Iranian Cyber Army's plan to sell botnets increases threat level

Hactivist moves show cybercrime is going into top gear, say security experts

Hacktivist group, the Iranian Cyber Army (ICA), has announced that it plans to sell access to its botnets, which have been responsible for attacks on social networks like Twitter and the Chinese equivalent of Google, Baidu.

The rise of these 'hacker shops' represents a new level of threat for governments and businesses, with botnets now forming the backbone for malicious cyber activities, according to the latest research from Microsoft.

Some 6.5 million botnet infections were cleaned between April and June this year - double the number in the same period last year, the 9th Microsoft Security Intelligence Report revealed.

The high profile announcement by the ICA is evidence of a more co-ordinated effort than ever before by the hacking community to execute targeted attacks, said Alan Bentley, vice-president international at security firm Lumension.

"While this is certainly not the first case of malicious code being sold online, with the rise of highly complex attacks like Stuxnet and Zeus the online hacker shops of old seem like child's play when compared to this new wave of collaborative cyber warfare," he said.

The ICA announcement makes it clear that cyber criminals are creating mechanisms dedicated at corporate espionage and attacking against real-world infrastructures, such as power stations, said Bentley.

Paul Spencer, general manager at security firm AEP Networks said the ICA's announcement comes as no surprise.

"Cyber criminals, just like any other criminals, need to find new ways to make money. But it's no longer just about making a quick buck. The potential for the botnet to be used in a targeted attack against critical infrastructure is very real," he said.

Bentley said although the National Security Strategy's more than half a billion pound cash injection to bolster cyber security is a step in the right direction, as attacks become more targeted, more sophisticated, and more potent, there needs to be a change in mindset.

"Cyber defence strategies need to switch from preventing only the known bad, to preventing anything from entering the network unless it is known to be good.

"Only by applying this level of intelligence can we be confident that our windows are locked tight and our valuable assets safe," he said.

Read more on Hackers and cybercrime prevention