Contract worms for the mafia

Online crime is a booming business

The cliche of the good hacker with an idealistic ideology for the betterment of the world has outlived its usefulness. Also threatened with extinction is the type of virus and worm programmer who uses his creations to publicly denounce vulnerabilities in operating systems. Of course, there are still the script kiddies, who create websites just for a (misunderstood) sportive ambition "just for fun" want to bring under control. But the trend goes in another direction for a long time.

"Sporty" ambition and idealism are out. The scene is criminalizing itself. The greed for money reigns. Malicious programs are increasingly written with the intention of using them for criminal transactions on the internet. Phishing, pharming, spyware and trojans that turn home pcs into remote-controlled zombies are on the rise. The number and extent of worm and virus epidemics worldwide may have decreased in recent months; crime on the internet has increased significantly in recent years.

From a good tip to a rat

Elric is a rat, lord cyric makes it unmistakably clear. For elric has been talking. He sang like a canary, the evil lord mocks in the network terrorism forum, a popular russian internet forum for credit card fraudsters and hackers. Elric was also a member here until recently. As recently as december of last year, the u.S. Citizen was considered a hot tip because of his access to credit card information. "I work in the fraud department of a well-known us company and have daily access to hundreds of credit cards", had elric on 1. December last year roughly posted. "Can someone tell me how to make money with this information?" contact konne one with him via forum, icq or aim.

A number of interested people came forward with practical tips and offered elric their help in criminal marketing "his" credit cards. On 13. December, elric expressed his gratitude for the numerous "offers of help", that had reached him. He also thanked his future partners: "it’s good to know that one crow doesn’t peck out another’s eye," he wrote in his post of december 13. December 2004. Apparently elric had come to a trade agreement.

Among those who contacted elric via instant messenger was carrie kirby, a journalist at the san francisco chronicle. Elric described himself to her as a 22-year-old college student from the midwest who had only ever hacked websites as a hobby "hobby" had operated. He had no idea how to turn his skills into money. That’s why he turned to the russian hackers’ forum, where he also received expert help in carrying out credit card fraud schemes. Elric did not want to reveal details and his true identity. That is why his story cannot be verified. What is certain, however, is that after the article was published in the san francisco chronicle, he was immediately kicked out of the forum as a traitor and his nickname was changed to "rat" to rat.

Scammers rate scammers

The russian network terrorism forum is one of the more harmless, publicly accessible websites that serve as a cyber marketplace for trading in stolen credit card numbers, passwords and other personal data. Trust is good, control is better. That is why you can enter most forums of similar scam couleur only by a personal invitation.

The now closed website shadowcrew had even developed an evaluation procedure for new members, which is used on ebay co. Had been cribbed – motto: cheaters rate cheaters. The sellers of information or malicious programs had to change their "offers" (e.G. Stolen credit card information, online banking or ebay accounts) on a random basis from "trusted" members before they could gain access to the website and market their information there in a crude manner.

The typical fraud scenario

Cyber black markets like the network terrorism forum always work according to the same principle. In the typical scenario, providers (for example, a california hacker who stole credit card information from a company database) and "marketing helpers" completely unknown to each other. The hacker posts on a high-impact website that he needs help with the "marketing" his credit card information. An interested party is found, for example from russia, who buys a computer with the stolen credit card information. The goods are delivered to a middleman in england, who then resells them. The middleman keeps part of the proceeds and sends the rest to his russian partner. The latter keeps half of the money for himself and sends the other half to the californian hacker.

The parties involved do not know each other personally. There is no further contact between them. But they know that they depend on each other. Their criminal relations work because they want to do business with each other in the future. How smoothly it all works can be read in the indictment against the operators and members of the exposed website shadowcrew. Shadowcrew had around four thousand members who traded in a total of 1.7 million stolen credit card details and caused damage of more than four million us dollars.

Characteristic of this loose form of cybercrime is that those involved firstly operate worldwide, secondly remain largely anonymous among themselves, and thirdly, unlike traditional tightly and hierarchically organized crime, are only interwoven in a loose, virtual network. This has made it much more difficult to dismantle the criminal structures and clear up the fraud committed, mick deats of the british national hi-tech crime unit explained recently at an e-crime congress in london.

The mafia has tasted blood

Traditional organized crime is also increasingly using the internet for its criminal activities, as zurich-based internet security expert peter troxler can prove in a wide-ranging study for the security company mcafee.

Between july and december of last year, troxler interviewed law enforcement officials across europe and supplemented his expert interviews with his own research. He comes to the conclusion that organized crime has long since discovered the internet as an abundant source of illegal income. The criminal activities of these groups are the same off and online. It was essentially about protection raids on companies as well as online fraud and theft. According to troxler, however, the means had changed fundamentally.

Where physical violence was used in the past, the high-tech weapons offered by the internet are used today. The necessary it expertise is bought by organized crime on the online black market. Professional hackers have been hired as well as script kiddies to write malicious code for phishing attacks, credit card fraud and extortion scams. Viruses, worms and trojans were also commissioned. These malicious programs are designed to infect and hijack computers. The infected pcs are converted into remote-controlled zombie pcs, which are then combined into so-called bot networks.

Bot networks often consist of 20 to 30.000 hijacked individual computers. Their combined power is used for the distribution of spam or phishing emails as well as for targeted denial-of-service attacks against online companies. The company in question is first blackmailed with the threat of such an attack. If payment is not made, the company’s web servers are brought to their knees by a distributed dos attack with a large number of simultaneous requests.

Known cases of this type of protection racket occurred, for example, on betting companies during the last european football championship. According to the mcafee study, companies in australia and japan have also been the victims of large-scale attempts at extortion by remote-controlled bot networks. These attacks were carried out by criminal gangs in sweden, latvia and russia. According to the mcafee study, around one million computers worldwide are currently being used for criminal purposes without their owners being aware of it. Bot networks can be purchased on the online black market for as little as £100 per hour.

Phishing all inclusive

Otherwise, everything that belongs to the basic equipment of a successful internet fraudster is available on the criminal cyber black market. The offer includes, for example, a complete phish train from the fake phishing mail to the fake website – hosting included in each case.

According to the san francisco chronicle, the russian network terrorism forum offered the fake websites of 34 major us banks at a cost of 50 dollars per fake website. For a surcharge of 100 dollars, the matching phishing e-mails were also included. With these mails, internet users are made to believe that they urgently need to update their online banking status or their account with online companies such as ebay or paypal, and therefore click on a link that regularly takes the mail recipients to fake websites. Here, the unsuspecting users are asked to enter their personal data – passwords and credit card numbers included, of course. This data is then sent to the fraudsters’ servers, which use it for their criminal purposes.

If you buy a complete phishing service on the online black market, you only have to worry about sending phishing mails en masse to the internet. But even for this, the appropriate service provider can be found quickly and easily on the online black market.