Page 332 -
P. 332
Chapter 8 Securing Information Systems 331
of the MySpace “group” sites, which are dedicated to interests such as home
beer brewing or animal welfare, into cyber-graffiti walls, filled with offensive
comments and photographs.
Spoofing and Sniffing
Hackers attempting to hide their true identities often spoof, or misrepresent,
themselves by using fake e-mail addresses or masquerading as someone else.
Spoofing also may involve redirecting a Web link to an address different from
the intended one, with the site masquerading as the intended destination. For
example, if hackers redirect customers to a fake Web site that looks almost exactly
like the true site, they can then collect and process orders, effectively stealing
business as well as sensitive customer information from the true site. We provide
more detail on other forms of spoofing in our discussion of computer crime.
A sniffer is a type of eavesdropping program that monitors informa-
tion traveling over a network. When used legitimately, sniffers help identify
potential network trouble spots or criminal activity on networks, but when
used for criminal purposes, they can be damaging and very difficult to detect.
Sniffers enable hackers to steal proprietary information from anywhere on a
network, including e-mail messages, company files, and confidential reports.
Denial-of-Service Attacks
In a denial-of-service (DoS) attack, hackers flood a network server or Web
server with many thousands of false communications or requests for services
to crash the network. The network receives so many queries that it cannot
keep up with them and is thus unavailable to service legitimate requests. A
distributed denial-of-service (DDoS) attack uses numerous computers to
inundate and overwhelm the network from numerous launch points.
For example, hours after the U.S. Department of Justice shut down file-sharing
site Megaupload on January 19 2012, the Anonymous hacker collective
launched extensive retaliatory DDoS attacks against federal and entertainment
industry Web sites. Web sites belonging to the FBI, U.S. Department of Justice,
U.S. Copyright Office, Universal Music, the Recording Industry Association of
America, and the Motion Picture Association of America, were knocked offline
for a large part of the day.
Although DoS attacks do not destroy information or access restricted areas
of a company’s information systems, they often cause a Web site to shut down,
making it impossible for legitimate users to access the site. For busy e-commerce
sites, these attacks are costly; while the site is shut down, customers cannot
make purchases. Especially vulnerable are small and midsize businesses whose
networks tend to be less protected than those of large corporations.
Perpetrators of DDoS attacks often use thousands of “zombie” PCs infected
with malicious software without their owners’ knowledge and organized into
a botnet. Hackers create these botnets by infecting other people’s computers
with bot malware that opens a back door through which an attacker can give
instructions. The infected computer then becomes a slave, or zombie, serving
a master computer belonging to someone else. Once hackers infect enough
computers, they can use the amassed resources of the botnet to launch DDos
attacks, phishing campaigns, or unsolicited “spam” e-mail.
Ninety percent of the world's spam and 80 percent of the world's malware are
delivered via botnets. For example, the Grum botnet, once the world's third-largest
botnet, was reportedly responsible for 18% of worldwide spam traffic (amounting
to 18 billion spam messages per day) when it was shut down on July 19, 2012. At
one point Grum had infected and controlled 560,000–840,000 computers.
MIS_13_Ch_08 Global.indd 331 1/17/2013 3:10:20 PM
