Hackers

[motion]

I'm sick of em. They hack my servers. They cost me tens of thousands of $$$. They steal my credit cards. They spam my inbox. They infect my Windows computers. As someone deeply invested in all things Internet, I look into the future and it sure looks bleak.

I wonder where this will all end?

[berettafan]

Agree.

Would like to see huge mandatory penalties.

[motion]

I don't get how these punks in eastern europe hacking away in internet cafes get away with this stuff. You'd think there would be an international coalition with some power put together to go after them, with big penalties involved. They're costing the economy billions of $$$.

[GWN7]

The powers that be can block a whole range of IP addresses. The same way China controls it's peoples access to the internet. How can you expect countries to stop criminals from running their scams on the internet when the country is run by criminals?

[Head416]

A lot of people make their living fighting those security threats.

[KFC911]

Quote:

Originally Posted by motion

I don't get how these punks in eastern europe hacking away in internet cafes get away with this stuff. .....

Dishonesty has ALWAYS been around...Internet just gives 'em an easy unlocked doorway via which to enter your "business". Don't know if your venture is so international that you lose customers if you block IP addresses, but that's certainly one EFFECTIVE approach to minimize your exposure. When I was "in the game", we simply blocked our sites from connections from China, Nigeria, etc. and we were a HUGE target for such nonsense. Might be worth considering....otherwise, you just have to consider it the "cost of doing business" in the Internet age imo. Ain't gonna change, that's for sure. Good luck!

[John Rogers]

The only way to stop something like this would be to make the person(s) doing have so much fear that they do not do it. What would that be....maybe someone who could sneak into their basement or bedroom or where ever they do this and put a bullet in their head! Leave a card noting what the recently expired person did and that this will happen to others who also do it and very shortly it would stop.

[Evans, Marv]

I'm just a computer user, but I've always wondered why somebody doesn't develop malware that they can let loose on these turds. Something that will trace back to the sender and fry the hard drive or something. I heard a comment one time it was illegal to do that in this country, but I bet Uncle Sam can do it along with the Chinese, Russians, etc., etc.

[KFC911]

Quote:

Originally Posted by john rogers

The only way to stop something like this would be to make the person(s) doing have so much fear that they do not do it.....

With all due respect John, I simply disagree. Unfortunately, dishonestly isn't gonna disappear until humans do . With a proper, "secure" network and firewall infrastructure hackers will not likely be successful...but will always keep trying (human nature once again). The corporate sites I worked with were never hacked, but the attempts to do so were pretty sophisticated and the quantity of attempts (daily) was somewhat mind boggling. It certainly can be prevented with proper infrastructure, platforms, monitoring, and policies in place...BTDT. That "might" not be cost effective for Motion's environment, but I'd venture a simple firewall approach with a few rules that block a handful of foreign countries would effectively eliminate "most" of these hacking attempts (based upon what Motion posted earlier). Just my two pennys worth....

[motion]

Quote:

Originally Posted by KC911

Dishonesty has ALWAYS been around...Internet just gives 'em an easy unlocked doorway via which to enter your "business". Don't know if your venture is so international that you lose customers if you block IP addresses, but that's certainly one EFFECTIVE approach to minimize your exposure. When I was "in the game", we simply blocked our sites from connections from China, Nigeria, etc. and we were a HUGE target for such nonsense. Might be worth considering....otherwise, you just have to consider it the "cost of doing business" in the Internet age imo. Ain't gonna change, that's for sure. Good luck!

Yeah, we're blocking country-specific IPs. The bulk of my biz is US-based, so that is doable. But, can't they just use a VPN to emulate a US-based IP?

[Por_sha911]

Quote:

Originally Posted by Evans, Marv

I'm just a computer user, but I've always wondered why somebody doesn't develop malware that they can let loose on these turds. Something that will trace back to the sender and fry the hard drive or something. I heard a comment one time it was illegal to do that in this country, but I bet Uncle Sam can do it along with the Chinese, Russians, etc., etc.

Because some of the viruses are programed to run from an unsuspecting citizen's infected machine.

[intakexhaust]

No, you have it wrong. I think they work for Kaspersky. Called job creation. Cheers

[shoemakj]

Quote:

Originally Posted by Evans, Marv

I'm just a computer user, but I've always wondered why somebody doesn't develop malware that they can let loose on these turds. Something that will trace back to the sender and fry the hard drive or something. I heard a comment one time it was illegal to do that in this country, but I bet Uncle Sam can do it along with the Chinese, Russians, etc., etc.

It's currently illegal for citizens & corporations to hack back, though when I was last involved with this sort of thing, we were attempting to define something called "active defense" of a network where there were some countermeasures you could deploy outside of your own network. Never heard what became of that proposal.

The biggest problem is accurate attribution. It's nearly impossible to tell where the attack actually came from. Sure, it's easy to trace back 1 or 2 servers, but those are already compromised by the bad guys. Usually the owners of those machines don't even know they've been hacked.

I've seen investigators take months to establish, beyond a reasonable doubt, who the bad guy/country really is. The Chinese Army has at least one entire brigade dedicated to exploiting vulnerabilities in US and other networks. The US has *significantly* fewer on the exploitation side. The vast majority of resources are applied to network defense. It's the biggest, most expensive game of whack-a-mole in the world.


Disclaimer: I used to work for US Cyber Command

[KFC911]

Quote:

Originally Posted by motion

Yeah, we're blocking country-specific IPs. The bulk of my biz is US-based, so that is doable. But, can't they just use a VPN to emulate a US-based IP?

If a sophisticated user (with the knowledge, tools, and appropriate access) used VPN to access a US based network, then you are correct, a firewall block wouldn't be sufficient for that scenario either. I would seriously doubt if that's the nature of your attacks however. I was just throwing out "that idea" based upon your comment about attacks coming from other countries and based upon the number of native IP "foreign attacks" (from just a handful of countries) that I (we) experienced daily. It's really quite complex (as I'm sure you know), but if the stakes are high enough, most hackers can be thwarted (even domestic ones), but like I told 'em in the banking environment a couple of decades ago...If you're connected to the Internet, then you ARE exposed...so now you're back to "the cost of doing business" as it were . Good luck!

[Sarc]

Quote:

As someone deeply invested in all things Internet

I hear you.
What kind of sites do you operate? Our retail design/branding/strategy site was recently hit, by way of having our site link to a fetish porn site of all things. No direct cost to us per se, bit tremendously embarrassing.
IT sourced the hit to somewhere in the Middle East and speculated we were targeted due to the platform used for our site being based in Israel.

[afterburn 549]

If Washington wants to make a NEW law, let it be the death penelity for ID theft.
PLEASE!
.
simple .

[stealthn]

If the governments really wanted to they could stop the majority of it, they would need the ISP's involved to watch for traffic patterns. Until the governments pay more for weapons grade hacks than the "bad guys" it won't go away....