Organized, professional cybercriminals are replacing amateur thrill-seeking hackers because serious money is being made through online criminal activities. Distributed Denial of Service (DDoS) attacks, computer systems break-ins, and online scams are resulting in billions of dollars of damage.
DDoS for
competitive advantage
On August 25, 2004, Jay R. Echouafni, CEO of Orbit Communication,
and five others were indicted in connection with the
first successful investigation of a large-scale DDoS
attack used for a commercial purpose. Echouafni and
a business partner hired computer hackers to launch
relentless DDoS attacks against Orbit's online competitors.
They used the services of computer hackers in Arizona,
Louisiana, Ohio, and the United Kingdom to attack the
Web sites of RapidSatellite.com, ExpertSatellite.com,
and Weaknees.com. The sustained attacks began in October
2003 and caused the victims to lose more than $2 million
in revenue and costs associated with responding to the
attacks.
Hacking
for dollars
Calin Mateias, a Romanian computer hacker, was indicted
in August 2004 for hacking into Ingram Micro's online
ordering system and fraudulently ordering more than
$10 million in computer equipment from the Santa Ana,
Calif., company, the largest technology distributor
in the world. Ingram Micro was only able to intercept
less than half the orders before the items were shipped.
Using information obtained from his illegal hacking activity, Mateias bypassed Ingram's online security safeguards, posed as legitimate customers, and ordered computer equipment to be sent to Romania. When Ingram Micro blocked all shipments to Romania in early 1999, Mateias directed that the equipment be sent to dozens of addresses scattered throughout the United States as part of an Internet fraud ring. Mateias recruited four Americans from Internet chat rooms to provide him with U.S. addresses to use as "mail drops" for the fraudulently ordered equipment. In turn, the four Americans recruited others, including high school students, to provide additional addresses and to accept the stolen merchandise. The U.S. members would either sell the equipment and send the proceeds to Mateias or repackage the equipment and send it to Romania.
The phish
that didn't get away
In March, Rio de Janeiro police nabbed Valdir Paulo
de Almeida, the leader of an 18-member phishing group
that spammed a Trojan horse to approximately 3 million
email accounts on a daily basis. The Trojan included
a keystroke logger that recorded account usernames and
passwords, and then fed them back to the gang. The gang
stole as much as $37 million from online bank accounts
causing serious monetary losses for the financial institutions
involved. Although the gang targeted Brazilians, it
also siphoned funds from bank accounts abroad, Brazilian
federal police told Reuters.