Cyber crime operations are using automated tools to change continually the IP addresses of databases used to collect and deliver stolen access credentials, says security researcher Ian Amit.

Amit, director of security research at Israel-based Aladdin Knowledge systems, made this discovery after gaining access to a criminal database containing access details for 200,000 web servers belonging to big organisations including the BBC.

The number of compromised websites dropped immediately after internet security organisation CERT and law enforcement agencies contacted affected organisations.
However, a subsequent sharp rise in similar attacks on previously unaffected servers and websites shows just how ineffective traditional defences are in dealing with these attacks, said Amit.

"Only by understanding the tools and technology being used by these underground criminal operations can we attempt to handle e-crime properly," he told Computer Weekly.
He said business, security suppliers and law enforcement agencies needed to collaborate to build as complete a picture as possible of techniques used by cyber-criminals.

A lot more research will need to be done in this area, said Amit, but by understanding the algorithms used by criminals to reassign IP addresses, security professionals can anticipate and block future attacks.

This and other strategies used by e-criminals are detailed in Aladdin's latest Attack Intelligence Research Center report.

"I hope the report will act as a catalyst to encourage security professionals to look behind the scenes rather than concentrate only on the effects of attacks on end-users," said Amit.

A lot more attention should be paid to giving home users the same quality of protection as corporate users, he said, because criminals are still able to make a lot of money going after softer targets.

"Enterprise level security needs to be put in the hands of home users to cut an important source of funding for criminal operations.