[Dshield] MyDoom-A/B and Organized Crime

John Hardin johnh at aproposretail.com
Mon Feb 9 16:49:23 GMT 2004


On Sun, 2004-02-08 at 06:40, Erwin Van de Velde wrote:

> I don't think organized crime is involved as the worm doesn't do that much 
> damage...

What profit motive exists for OC to damage systems vs. stealthily take
control of them? If damage were a part of the worm it would be an
indicator *against* OC involvement, unless it were also a precisely
targeted attack (e.g. take out a business that competes with one they
control).

> Okay, there is damage and SCO went down and so on, but if the virus writer 
> really wanted to cause damage, this is far to little: no files are deleted 
> and your computer does not explode :-)

OC != vandalism. OC == profit. Script kiddies or amateur Crackers
looking to publicly (or at least within their social circle) inflate
their egos or reputations are the ones who do splashy, widespread,
damaging attacks.

> I also do not know why someone would pay much for a virus as MyDoom, as no one 
> has any gain of it.

I would say there is considerable gain for most anyone in having remote
control of a few million Internet-connected computers.

> I think that organized crime would use hackers and virus writers for two 
> purposes: hacking into one specific system and taking down the internet.

How would taking down the Internet profit them? Give me a reasonable
scenario and I will agree. 

There is no centralized body anybody could blackmail with <voice
effect="SPECTRE Number 1"> "...We demand $100 million in flawless
diamonds or the Internet goes *poof*". </voice> 

However, taking certain specific entities off the net could work for
targeted blackmail, for example, DDoS'ing Ameritrade or E*Trade might be
worth a few $million. To do that sort of thing you'd probably need a lot
of Internet connected systems under your control...

> That are two actions by which they have a gain: getting information or
> altering data and demonstrating there powers (think of 9/11 on the
> internet).

OC != terrorists. They have no political motivation. In fact, I would
expect they rather try to *avoid* the limelight, where terrorists seek
it out.

OC is, essentially, a business, interested in profit, but without the
ethics or desire to remain within the law that keeps other, legitimate
businesses from doing exactly the same thing. 

--
John Hardin  KA7OHZ                           
Internal Systems Administrator/Guru               voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
  Failure to plan ahead on someone else's part does not constitute an
  emergency on my part.
                                  - David W. Barts in a.s.r




More information about the list mailing list