The recent arrest and 17-count indictment against 20-year-old accused hacker and botmaster Jeanson James Ancheta for both using and selling the tools to attack a number of networks, including some within the Defense Department, should be taken as a shot across the bow by anyone who reads this. Ancheta is accused of being part of a new breed of criminal hacker: not just in it for the fame--sure, he's getting his 15 minutes, although it could be more like 50 years--but rather after money. According to the charges against him, Ancheta even managed to collect nearly $60,000 by creating, spreading, and selling bots to the highest bidders. By all accounts, Ancheta is smart and motivated, and there was a market for his black-market guerrilla hacking tactics and tools. How do you stop a smart, motivated attacker from making your life miserable? Read carefully.
To catch a thief, or in this case a cyberterrorist, you have to think like one. IT professionals have been conditioned to think defensively, draping their networks with sensor-studded barbed wire and using firewalls and intrusion-prevention systems to lock down doors and windows around the perimeter. But there's an emerging school of thought that says only a more proactive approach to security can prepare companies for the unexpected.
For full story:
http://www.informationweek.com/blog/mai ... ck_cy.html