Cybercrime – A Tech View & Alternative

Perspective26th February 2011

C N Shashidhar & Simran Gambhir

http://null.co.in/ http://nullcon.net/

Cybercrime 101 – A Technology view

26th February 2011C N Shashidhar

http://in.linkedin.com/in/cnshashidhara

http://null.co.in/ http://nullcon.net/

http://null.co.in/ http://nullcon.net/

The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb.

United Nations Interregional Crime & Justice Research Institute, UNICRI – Italy

Every new technology opens the door to new criminal approaches

Phrack mag, Issue# 64, Article# 13, “Anonymous”

3

Hackers – Hacker Profiling Project• Wannabe (Lamers) - I wud luv to be a hacker type

• Script Kiddies – rely on scripts & programs written by others

• Cracker – Technically skilled with malicious intentions

• Ethical Hacker – Highly skilled with good intentions – law abiding

• QPS (Quiet Paranoid Skilled hacker) – Operate alone – Whitehats / Blackhats

• Cyber Warrior/Mercenary – Hacker for hire

• Industrial Spy Hacker

• Govt. Agent Hacker

• Military Hacker – IW specialists

4

Underground Economy Biz Model - 1

6

Underground Economy Biz Model

7

Org Chart of Underground Economy Biz

8

Underground Economy Biz model - 2

9

Cyber Crime Biz model• C2C model – Criminal to Criminal

• Cyber crime is the No. 1 criminal activity overtaking drugs in the US in 2009

• Organized as Corporate Biz model –Highly sophisticated syndicates

• Russian mafia using business partners & rewarding top performers

• Crime as a Service

• Crimeware

• Carding

• Spam

• Phishing & Bank frauds – ATM skimming

• Pharma scams

• Pornography

• Criminal ISPs

• Counterfeiting

• Virtual money

• Money Laundering

10

Crime as a Service• Crimeware

• Bots, Trojans, Key loggers & Viruses • Zeus Banking trojan/botnet – Customized & delivered as SAAS ; full blown version - $ 700 USD ;• TJ Maxx & Heartland systems attacks – 1 Bln card details compromised - Albert Gonzalez• RBS Worldpay hack – 9.5 $mln USD loss – 4 hackers – Viktor Pleshchuk of St Petersburg arrested in

March 2010. Others involved – Sergie Tsurikov of Tallin, Estonia, Oleg Covelin of Chisinau, Moldova & Hacker 3

• Identity theft • Complete Identities for sale – Address, SSN, Bank A/c, Credit Card info – Price $ 1 to

$50 per identity, guaranteed Service Level Agreements• Application theft – Using fake identity to open accounts• Account takeover – Masquerade as real owner of account & ask for change in mailing

address

• Carding – Verifying validity of card data• Spam – Unsolicited mails• Phishing – Emails to user for reset of banking pin • Bank frauds – ATM skimming (video)• Pharma scams• Pornography• Counterfeiting• Virtual money / Digital Cash

• eGold • Yandex• Webmoney

• Money Laundering

11

Cyber Crime & Infrastructure

• 2001 – 2005– Shadowcrew – Founded in 2002 by Seth Sanders (Kidd), Kim Taylor (MacGyver) & Albert

Gonzalez (CumbaJohnny). 4000 members internationally. Carding site busted by US Secret Service in 2004

– Cha0 – Cagatay Evyapan - Turkish – Biggest ATM Skimmer ever – Arrested Sept 2008

12

Cyber Crime & Infrastructure• 2001 – 2005• Dark Market – The Facebook for Fraudsters

• Founded in 2004 by Renukanth Subramaniam (JiLsi), Marcus Keller (Matrix001) & Max Ray Butler (MaxVision & Iceman) – Carders Market – 86 $ mln business – Infiltrated by FBI agent Keith Mularski & shut down in 2008 – JiLsi worked as a Pizza Hut despatch courier by day & used the Java Bean internet café at Wembley as his office for operating on DarkMarket forum. Carried the OS on a USB stick to avoid leaving trails

• DarkMarket price list• Trusted vendors on DarkMarket offered a smorgasbord of personal data, viruses, and card-

cloning kits at knockdown prices. Going rates were:• Dumps Data from magnetic stripes on batches of 10 cards. Standard cards: $50.

Gold/platinum: $80. Corporate: $180.• Card verification values Information needed for online transactions. $3-$10 depending

on quality.• Full information/change of billing Information needed for opening or taking over

account details. $150 for account with $10,000 balance. $300 for one with $20,000 balance.

• Skimmer Device to read card data. Up to $7,000.• Bank logins 2% of available balance.• Credit card images Both sides of card. $30 each.• Embossed card blanks $50 each.• Holograms $5 per 100.• Hire of botnet Software robots used in spam attacks. $50 a day.

13

Cyber Crime & Infrastructure

14

Login page of Darkmarket.ws

Cyber Crime & Infrastructure

15

User who is interested in buying access to 3000-4000 infected machines a

week.

Cyber Crime & Infrastructure

16

"Get more $$$ for your logs" - this user is advertising cashing services for various banks, used to steal

money from online bank accounts. Credentials for these accounts have been stolen via keyloggers.

Cyber Crime & Infrastructure

17

Distributed-denial-of-service attacks for sale. "This is a great deal on DDOS attacks and cannot be beat by anyone!"

200 "dove" stickers for $1500. "Dove stickers" are VISA credit card holograms.

Cyber Crime & Infrastructure• Russian Business Network – Verisign – “Baddest of the Bad”

• RBN–2$ bln (08) & 150$ mln rev (06-07) ; Criminal ISP

• Bullet proof hosting

• Owned by Flyman – nephew of Russian politician

• Located at #12, Levashovskiv prospect, 197110, St Petersburg, Russia

• Tracked by Law Enforcement agencies

• Recruit skilled hackers in Russia for creating malware & exploit 0 days

• Mysteriously disappeared on 4th Nov 2007 – Believed to be operating under different names

• Google maps image of RBN location

18

Cyber Crime & Infrastructure

19

RBN Group Companies

Too Coin Software

SBT

RBN

AkiMon

Nevacon

Silvernet

Linkey

Eltel2

Luglink

Eltel

RBN

Credolink

ConnectCom

Deltasys Rustelecom

Oinsinvest

MicronNet

Cyber Crime & Infrastructure

• Russian Business Network

20

Cyber Crime & InfrastructureRussian Business Network

21

Cyber Crime & Infrastructure

• 2005 to Now

• Innovative Marketing Inc

• Founded by Daniel Sundin & Sam Jain in 2002 at Belize & later moved to Kiev, Ukraine

• Pirated music, software, pornography & Viagra

• Disbanded in 2008 but operating under different names

22

Cyber Crime & Infrastructure• 2011 ATM Fraud

• http://www.nbcchicago.com/news/local-beat/atm-thefts-116435289.html

23

CloudCloud increasingly being used by cyber criminals

By way of example, O’Connor said cyber criminals could use the Cloud to secretly store and distribute child abuse material for commercial purposes.

Legitimate businesses may well be turning to the Cloud in increasing numbers, but so too are illegitimate business, according to the Minister for Home Affairs and Justice, Brendan O'Connor.In a speech, given at the International Association of Privacy Professionals Annual Conference in Sydney, O'Connor said cyber criminals were increasingly exploiting the Cloud to achieve their own aims."Cyber criminals can not only steal data from Clouds, they can also hide data in Clouds," he said. "Rogue Cloud service providers based in countries with lax cybercrime laws can provide confidential hosting and data storage services, which facilitates the storage and distribution of criminal data, avoiding detection by law enforcement agencies.

24

Cyber Crime Protection

• Regulatory framework to combat Cyber Crime – UN & NATO leading the way now

• Stricter laws to combat Cyber Crime – No safe havens

• Long term responses – Coordination & Harmonization of efforts at National & International levels

• User awareness & education – Public / Private partnership

• Switch to banks offering secure services & tell them

• Genuine Software

• Patch regularly

• Use effective Anti Virus

• Use a personal firewall

• Use common sense when transacting online / ATMs

25

Carding

26

Creditshttp://www.freedomfromfearmagazine.org & Raoul Chiesa, UNICRI Italy

http://www.bizeul.org/files/RBN_study.pdf

http://www.oswmag.com/article/cloud-increasingly-being-used-cyber-

criminals&urlhash=A93h&goback=.gmp_1864210.gde_1864210_member_36651911

http://www.freedomfromfearmagazine.org/index.php?option=com_content&view=arti

cle&id=302:hackers-profiling-who-are-the-attackers&catid=50:issue-7&Itemid=161

http://www.fortiguard.com/analysis/zeusanalysis.html

http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1514783,00.html

http://www.wired.com/threatlevel/tag/carding/

Fatal System Error by Joseph Menn

http://null.co.inhttp://www.wired.com/threatlevel/2010/03/alleged-rbs-hacker-arrested

27

http://www.youtube.com/watch?v=aUyiUAx4NxY

http://www.youtube.com/watch?v=AY_SPP1loFs

http://theeuropean-magazine.com/83-chiesa-raoul/84-cybercrime-and-

cyberwar&urlhash=_uFM&goback=.gmp_2677290.gde_2677290_member_39400172

http://www.guardian.co.uk/technology/2010/jan/1

4/darkmarket-online-fraud-trial-wembley

Cyber CrimeAn Alternate Perspective

simran@dn.gs

Nullcon Goa – 26th of Feb 2011

The Definition

A crime is a breach of law for which the governing authority can prescribe a

conviction and subsequent punishment

Some Facts: Cyber Crime is…

Often with faceless but real “victims”

Costs “real” money

BIG Business

A Perspective

Cyber Crime is “BAD”

Legality vs Morality

A Market Need

Hawala is illegal in many

countries around the world

Hawala provides a means to an end

for millions of people (people the “legal”

systems do not know how to serve!)

Honesty and Transparency

A Revolution

Don’t Believe The Hype

Think outside the box

Ask Yourself “Why?”