often have limited-or-no network access.

        • Yeah, I didn't mean "critical critical" systems obviously. But given that it was the counterattackers direct action that disabled the system, it seems logical that you'd have to pay damages if the owner decides to sue you, even if it was just an excel spreadsheet that didn't arrive on time that day (IANAL). And making that legal just doesn't seem right. It would be saner to force companies or private citizens to cooperate with a search warrant, taking the hosts down on-site. And again, counter-attack malwar
      • No, when you shotgun the burglar, your pellets don't go beyond your property line. If they do, or if you chase the burglar down the street, you're in trouble.

        That's the problem with going on 'the attack' - you go outside your own property. (That's one reason shotguns are great personal defense weapons - they require little skill to point and the pellets, while very effective at close range, don't have the penetrating ability that a pistol bullet has. Even a 9mm 50 grain bullet can waltz through sheetroc
  • In other news from 1980, programming toolkits are dominating the programming landscape.

    Programmers have discovered that they can amass great profits by using easily accessible "programming toolkits", which are now used in the majority of the software in the wild. These toolkits include compilers (no longer does the programmer need to remember all these geeky hex codes!), libraries (and idiot can now use the quicksort algorithm without reading Knuth!), and kernels (you don't need to know anything about IO or

  • It's great that the boys over at Symantec have found out that there are malware toolkits on the interwebs.

    Maybe next they will develop a program that will remove viruses and other malware without breaking computers or, as I've seen, forcing customers to call India tech support who charg $90 to remove those extra special tough ones.

    Then the next step will be to do that without bringing the computers to a crawl.

I tell them to turn to the study of mathematics, for it is only there that they might escape the lusts of the flesh. -- Thomas Mann, "The Magic Mountain"

Working...