VeriSign correlates hacker, fraud activity

* VeriSign: Organized groups, not teenage opportunists, likely behind 'Net attacks

The same countries and shady characters that produce most of the Internet's hacking activity also produce most Internet-based fraud, according to the preliminary returns of an early warning Internet security system developed by VeriSign.

VeriSign handles 10 billion DNS look-ups a day on the .com and .net top-level domain servers it operates. VeriSign also supports $22 billion e-commerce transactions a year with its Internet payment system. VeriSign recently began correlating and analyzing these transactions in the development of an early warning Internet security system for corporate network managers. 

What VeriSign has found is that the same IP addresses that are involved with viruses, worms and distributed denial-of-service attacks are also involved with online ID and credit card theft, VeriSign Chairman and CEO Stratton Sclavos says.

Sclavos lists Nigeria, Romania, Russia, Estonia, Bulgaria and India as the countries where most of the Internet's dangerous traffic is originated.

"The same people that are conducting fraud are conducting [distributed denial-of-service] attacks," Sclavos says. "We've been analyzing traffic patterns for three to four months, and we believe that to be the case."

Sclavos says this trend is a major shift from two years ago, when hackers and virus makers used to be teenage computer hobbyists. "The newest threats are from groups that are more organized," he says.

Last month, VeriSign introduced its Intelligence and Control Services, which are designed to provide corporate network managers with an offensive weapon against hacking and fraud. With its new service, VeriSign is turning the Internet usage, trends and patterns it sees from the pieces of the Internet infrastructure that it operates into an information service for enterprise customers. The service is designed to help corporate network managers proactively assess, monitor, manage and respond to security threats with real-time information from VeriSign's network operators.

"We didn't believe there would be a correlation between payment fraud and hacker attacks but it appears to be so," Sclavos says, adding that the analysis linking the two activities is still in an early stage.

Sclavos made his remarks at a private press briefing held recently in Washington D.C.

Learn more about this topic

Download VeriSign's Internet Security Intelligence Briefing

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:
Now read: Getting grounded in IoT