Just read a very interesting article on Bruce Schneier’s blog.
The most alarming part for me was the following:
Internet attacks have changed over the last couple of years. They’re no longer about hackers. They’re about criminals. And we should expect to see more of this sort of thing in the future.
Unfortunately the above is only too true and we are going to see a marked increase in cybercrime. When you think about it you can almost take any of our old style crimes and with enough imagination and know how make it work over the wire.
Using a similar method you could break into someones PC and look for something the owner would really not want shown in public. The criminal then downloads the files and blackmails the owner. If you don’t find anything you might be able to hold his files for ransom anyway.
You could also use it to destroy someones reputation. Lets say John is the CEO of a large corporation with some less than honest competition who would love to see the company damaged in any way possible.
One of the competition hires a cracker to gain access to Johns machine. This would most likely be the home machine since if they managed to break into the work machine then I am sure there are other things that they could do that would cause much more damage.
The cracker then downloads lots of child pornography to Johns machine and makes the logs etc look as if John is a regular child pornographer. Of course the times would need to coincide with John being at home but this sort of information is easily obtained from the machine itself.
The cracker then deletes all trace of him being in and even updates the Virus checker and secures the machine for John so that, when the investigation takes place the police cannot see how the machine could have been cracked.
A phone call to the police on an anonymous line from a child professing that John sexually assaulted them and he would then be under investigation for sexually assaulting a minor. This would lead to confiscation of his machine and of course they are going to find plenty of stuff on it to keep them busy for a while.
Regardless of whether they determine he was set up or not Johns good name is being dragged through the gutter and a certain amount of damage is done.
I am sure that the criminals out there would be able to come up with more imaginative ways than the above to do these sorts of things but as Bruce said we are going to see more of this sort of thing in the future. What frightens me is that we are going to see much more damaging crimes than ransom-ware or identity theft.
As our dependence on computers grow so does our vulnerability and there are criminals with no conscience about what they do or how they do it and I am not including terrorists in this bunch.