nullcon 2011 - cyber crime 101: cost of cyber crime, trends and analysis
DESCRIPTION
Cyber crime 101: Cost of cyber crime, trends and analysis by Shashidhar C.N & Simran GambhiTRANSCRIPT
Cybercrime – A Tech View & Alternative
Perspective26th February 2011
C N Shashidhar & Simran Gambhir
http://null.co.in/ http://nullcon.net/
Cybercrime 101 – A Technology view
26th February 2011C N Shashidhar
http://in.linkedin.com/in/cnshashidhara
http://null.co.in/ http://nullcon.net/
http://null.co.in/ http://nullcon.net/
The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb.
United Nations Interregional Crime & Justice Research Institute, UNICRI – Italy
Every new technology opens the door to new criminal approaches
Phrack mag, Issue# 64, Article# 13, “Anonymous”
3
Hackers – Hacker Profiling Project• Wannabe (Lamers) - I wud luv to be a hacker type
• Script Kiddies – rely on scripts & programs written by others
• Cracker – Technically skilled with malicious intentions
• Ethical Hacker – Highly skilled with good intentions – law abiding
• QPS (Quiet Paranoid Skilled hacker) – Operate alone – Whitehats / Blackhats
• Cyber Warrior/Mercenary – Hacker for hire
• Industrial Spy Hacker
• Govt. Agent Hacker
• Military Hacker – IW specialists
4
Underground Economy Biz Model - 1
6
Underground Economy Biz Model
7
Org Chart of Underground Economy Biz
8
Underground Economy Biz model - 2
9
Cyber Crime Biz model• C2C model – Criminal to Criminal
• Cyber crime is the No. 1 criminal activity overtaking drugs in the US in 2009
• Organized as Corporate Biz model –Highly sophisticated syndicates
• Russian mafia using business partners & rewarding top performers
• Crime as a Service
• Crimeware
• Carding
• Spam
• Phishing & Bank frauds – ATM skimming
• Pharma scams
• Pornography
• Criminal ISPs
• Counterfeiting
• Virtual money
• Money Laundering
10
Crime as a Service• Crimeware
• Bots, Trojans, Key loggers & Viruses • Zeus Banking trojan/botnet – Customized & delivered as SAAS ; full blown version - $ 700 USD ;• TJ Maxx & Heartland systems attacks – 1 Bln card details compromised - Albert Gonzalez• RBS Worldpay hack – 9.5 $mln USD loss – 4 hackers – Viktor Pleshchuk of St Petersburg arrested in
March 2010. Others involved – Sergie Tsurikov of Tallin, Estonia, Oleg Covelin of Chisinau, Moldova & Hacker 3
• Identity theft • Complete Identities for sale – Address, SSN, Bank A/c, Credit Card info – Price $ 1 to
$50 per identity, guaranteed Service Level Agreements• Application theft – Using fake identity to open accounts• Account takeover – Masquerade as real owner of account & ask for change in mailing
address
• Carding – Verifying validity of card data• Spam – Unsolicited mails• Phishing – Emails to user for reset of banking pin • Bank frauds – ATM skimming (video)• Pharma scams• Pornography• Counterfeiting• Virtual money / Digital Cash
• eGold • Yandex• Webmoney
• Money Laundering
11
Cyber Crime & Infrastructure
• 2001 – 2005– Shadowcrew – Founded in 2002 by Seth Sanders (Kidd), Kim Taylor (MacGyver) & Albert
Gonzalez (CumbaJohnny). 4000 members internationally. Carding site busted by US Secret Service in 2004
– Cha0 – Cagatay Evyapan - Turkish – Biggest ATM Skimmer ever – Arrested Sept 2008
12
Cyber Crime & Infrastructure• 2001 – 2005• Dark Market – The Facebook for Fraudsters
• Founded in 2004 by Renukanth Subramaniam (JiLsi), Marcus Keller (Matrix001) & Max Ray Butler (MaxVision & Iceman) – Carders Market – 86 $ mln business – Infiltrated by FBI agent Keith Mularski & shut down in 2008 – JiLsi worked as a Pizza Hut despatch courier by day & used the Java Bean internet café at Wembley as his office for operating on DarkMarket forum. Carried the OS on a USB stick to avoid leaving trails
• DarkMarket price list• Trusted vendors on DarkMarket offered a smorgasbord of personal data, viruses, and card-
cloning kits at knockdown prices. Going rates were:• Dumps Data from magnetic stripes on batches of 10 cards. Standard cards: $50.
Gold/platinum: $80. Corporate: $180.• Card verification values Information needed for online transactions. $3-$10 depending
on quality.• Full information/change of billing Information needed for opening or taking over
account details. $150 for account with $10,000 balance. $300 for one with $20,000 balance.
• Skimmer Device to read card data. Up to $7,000.• Bank logins 2% of available balance.• Credit card images Both sides of card. $30 each.• Embossed card blanks $50 each.• Holograms $5 per 100.• Hire of botnet Software robots used in spam attacks. $50 a day.
13
Cyber Crime & Infrastructure
14
Login page of Darkmarket.ws
Cyber Crime & Infrastructure
15
User who is interested in buying access to 3000-4000 infected machines a
week.
Cyber Crime & Infrastructure
16
"Get more $$$ for your logs" - this user is advertising cashing services for various banks, used to steal
money from online bank accounts. Credentials for these accounts have been stolen via keyloggers.
Cyber Crime & Infrastructure
17
Distributed-denial-of-service attacks for sale. "This is a great deal on DDOS attacks and cannot be beat by anyone!"
200 "dove" stickers for $1500. "Dove stickers" are VISA credit card holograms.
Cyber Crime & Infrastructure• Russian Business Network – Verisign – “Baddest of the Bad”
• RBN–2$ bln (08) & 150$ mln rev (06-07) ; Criminal ISP
• Bullet proof hosting
• Owned by Flyman – nephew of Russian politician
• Located at #12, Levashovskiv prospect, 197110, St Petersburg, Russia
• Tracked by Law Enforcement agencies
• Recruit skilled hackers in Russia for creating malware & exploit 0 days
• Mysteriously disappeared on 4th Nov 2007 – Believed to be operating under different names
• Google maps image of RBN location
18
Cyber Crime & Infrastructure
19
RBN Group Companies
Too Coin Software
SBT
RBN
AkiMon
Nevacon
Silvernet
Linkey
Eltel2
Luglink
Eltel
RBN
Credolink
ConnectCom
Deltasys Rustelecom
Oinsinvest
MicronNet
Cyber Crime & Infrastructure
• Russian Business Network
20
Cyber Crime & InfrastructureRussian Business Network
21
Cyber Crime & Infrastructure
• 2005 to Now
• Innovative Marketing Inc
• Founded by Daniel Sundin & Sam Jain in 2002 at Belize & later moved to Kiev, Ukraine
• Pirated music, software, pornography & Viagra
• Disbanded in 2008 but operating under different names
22
Cyber Crime & Infrastructure• 2011 ATM Fraud
• http://www.nbcchicago.com/news/local-beat/atm-thefts-116435289.html
23
CloudCloud increasingly being used by cyber criminals
By way of example, O’Connor said cyber criminals could use the Cloud to secretly store and distribute child abuse material for commercial purposes.
Legitimate businesses may well be turning to the Cloud in increasing numbers, but so too are illegitimate business, according to the Minister for Home Affairs and Justice, Brendan O'Connor.In a speech, given at the International Association of Privacy Professionals Annual Conference in Sydney, O'Connor said cyber criminals were increasingly exploiting the Cloud to achieve their own aims."Cyber criminals can not only steal data from Clouds, they can also hide data in Clouds," he said. "Rogue Cloud service providers based in countries with lax cybercrime laws can provide confidential hosting and data storage services, which facilitates the storage and distribution of criminal data, avoiding detection by law enforcement agencies.
24
Cyber Crime Protection
• Regulatory framework to combat Cyber Crime – UN & NATO leading the way now
• Stricter laws to combat Cyber Crime – No safe havens
• Long term responses – Coordination & Harmonization of efforts at National & International levels
• User awareness & education – Public / Private partnership
• Switch to banks offering secure services & tell them
• Genuine Software
• Patch regularly
• Use effective Anti Virus
• Use a personal firewall
• Use common sense when transacting online / ATMs
25
Carding
26
Creditshttp://www.freedomfromfearmagazine.org & Raoul Chiesa, UNICRI Italy
http://www.bizeul.org/files/RBN_study.pdf
http://www.oswmag.com/article/cloud-increasingly-being-used-cyber-
criminals&urlhash=A93h&goback=.gmp_1864210.gde_1864210_member_36651911
http://www.freedomfromfearmagazine.org/index.php?option=com_content&view=arti
cle&id=302:hackers-profiling-who-are-the-attackers&catid=50:issue-7&Itemid=161
http://www.fortiguard.com/analysis/zeusanalysis.html
http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1514783,00.html
http://www.wired.com/threatlevel/tag/carding/
Fatal System Error by Joseph Menn
http://null.co.inhttp://www.wired.com/threatlevel/2010/03/alleged-rbs-hacker-arrested
27
http://www.youtube.com/watch?v=aUyiUAx4NxY
http://www.youtube.com/watch?v=AY_SPP1loFs
http://theeuropean-magazine.com/83-chiesa-raoul/84-cybercrime-and-
cyberwar&urlhash=_uFM&goback=.gmp_2677290.gde_2677290_member_39400172
http://www.guardian.co.uk/technology/2010/jan/1
4/darkmarket-online-fraud-trial-wembley
The Definition
A crime is a breach of law for which the governing authority can prescribe a
conviction and subsequent punishment
Some Facts: Cyber Crime is…
Often with faceless but real “victims”
Costs “real” money
BIG Business
A Perspective
Cyber Crime is “BAD”
Legality vs Morality
A Market Need
Hawala is illegal in many
countries around the world
Hawala provides a means to an end
for millions of people (people the “legal”
systems do not know how to serve!)
Honesty and Transparency
A Revolution
Don’t Believe The Hype
Think outside the box
Ask Yourself “Why?”