All the latest UK technology news, reviews and analysis
|
|
|
25 Aug 2006
Despite the hoo-hah created by the conviction of teenager David Lennon for email-bombing his ex-employer, he was a "rank amateur" and firms should be prepared for more sophisticated and insidious attacks, say security experts.
Lennon, 19, was convicted this week under Section 3 of the Computer Misuse Act of bringing down the mail server of UK insurer Domestic & General in 2004 by sending five million emails reading 'You will die in seven days', a quote from The Ring.
Domestic & General claimed that the attack cost the company £30,000 in lost business.
Although Lennon could have received a five-year jail sentence under the Act, the judge handed down a two-month curfew and an electronic tagging order.
Some observers believe that Lennon got off lightly. But so did his employer, according to security experts who deal with increasingly sophisticated email-bombing and denial of service (DoS) attacks and theft of intellectual property and personal data by insiders.
"[Lennon's] attack was relatively simple: it would have come from a single IP address making it easy to block and easy to identify where it came from," said Matt Sergeant, senior anti-spam technologist at security firm MessageLabs.
Lennon used a commercial mass-email package called Avalanche. The software is no longer available but was used legitimately by electronic direct mail agencies.
Even though he spoofed the email addresses of employees of Domestic & General and Microsoft chairman Bill Gates, tracing the sending IP address was a relatively easy task.
Modern mail-bomb and DoS attackers are professional cyber-criminals who rent zombie networks from black-hat hackers, launching concerted attacks from multiple IP addresses using innocent PCs infected with Trojans.
Sergeant said that he has seen networks of 10,000 zombie PCs offered for as little as £50 a day.
Targeting web-dependent businesses, the criminals then extort money by offering to cease the attack if the company pays a protection fee.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Project Manager (BI) 6 Months Contract – to...
Desktop Support Manager 3 month contract - to start...
/ Programme Manager / 45k / Significant benefits / London...
Automation Test Manager Selenium London 75k Automation...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Software is available to protect against mail bombs
I have a great deal of respect for MessageLabs. Their service is truly excellent and they have some amazingly smart people working for them. For companies that don't want to outsource their email protection, there is software available to help.
Posted by: Ken Simpson 25 Aug 2006