The reading notes record thoughts from things I read. 這網誌是我的一些閱讀後的思考和摘要記錄。My website 我的網頁:

Cybercrime of Web 2.0

We have entered the era of Web 2.0. It is a world of intensive and extensive horizontal communication with much increased free flow of information. With the freedom, there comes increased risks in a more chaotic jungle of information. CNN recently reported on the modern trend of cybercrime which is taking advantage of Web 2.0. It is useful to know the danger around so that we can keep a close guard. If you are interested, please take a look at the article Fighting the Cybercrime Lords of Web 2.0.

Web 2.0 is mainly about mobile computing and social networking, coupled with easy website services such as blogs and social network sites. The emphasis of the web world has shifted from technological to content-oriented. The power of information flow has devolved from organizations and content providers to individuals who can create, share, obtain any information they want, including much personal information. Online communities continue to grow at a great speed through friendly social networking sites, and cybercrime syndicates continue to target these online relationships based on sharing and trust.

In the old days, cybercrime was committed by hackers who were mostly whiz kids with an attitude. They broke in the systems of organizations for fun and pride. The destructions caused were denial of service, defacing of corporate images and corruption of data. Nowadays, cybercrime is more organized and targeting on financial gains through phishing, stolen personal data, bank account and credit account data.

The cybercrime world has developed an ecosystem of its own, with services for hire. Its infrastructure includes botnets which are robotic networks of compromised or specific virus infected computers. The bot-herders of the botnets offer time and services to executive brokers and supply them with stolen data obtained by spammers and phishers. Cyber criminals may hire programmers to write malware and hackers to break into sites in order to steal email addresses and other identities. With strong social engineering techniques, many password-protected accounts can be cracked. To target the individuals, many counterfeited hooks in the form of email and websites are written in perfect languages supported by common brand logos and attractive styles. Stolen data are valuable. While credit card data can sell for only $5 to $10, sensitive data can bring in massive amounts.

Cybercrime is difficult to eradicate. Many malware advertising scammers pay irresponsible websites to serve their malicious advertisements. Hackers and spammers may hire criminal or irresponsible ISPs to host their malevolent servers and traffic. Many ISPs are not cooperative with law enforcement agencies when it comes down to disclosing the identities of their clients. Some ISPs are hosted in countries with different jurisdictions and unfriendly diplomatic contact.

In the mean time, the technical arms race between cyber-criminals and security professionals has escalated. With ever improving methodology and a consolidated effort on unified threat management, malicious e-mail should never make it to your inbox. Most of them are filtered out effectively by your ISPs. The security professionals connect honeypot computers to the Internet. These are unpatched computers subject to all kinds of cyber attacks. They are baits attracting all cyber criminal activities in real time and sending out alerts. Such weather forecast enables security professionals to prepare for attacks underway.

Same as other kinds of crime, cybercrime has become a common place problem. The encouraging message is that there is good coordination between the researchers, the security industry and other authorities working together to combat the criminals. The anti-crime effort goes all the way down to the individual. It is essential for us to be aware of what is out there.