Unformatted text preview: n them
are called bots, and when an attacker has several compromised systems, this is known
as a botnet. The botnet can be used to carry out DDoS attacks, transfer spam or pornography, or do whatever the attacker programs the bot software to do. These items are
covered more in-depth in Chapter 11, but are discussed here to illustrate how attackers
easily hide their identity.
Local law enforcement departments, the FBI, and the Secret Service are called upon
to investigate a range of computer crimes. Although each of these entities works to train
its people to identify and track computer criminals, collectively they are very far behind
the times in their skills and tools, and are outnumbered by the number of hackers actively attacking networks. Because the attackers use tools that are automated, they can
perform several serious attacks in a short timeframe. When law enforcement is called
in, its efforts are usually more manual—checking logs, interviewing people, investigating hard drives, scanning for vulnerabilities, and setting up traps in case the attacker
comes back. Each agency can spare only a small number of people for computer crimes,
and generally they are behind in their expertise compared to many hackers. Because of
this, most attackers are never found, much less prosecuted.
This in no way means all attackers get away with their misdeeds. Law enforcement
is continually improving its tactics, and individuals are being prosecuted every month.
The following site shows all of the current and past prosecutions that have taken place
in the U.S.: www.cybercrime.gov. The point is that this is still a small percentage of
people who are carrying out digital crimes.
Really only a handful of laws deal specifically with computer crimes, making it
more challenging to successfully prosecute the attackers who are caught. Many companies that are victims of an attack usually just want to ensure that the vulnerability the
attacker exploited is fixed, instead of spending the time and money to go after and
View Full Document
- Fall '12