Internet Crime and Application

Menengok Virus-virus Kriminal Internet


Ada banyak ancaman kejahatan di internet. Mulai dari pencurian data, penipuan, carding ilegal, pencurian identitas, lelucon, hingga perusakan web, pembajakan perangkat lunak, injeksi SQL, hingga serangan worm, virus, trojan horse, dan sebagainya. <!–[if gte vml 1]> <![endif]–><!–[if !vml]–>

Hampir semua ancaman tersebut berawal dari perolehan atau pengaksesan malware, perangkat lunak perusak yang wujudnya bisa berupa worm, virus, spyware, bahkan barang kali adware. Khusus untuk adware, menggolongkannya ke dalam kategori malware atau bukan tergantung pada siapa penggunanya. Adware yang muncul secara pop-up di saat kita sedang mengakses situs/blog tertentu, dirasakan sebagian kelompok sebagai pengganggu kenyamanan. Sementara yang lain menganggapnya sebagai bentuk lain sebuah iklan yang wajar.

Kabar terbaru menyebutkan, Komisi Perdagangan Federal (FTC) di Amerika Serikat membantu sebuah perusahaan adware raksasa meraih pengakuan, atau sebaliknya tidak akan digolongkan sebagai bagian dari bisnis. Ironis, karena komisi ini dalam kesempatan yang sama belum juga menindaklanjuti penangkalan cyber crime (kejahatan internet). Ancaman kejahatan di dunia internet diprediksi oleh para pakar dari perusahaan antivirus terkemuka, seperti Symantec dan McAfee, selain semakin meningkat, terutama pada sistem operasi dan aplikasi yang populer, kian mutakhir dalam metode penyerangannya. Seperti diketahui bersama, worm dan virus sangat mudah menyusup ke dalam celah-celah kelemahan suatu sistem. Symantec menyatakan, sistem operasi Vista memiliki 16-19 celah kelemahan.

Jumlah ini tidaklah mengagetkan. Di awal tahun 2003 lalu, penulis menemukan 15 celah keamanan pada Windows Server 2003 Edisi Enterprise. Waktu itu Worm MSBlast sempat menyerang sistem operasi yang belum sempat ditambal. Salah satu tambalan tersebut adalah untuk celah remote-code execution. Sistem operasi penulis pada saat itu diakses secara remote dari server khusus yang tersimpan di Indosat. Secara umum, celah-celah tersebut mengakibatkan aliran data secara realtime pada Stock Screening dari BEJ ke komputer server sempat terhenti selama tiga hari. Tidak hanya sistem operasi terkemuka semacam Windows yang memiliki target serangan para pembuat worm. Pada tahun yang sama, penulis juga menemukan masalah serupa dengan IBM Z/OS. Demikian dalam sistem operasi RedHat Linux 9 yang terdeteksi memiliki celah keamanan sebanyak 70-72 buah.

Setidaknya ini membuktikan jika para pembuat worm dan virus bergerak tanpa pandang bulu; apakah yang jadi target serangannya produk open source atau produk berhak milik. Masih tentang pengalaman penulis, selain sistem operasi, sasaran terobos juga terjadi pada aplikasi lain, seperti MS-SQL, Outlook, dan lain-lain. Jebolnya pertahanan sistem aplikasi kami saat itu juga disebabkan belum diperbaruinya MS-SQL yang memiliki celah kelemahan. Pada akhirnya, penulis bisa melewati serangan tersebut setelah memasukkan tambalan-tambalan pada sistem operasi, aplikasi basis data, sambil memperbarui perangkat lunak antivirus dan anti-malware.

Majalah InformationWeek menulis, setelah sistem operasi, target serangan lainnya adalah situs-situs permainan online. Serangan ini memperkuat dugaan bahwa jejak para cracker selalu mengikuti uang, termasuk para hacker. Khusus di tahun 2007, serangan malware terbesar di Amerika didominasi oleh worm Storm. Meski Amerika dalam hal ini hanya sebagai contoh korban, internet tidaklah mengenal batas zona dan waktu. Worm jenis botnet juga cukup produktif menyerang Asia, termasuk Indonesia. Tidak sedikit yang berpendapat jika Storm diciptakan oleh orang Eropa (di luar Rusia) yang tidak menyukai Amerika. Penciptanya pun teridentifikasi sangat mengenal kultur AS.

“Political cyber crime”

Serangan kejahatan yang menyangkut wilayah politik dan ekonomi negara juga dikabarkan terjadi antara Cina dan Amerika. Tanggal 19 November lalu, InformationWeek, majalah mingguan yang terbit di Amerika ini menulis bahwa Komisi Peninjau Ekonomi dan Keamanan Amerika-Cina (United States-China Economic and Security Review Commission/USCC) mengatakan, Cina sedang mengintai untuk memperoleh penghematan waktu dan uang dalam riset serta pengembangan teknologi canggih yang sedang dikembangkannya.

Pengintaian yang dilakukan orang-orang Cina merupakan ancaman tertinggi untuk teknologi AS. Selain itu, komisi ini juga menyatakan perhatiannya atas kemampuan militer Cina dalam menghancurkan satelit untuk melakukan serangan cyber melawan jaringan komputer dan sistem pertahanan cyber AS. Serangan terorganisasi tersebut telah meluas sejak tahun 2005. Sebagai langkah pertahanan, laporan tersebut menyarankan adanya funding yang mendukung penegakan kendali ekspor, khususnya untuk mendeteksi serta mencegah transfer teknologi secara ilegal ke Cina. Lain peperangan cyber antara Amerika-Cina, lain pula bentuk peperangan antara Malaysia-Indonesia. Akhir-akhir ini kita menyaksikan peperangan yang dilakukan sekelompok anak Indonesia dengan anak negeri Malaysia. Tapi, peperangan tersebut baru hanya pada ejekan dalam forum, blog hingga web-spoofing.

***

Kembali pada worm Storm. Dalam wujud tunggalnya, worm ini telah teruji mengalami pertumbuhan yang pesat. Network World, Inc., sebuah perusahaan riset dan media teknologi yang juga divisi dari IDG, menulis bahwa Storm merupakan worm terproduktif. Sekali sebuah PC mengunjungi situs web yang terinfeksi, dan Storm yang berada di sana terunduh, PC tersebut sudah pasti tertulari. Dengan begitu, PC secara otomatis akan dikendalikan oleh orang lain tanpa disadari pemiliknya. Dalam waktu bersamaan, PC ini akan membentuk botnet yang dapat digunakan untuk mengirimkan spam, meluncurkan serangan DOS (denial-of-service) terdistribusi, atau induk situs web akan mengunduh malware lebih banyak lagi.

Seperti diketahui, botnet adalah pembentuk jaringan “zombie”. Hal ini juga diakui Adi Maulana, ahli jaringan dan keamanan di sebuah perusahaan swasta, Jakarta. Dari pengalamannya, ia menyarankan perlunya para praktisi keamanan TI perusahaan untuk mewaspadai jenis worm yang menyerang perusahaan. Worm ini biasanya masuk lewat jaringan dan sistem kerjanya menyiarkan perintah, sehingga lalu lintas jaringan yang tadinya kosong menjadi penuh. Pada gilirannya, hal ini akan membuat koneksi jaringan antarcabang perusahaan terputus. Kemampuan Storm hingga seperti itu adalah karena teknik pengodeannya yang kian mutakhir, sehingga mampu berkomunikasi melalui saluran yang terenkripsi sekalipun, sekaligus terus mengubah metode serangannya. Cara kerja Storm tidak seperti virus atau worm tradisional, yang menghapus data atau file. Storm menginstalkan dirinya dalam PC melalui spam yang bukan dibawa oleh pesan dalam e-mail, melainkan meraih korban melalui kunjungannya ke situs yang terinfeksi malware.

Sepuluh ancaman

Dalam pandangan perusahaan antivirus Symantec ada sepuluh ancaman tertinggi. Pertama, pencurian data. Kedua, serangan terhadap sistem operasi Vista. Ketiga, spam yang meningkat pertumbuhannya di pertengahan tahun 2007. Keempat, serangan terhadap situs-situs transaksi online. Kelima, pencurian identitas. Keenam, eksploitasi merek terkenal. Ketujuh, bot. Kedelapan, celah-kelemahan yang terdapat pada modul pendukung (plug-in) web. Kesembilan, penciptaan pasar untuk kelemahan keamanan. Sebagai contoh, pemrakarsa keamanan, WabiSabiLabi memata-matai dan berperan sebagai pemberi informasi untuk meyakinkan pembeli dalam memperoleh informasi tentang kelemahan keamanan yang belum diketahui publik.

Kesepuluh, keamanan mesin virtual. Ancaman berbasis web ini akan mendominasi karena pada dasarnya penjelajah semakin seragam dalam cara merespons bahasa skrip semisal JavaScript. Dengam kondisi ini, pembuat malware dapat terus mengandalkan penggunaannya. Sebagai contoh, SANS (SysAdmin, Audit, Network, Security) Institute, sebuah organisasi riset dan edukasi di Amerika Serikat mengatakan, terdapat ratusan domain (hampir 40 ribu halaman) di internet diyakini telah diambil alih oleh pembuat situs yl18.net. Cara perusakan massal tersebut dengan melakukan injeksi script tag ke 40 ribu halaman web dari berbagai domain. Script tag atau baris perintah ini adalah salah satu kode XSS (cross-sites scripting) yang berisikan tautan ke file Javascript di sebuah situs tertentu.

Ancaman kejahatan di atas tidak selesai hanya dengan produk penangkal, apalagi sekadar melalui penegakan hukum. Semakin kompleks dan mutakhirnya metode serangan kejahatan memerlukan perpaduan yang solid antara keamanan dan manajemen sistem. Jika yang menjadi korban kejahatan ini adalah kalangan perusahaan, mereka sering kurang terbuka ke publik. Alasannya karena masalah kredibilitas. Lho kok? ***

Siti Nur Aryani Konsultan TI Aufklarung C & P; Application Provider for Global Market (www.pikran-rakyat.com, 29 November 2007)

 

Advertisements
Internet Crime and Application

Fenomena Kejahatan Internet


Perkembangan kehidupan jagat maya akhir-akhir ini memang semakin dahsyat. Berbagai kemudahan menjelajah dunia terpenuhi. Ada banyak kebaikan untuk melanjutkan tamasya kehidupan ke arah yang lebih baik di sana. Meski demikian, hukum kausalitas juga berlaku sebagaimana dalam kehidupan nyata di bumi. Ada kebaikan, pasti ada keburukan. Sebanyak pesan kebaikan menyebar, sebanyak itu pula keburukan merajalela. Continue reading “Fenomena Kejahatan Internet”

Internet Crime and Application

Cyber Crime In Online Company


Internet crimes via email have been demolishing some corporation. Therefore, business must anticipate these criminals as a necessity. If yet, they meet stagnancy in running their business. Everyday it must be crackers (Internet criminal actors) commit a crime in online website destruction.

Kompas (20/11) reported that National Single Windows (NSW), single website in serving export import information, had pulled down by cracker abruptly even though this website is just being initiation. Susiwijoyo, Head of Information Technology Commission NSW, indicated that there are 5300 hits in the first day during try out in spite of online management only provide 3000 hits. Fortunately, management immediately handles with cracker’s assault. However, cracker distracts to attack Jakarta Crisis Centre (JCC) website. Consequently, JCC website dropped and a part of their online devastated.

Source: Blowing_Bubbles_by_AquaSixio

This story actually is not new in the virtual world. Jean, one of author’s friend in French, told about his experience that primarily cracker send offering business mail about export import with prospect guarantee and many benefits. At the first time, He did not suspect for this offering with consideration his believing in corporation memorandum patterns. Then cracker presented corporate owner identity form and Jean filled out this form. Nevertheless, Jean did not check that there was one column needs not to be filled out, that is, private email and password.

In short, Jean did not aware that his doing would be causing all of computers in his company was infected worm virus. As a result, Jean’s e-mail was used by cracker as worn virus sending agent to thousands e- mail.

We download software, tools, and utilities from certain web very frequently meanwhile we do not realize to give our private mail and secret password. We have been trapped by spy ware action. We should have skills to deal with this crime such as we do not give our password and e-mail address to anyone unless our PC would be infected by worm viruses after we open our e-mail.

Another consequence is entering a series of spam into our email then PC becoming spam distribution machine to others network. Hence, since we online through our PC then distribute those spams to others network.

So what is spam’s distributor entering virus to attack websites via email? Obviously, he/she does not to get the benefits directly because there is no indication to conduct crime in credit card deception here. During this time expert barely give comments about these matters. The author indicated that this business actually has been made by anti virus company itself. Worm that entered usually come from old and new software. For instance, worm Rinbot or Delbot could be handle with only anti malware from Symantec security Software Company as well as Beagle worm with only Netsky antimalware.

Two cases aforementioned are experienced. There are still lots of viruses / worm types could be managed with certain antivirus or antimalware. Above it is only little example internet crimes modus with modeling virus and worm viruses. There is so many advanced way to do antimalware maker in commit this crime.

I would like to recap some points. First model, scouting attack, that is, a kind of activity information collection which is conducted by intruder to make an appropriate network system. Secondly, access-attack, it exploit weaknesses in network access system. Thirdly, denial of service attack, it sends so many numbers based on server requests, so this action substantively will make data traffic jam which is causing legal users could not access server.

The research was conducted Mi2g limited, risk management consultant in United States, reported that all of spams in the world has been eliminated productivity 10.4 billion dollar US in October 2003. According to that company, the destruction was caused spam higher than caused virus and worm (8.5 billion dollar US) and the destruction was caused disturbing and interfering hacker 1 billion dollar US (Internet Quotion, I/2004).

The author had reviewed this problem in SWA Sembada Magazine, February, 21 2005 edition. Many world company level decreased their income dramatically because cracker’s crime. The company could not run work actively after network, e-mail, and computer has broken.

Based on the problems aforementioned, Internet network security in “many viruses era” obviously becomes the basic needs for companies. Computer systems security is very important things in company operation, moreover if their all of system had been integrated. However, the obstacles to deal with this problem are the lack of skills. Therefore the alternative solution that relies on to save the system and data is to apply outsourcing system.

Energy limitation could be solved with hiring competent and credible outsource staffs than we have to employ any human resource in our company. However, the most important thing to notice by management is budget planning and accurately technician realization. (www.pikiran-rakyat.com, November 29, 2007)

Siti Nur Aryani

IT Consultant Aufklarung C&P:

Application Provider for Global Market

 

Internet Crime and Application

Internet Crimes Viruses


There are many crimes on the internet such as; data stealing, fraud, carding illegal, identity stealing (phising), kidding, web-spoofing/deface, software piracy, SQL injection, and the attack of worm, virus, Trojan horse etc.

Most of dangers are starting from the Malware accessing. This software destroyer can be formed of worm, virus, spy-ware, probably Adware. Particularly Adware can be classified into Malware group or does not depend on who accesses it. Adware on the internet is felt uncomfortable by several users but for the others users’ opinion it is a kind of normal advertising. Adware comes pop-up on our screen when we use/access a certain site/blog-spot.

Source: cherry blossoms

The recent news said, that Federal Tread Commission (FTC) in USA helped Adware company to get the business license or it can be erased from the kind of business. But on the same occasion this commission has not resolved yet to avoid the cyber crime in the internet. The crime menacing on the internet based on the experts’ opinion such as Symantec and McAfee. The crime menacing will develop quickly especially for the popular of system operation and application. As we know, the worm and virus is easer infiltrate the weak of system space. Symantec stated that the Vista system operation had 16-19 weak of vulnerable systems.

This amount is not surprise. At beginning of 2003, the writer got 15 weak of system spaces on Window Server 2003 of Enterprise Edition. This case happened when the Worm MSN-last infiltrated the system operation that had not been patched yet. One of the patch is remote-code execution where the writer’s system operation is accessed remotely from the special server of Indosat.

In general, this system spaces can cause the data streaming on real time at Stock Screening from the BEJ to Computer Server but the computer stopped for three days. It is not only famous system operation such as Windows that became a target of worm maker. At the same year, the writer also found the problems such as the IBM Z/OS and Red-Hat Linux 9 system operation is detected that has 70-72 weak of security holes.

In case this shows that the worm virus maker does not discriminate the special product of open source or property. The author has been experience, beside of system operation, the MS-SQL, Out Look etc. also become their target. The destruction of our application system is caused by an un-updating MS-SQL that has the weak of system spaces. In the end, the writer can avoid the virus’ attack after he has patched on the operation system, application of data basis while up dates the anti virus software and anti- malware.

The magazine of Information Week wrote after system operation was game on-line sites. This attack was proven by the Cracker that always regard with money matter including the Hacker. Especially in 2007, the bigger walware attack at USA was dominated by Worm Strom. Although USA in this case was only an example, internet was not limited access of zone and time. The worm Botnet was also enough effective to attack the Asia including Indonesia. Not less of opinion, if the Strom virus was created by European (out of Russian) who did not like American where the maker of the virus was identified know the American’s culture.

 

Political Cyber Crime

The crime attack regards with the district political and nation economic also happened between China and America. On 19 November, Information Week as the weekly magazine wrote that the United State-China Economic and Security Review Commission said that China was observing to get the economization of time and money of research and developing the sophisticated technology that had been being developed.

Espionage where done by the Chinese is one of higher menacing for American’s technology. Besides, this commission also stated that his attention to China’s military capability on destroying the satellite to attack cyber to against American’s computer net-working and Security Cyber System.

This organized attack has been spread since 2005. As defense, this report suggested a funding that supported export control, especially to identify and avoid transfer of technology illegally to China. Besides, Cyber war between America and China, is also Malaysia-Indonesia. Recently we witnessed the war between Indonesian and Malaysian. But this war was only indignity on forum, blog and web-spoofing.

The Worm Strom; in the single form, this worm had been tested develop progressively. Network World, Inc., is a research company and technology media and also one of IDG division wrote that the Storm is the most productive worm. In one time, a PC visited the infected web-site then down loaded it, this PC would be infected by viruses. Thus, PC would be controlled automatically by the foreign user without the owner’s consciousness. In the same time, this PC would make a Bonet that could be used for sending the spam, attacking distributed DOS (Denial-of-service), or a mother site web would down load many malware again.

As we know, Bonet is a maker of Zombie networking. This was admitted by Adi Maulana, he is an expert of net working and security in the private company, Jakarta. Regarding on his experience, he suggested that the company needed to have the technician of Technology Information to keep on guard the worm virus that would attack the accompany system.

This worm is usually infiltrates the network and running system on sending the order, as the result, the empty network traffic becomes full. This case will make the company network of branch will be cut.

Ability of this worm virus in influencing the system is caused by its modern coding technique where it can suspect the hidden canal. The suspect way of this virus is different from the traditional virus or worm which can erase the certain data or file. Where this Strom virus installs its self on the FC through the spam (which is not brought by the massage or e-mail) but this virus infiltrates the system through users access the Malwar’s infected sites.

Ten Threatens

According to Anti-Virus Symantec Company, there are ten threatens dangerous. Firstly is a data stealing. Second is Vista operation system attack. Third is a spam that has developed progressively in middle-year of 2007. Fourth is a virus attacks the site of transaction online. Fifth is an identity stealing (phishing). Sixth is exploiting the famous brand. Seventh is a Bot. Eighth is the weak of system spaces web. Ninth the weak of security system such as: security maker, WabiSabiLabi as the informer who always convinces the buyer to get the information of the weakness of security system. Tenth is the Virtual machine security. This menace web-based will be priority used by the users because they use the same way and respond a script, such as: Java Script. Thus, creating the Malware will depend on the users as the example is SANS (Sys Admin, Audit, Network, Security) institute. Regarding on statement of an organization of research and education in USA said that there were hundred of domains in internet (approximately 40 thousand pages) had been taken over by a site maker y118.net. The way of this mass deface is where the site maker injected the script-tag for 40 thousand pages web of domains. The script-tag or order-line is one of the XSS code (crossing-site scripting) which has the correlation between files of Java Script on a certain web.

The crime menace above can not be avoided only with the arrester product and a court. More complex and smartest of virus’s attack on the system is more needed the hard combination between security and management system. Why do not company clarify what really happen to the public?, if the crime victim of this virus attack them, they argued that this regarding to credibility problem. (www.pikiran-rakyat.com, November 29, 2007)

Siti Nur Aryani

IT Consultant Aufklarung C&P:

Application Provider for Global Market

Internet Crime and Application

Internet Crime Phenomenon


The advancement of virtual world life recently is dramatically increased. So many facilities make us to explore the world. There are so many good things to continue in entertaining life heading to a better world. Nevertheless, causality rule also has role in real life in earth. There is always good things and bad one. We distribute more good messages, so it will distribute worse one. Continue reading “Internet Crime Phenomenon”

Internet Crime and Application

“Cyber Crime” di Perusahaan “Online”


Kejahatan internet sebagian melalui e-mail, sebagian langsung merusak situs online milik perusahaan. Kesigapan dan kecerdasan mengantisipasi menjadi sebuah kebutuhan. Jika tidak, perusahaan akan stagnan. Tak susah mencari kasus perusakan situs online oleh ulah tangan cracker (penjahat internet). Setiap hari selalu ada kasus. Continue reading ““Cyber Crime” di Perusahaan “Online””