Welcome to the age of the Internet gangster. Gone are the days when young computer nerds sat alone in their rooms figuring out how to break in to their schools' computer systems to change grades. Also fading into nostalgia are the times when hackers teamed up with small-time hoods to pull off credit-card scams that victimized local banks.
The days of spammers, phishers, and identity thieves -- the typical culprits of today's online crime stories -- are upon us. These criminals have created their own syndicates to invade your computers and crack your company's network security.
Tony Soprano is a fictional crime boss, but his character has become a modern-day symbol of the somewhat glamorized image of life within a crime family. Does the Tony Soprano of today have a hand in Internet crime? In a word, yes.
Over the past several years, Internet security firms have discovered strong connections to gangs in Eastern Europe that have worldwide reach and operate with seeming impunity.
Today's Internet criminals have extended the turf of what law-enforcement agencies have traditionally called the Mafia. These Internet bad guys have adapted to new modes of crime, turning from numbers and narcotics rackets in the mid-20th century to Internet identity theft and denial-of-service (DOS) attacks.
Criminal Business Model
Today's Internet hooligans follow a basic business model, according to Andrew Jaquith, senior analyst at the Yankee Group. While the size of the criminal organization might vary, the basic network-crime process involves four levels of expertise.
It starts with vulnerability checkers. These computer engineers look for entries into corporate networks. Once an opening is located, specialists create custom-written software to maximize the vulnerability. Then other specialists get into the act to use the compromised systems as a base to locate other vulnerable computers.
As a collection of compromised computer systems is established, other programmers write software to place all the compromised computers under the control of one master criminal, the fourth actor in the chain.
The result of this strategy is what computer security experts identify as a drastic upsurge in the intensity and caliber of network attacks. Internet crime lords passed a watershed of sorts one year ago, Jaquith said. "It was at that point that viruses, Trojans, and spam started to be linked with monetary payouts," he said.
Before last year, spam, adware, and spyware antics were relatively innocuous, being little more than an inconvenience to computer users. "But 12 to 18 months ago, the folks that did these things realized that they could generate e-mail spam and martial denial-of-service bots for extortion purposes," he said.
The term "botnet" is slang for a network of remotely controlled computers that carry out instructions from one or more hackers. The newest viruses circulating on the Internet are able to scan a potential host computer for vulnerabilities, then take over that computer and adapt to its environment, propagating itself by connecting through the Internet to other potential hosts. The more compromised computers there are linked together, the more valuable the botnet becomes.
Given the existence of botnets that consist of thousands of personal and enterprise computers, many Internet security experts are convinced that Internet criminals are developing their own hierarchy, from traditional street runners or soldiers to a cadre of crime captains who report to higher-up dons.
"We hear that botnets are rentable by the hour now," said Jaquith, who pointed out that botnets have become hot commodities for Internet crime families. "That phenomenon is certainly real," he said.
Hotbed of Network Criminals
Pick any geographic region where a lack of government control is the norm, and you have the perfect setting for criminals to set up a home base. For starters, look at Romania and the states of the former Soviet Union, said Dmitri Alperovitch, principal research engineer at CipherTrust, an Internet security company.
"There is a 10-to-15-year evolution of hacking activity in that part of the world," he said. "It is a place where that kind of activity is not pursued by local law enforcement." What was once a ragtag collection of second-rate hackers has matured into a thriving community of professional-class intrusion technicians.
GeoTrust CEO Neal Creighton, whose company operates a global identity-verification program for e-mail systems, said sophisticated hackers have gravitated to Eastern Europe. "Even Poland has a network of hackers operating with runners in the U.S.," Creighton said. "These hackers are getting organized more than ever. They are starting to move to other markets," he said, adding that fake auctions on eBay (Nasdaq: EBAY - news) are becoming one of the most prevalent scams for cyber criminals from Eastern Europe.
Members of the hacker community throughout that region, Alperovitch said, now are adapting to take advantage of the latest phishing scams. "It's a natural transition taking place," he said. Phishing is the term applied to online schemes that attempt to lure people into giving up sensitive information -- such as passwords or credit card numbers -- by masquerading as trustworthy sources.
A recent scam discovered by one of Creighton's security investigations lured people to a phony bank site, using an e-mail that directed account holders to click a link to update their information. Failure to comply, warned the message, would result in the account being frozen for security reasons. The operation seemed to be set up in Russia.
"The bad guys were running several dynamic name servers so when one Web site was shut down, the operators simply routed consumers to other fake Web sites in Poland," said Creighton.
Like the Sopranos
Research by CipherTrust shows a close connection between phishing and crime syndicates. In an article titled "Phishing: 21st Century Organized Crime," the company outlined the process wherein information gained through online scams is sold and the profits routed to international criminals.
Tracking this criminal activity is difficult because, as the information crosses international borders, it is often outside the jurisdiction of any single nation's law-enforcement agencies. This confusion gives Internet criminals an added advantage, the report says, buying them time to organize, work with "peer groups," and launch more sophisticated attacks.
Internet crime is just like the criminal activity portrayed on the HBO series The Sopranos, said GeoTrust's Creighton. Many of the attacks revolve around extortion that must be paid to protect against criminals trashing a company's business reputation, he said.
"Like the TV Sopranos, family members operate on a need-to-know-the-boss basis. People are controlling the street-level soldiers, but a lot of it is piecemeal," Creighton said. He also said that details are hidden so successfully by those controlling the scams behind the scenes that sometimes people working on the front lines might not even realize that anything illegal is happening.
Often, innocent work-at-home patrons get duped into doing the dirty grunt work in an Internet-based scam. Known as "drops" or "mules," these street-level soldiers are usually recruited online at job sites. This method of recruitment is both very typical and very prevalent, according to CipherTrust's Alperovitch.
In one kind of criminal strategy that could be called "address laundering," recruited workers receive packages of merchandise purchased through phishing scams and forward those packages to the next location. "They simply get paid for handling the merchandise and don't know they are doing something illegal," he said.
The mules are the bottom of the feeding chain in Internet crime. They are recruited and handled by the next tier in the operation, the mule herders. These are the people who place ads in local papers and on Web site job boards to recruit the mules.
As part of a phishing scam, the mule herders distribute stolen account information to the mules, who think that they are working with legitimate banks. They are instructed by the mule herders to go online to complete various banking transactions. Another part of the scheme involves sending the mules to withdraw funds from money access centers and to deposit the money into other "company" bank accounts.
Law-enforcement agents cannot always trace the illegal activity to the culprits. Even if some workers get suspicious, they do not know the real identities of the herders who contact them via stolen phone cards and carefully camouflaged e-mail addresses.
"It is a very sophisticated operation," said Alperovitch. Runners in local areas are recruited to pick up money and relay it through Western Union and bank machines. If law enforcement closes in on these local underlings, the collared workers often have no knowledge to trade with police.
Sleeping with the Phishes
The most prevalent type of phishing scam involves setting up a site that has the complete look and feel of an online bank or a popular Internet destination, like PayPal. Phishers send out e-mail to get unsuspecting users to log on and provide their account information, which is then stolen.
Another common tactic is to entice customers to buy products at what will turn out to be a fake e-commerce store. A criminal will set up a phony Web site for a few weeks, collect orders, and then suddenly disappear.
One of the newest phishing trends to emerge has almost everybody in the security industry concerned: Trojan phishing. So-called Trojan programs, named after the horse of mythology that put the Greeks inside Troy's city walls, disguise themselves as beneficial files, but actually enable hackers to gain access to computers from remote locations to steal account information directly from a computer.
Some hackers use these Trojan-infected computers to set up networks of so-called "zombie" machines. "The advantage to the hacker is a continuous data flow and little chance of detection," said Alperovitch.
The Trojans also give criminals a way in to install keylogging software, which is quickly becoming the tool of choice for Internet gangsters. A study released recently by the digital-infrastructure company VeriSign (Nasdaq: VRSN - news) discovered thousands of different kinds of keylogging programs in operation, with potentially hundreds of thousands of computers infected.
Keyloggers consist of coding that is secretly deployed and silently installed on unsuspecting consumers' computers. The software can record every keystroke on infected systems and send that information back to hackers automatically. Such programs often are piggy-backed in phishing e-mail or spyware applications that are able to elude antivirus software and firewalls.
Remote Control Crime
Some European and Asian governments are beginning to work with U.S. and British law enforcement agencies to fight back against Internet crime conglomerates. But the hackers' abilities to work thousands of miles from where the actual thefts occur give them a solid advantage and a degree of anonymity.
According to Alperovitch, U.S. and British agents are trying hard to get other countries to cooperate in sharing criminal information to stop Internet crime. So far, that trust has been hard to establish, mostly because many countries don't understand the severity of the problem, according to security experts.
"These Internet scammers can set up from foreign countries using stolen credit cards to establish accounts at various Web site hosting companies," said Creighton. "Then they can point those Web servers to other hacked servers, hijacking lots of Web servers along the way."
Creighton and other experts said this type of remote operation keeps rolling from one distant server to another as banks catch up with them and shut them down. Meanwhile, the perpetrators never have to leave their homes. "Server owners have no idea that this illegal activity is going on from their own servers," he said.
GeoTrust's Creighton feels that Internet security firms are gradually turning the tide against criminals. "We're seeing more awareness in consumers, and software products are now able to warn Web surfers of unsafe Web sites. So there are a lot of solutions popping up," he said. "Phishing sites' up-time is now being reduced to a safer level."
CipherTrust's Alperovitch is less sure. "We are seeing perpetrators moving to places where there is no law enforcement. In the history of online fraud and security breaches, solutions never solve much of the threat criminals pose," he said.
The only real solution that has a chance of working, according to Alperovitch, is deterrence. "That can only come from fear of incarceration, which is present in the Western world only. Elsewhere that is not apparent."
1 post • Page 1 of 1