Zombie machines fuel new cyber crime wave
By Bernhard Warner,
European Internet Correspondent

LONDON (Reuters) - The rapid growth of broadband home computer connections may be inadvertently fuelling what police suspect could be the start of a new crime wave -- cyber-blackmail.

As more homes connect to faster delivery systems, their computers are becoming vulnerable to hackers and virus writers who can turn them into zombie machines, ready to carry out any malevolent command.

Favourite targets for the extortionists -- many thought to come from eastern Europe -- have been casinos and retailers, but one recent high-profile victim was the Port of Houston.

At the end of the day, this is old-fashioned protection racket, just using high-tech, said a spokeswoman for Britain's Hi-Tech Crime Unit.

On Wednesday, UK cyber crime cops made a plea to businesses to report attacks against their Internet businesses following a recent string of incidents with the blackmailing trademark.

Police have seen an increase in the number of distributed denial of service (DDoS) attacks targeting online businesses.

In some cases, the attacks, which can cripple a corporate network with a barrage of bogus data requests, are followed by a demand for money. An effective attack can knock a Web site offline for extended periods.

HITTING THE SLOTS

Online casinos appear to be a favourite target as they do brisk business and many are located in the Caribbean where investigators are poorly equipped to tackle such investigations.

In 2001, cyber forensics expert Neil Barrett told Reuters that his firm Information Risk Management was working with Internet casinos to shore up their defences against a spate of DDoS attacks.

At the time, he said the denial-of-service barrages were followed by demands to pay up or the attacks would continue. He said the attacks appear to have come from organised criminal groups in Eastern Europe and Russia.

Police said because of a lack of information from victimised companies, they are unsure whether these are isolated incidents or the start of a new crime wave.

Whatever the motive, DDoS attacks are on the rise, coinciding with the proliferation of broadband deployment in homes. Security experts believe the increasing number of unsecured home PCs may be a major culprit.

New Internet- and e-mail-borne computer infections are hitting home computers, turning them into zombie machines that can be controlled by outsiders without the owner's knowledge, security experts say.

Such infected machines can be told to send e-mail spam or even be used to initiate or participate in a denial of service attack against another computer.

Home broadband computers are going to be the launching point for a majority of these, said Richard Starnes, director of incident response for telecoms firm Cable & Wireless and an advisor to Scotland Yard's Computer Crime Unit.

Last week, the online payment service WorldPay admitted to suffering a major DDoS attack that lasted three days. WorldPay, owned by the Royal Bank of Scotland, has been fully restored.

The NHTCU spokeswoman said the investigation into the WorldPay is ongoing.


Reuters