organized cybercrime simple nomad nomad mobile research centre
TRANSCRIPT
![Page 1: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/1.jpg)
Organized CybercrimeOrganized Cybercrime
Simple NomadSimple Nomadnnomad omad mmobile obile rresearch esearch ccentreentre
![Page 2: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/2.jpg)
“With just a few keystrokes, cybercriminals around the worldcan disrupt our economy.” - Ralph Basham, Director of theU.S. Secret Service at RSA 2005.
“With just a few keystrokes, pundits can disrupt our freedoms.”- Daaih Liuh, NMRC, 2005
“With just a few keystrokes, I can turn those pundits off and watch porn instead.” – jrandom, NMRC, 2005
![Page 3: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/3.jpg)
OutlineOutline
• The Players• The Weapons• Precision Tactics• Examples
![Page 4: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/4.jpg)
The PlayersThe Players
![Page 5: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/5.jpg)
The PlayersThe Players
• Former Soviet Military• Russian Mafia• Professional Hackers• Spammers• Traditional Mafia• Basic Cybercrime
Organizations
![Page 6: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/6.jpg)
Former Soviet Military
• Military industrial complex in Soviet Russia was even more corrupt than their USA counterparts
• With the collapse of communism, many upper military personnel in Russia had few skills that paid well– Good at money laundering– Good at moving goods across borders– Connections with international crime
![Page 7: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/7.jpg)
Russian Mafia
Sergei Mikhailov, head of the Moscow-based Solntsevskaya Organization, with 5000+ members worldwide. Starting with extortion, counterfeiting, drug trafficking, and blackmail, his own organization eventually graduated to arms dealing, money laundering, and infiltration of government and legitimate business. Mikhailov’s Solntsevskaya Organization owns banks, casinos, car dealerships, and even an airport. Solntsevskaya is believed to be behind many cyber-related online crime ventures.
![Page 8: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/8.jpg)
Russian Mafia
Dolgopruadnanskaya is the second-largest gang operating out of Russia. They are considered ruthless and also are believed to be behind numerous current cybercrime activities, in addition to numerous other standard criminal ventures. They are believed to be behind a rash of bank robberies conducted over the Internet in 2001 against banks using vulnerable Windows NT web servers.
![Page 9: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/9.jpg)
Russian Mafia
• Cybercrime elements are considered “divisions”– The actual hackers themselves are kept compartmentalized
• Due to protection from a corrupt Russian government, most “big cases” do not net the big players, e.g. Operation Firewall
• There are thousands of organized crime gangs operating out of Russia, although most are not involved in cybercrime.
• When new hacking talent is needed, they will force hackers to work for them (or kill them and/or their families)
![Page 10: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/10.jpg)
Professional Hackers
• Paid per the job, usually flat rates• State-side hackers can earn up to $200K a year• The work is usually writing tools for others to
use, developing/finding new exploits, and coding up malware
• Occasionally they will do a black bag job, but these are rare, unless they are simply looking for “loot” on easy targets
![Page 11: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/11.jpg)
Spammers
• They earn millions per year selling their direct mail services
• They are not picky and do not consider the person doing the selling is committing fraud, including the Russia Mafia
• After years of jumping from ISP to ISP, it is much easier to lease “capacity” from hacker botnets or develop their own
• They are the main employer of professional hackers
![Page 12: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/12.jpg)
Traditional Mafia
• They are currently leaving most of the “work” to others
• Online ventures are sticking close to such things as pr0n, online gambling, etc
• They are taking advantage of technology, using computers heavily, and using reliable encryption
![Page 13: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/13.jpg)
Basic Cybercrime Organizations
• Fluid and change members frequently• Will form and disband on a “per project” basis• Rife with amateurs, take a lot of risk considering
the small payoffs• Although the most troublesome, they are
considered the bottom feeders– Think criminal script kiddies– This is usually who the Feds get, not the big guys
![Page 14: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/14.jpg)
The WeaponsThe Weapons
![Page 15: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/15.jpg)
The WeaponsThe Weapons
• Botnets– Average size is 5000 computers, some have been as large as
500,000 computers– New command and control software allows botnet capacity
leasing of subsections of the botnet
• Phishing– You guys *do* know what phishing is, right?
• Targeted Viruses– Used to create quick one-time-use botnets– Also used when specifically targeting a single site or
organization
• The usual Internet attack tools– Metasploit, etc
![Page 16: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/16.jpg)
Precision TacticsPrecision Tactics
![Page 17: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/17.jpg)
Precision Tactics - HotelPrecision Tactics - Hotel
• Hacking the PC in the hotel room– Can do remote– Will check into the same hotel as target if need be– Will resort to wiretaps, closed circuit video cameras, and other
physical penetration attempts• Known times when the target is out of the room are
especially dangerous– Speakers and trainers are especially vulnerable, since they have
to be in their talks, other do not• Law enforcement regularly bugs hotel rooms at security
conferences– Hotels (especially Vegas, Atlantic City) will comply to avoid LE
looking at their computers• Organized crime outfits *do* attend conferences
![Page 18: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/18.jpg)
Precision Tactics – Office
• Posing as regular office personnel• Planting network-based or hardware-based
sniffing devices• Conventional listening devices (bugs) are not
uncommon
![Page 19: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/19.jpg)
Precision Tactics – Infiltration
• Will pose as script kiddies, and “gain skills” fairly quickly, rising in status in various IRC channels
• Will join and form hacking groups• Will direct attacks for the group to perform, usually
directing blame toward the kiddies rather than themselves
• This is not a new technique – it is in use today by some governments, most notably French Intelligence
![Page 20: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/20.jpg)
ExamplesExamples
![Page 21: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/21.jpg)
![Page 22: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/22.jpg)
![Page 23: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/23.jpg)
![Page 24: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/24.jpg)
![Page 25: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/25.jpg)
![Page 26: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/26.jpg)
![Page 27: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/27.jpg)
Examples – Internet Black Market Pricing Guide
• Exploit code for known flaw - $100-$500 if no exploit code exists– Price drops to $0 after exploit code is “public”
• Exploit code for unknown flaw - $1000-$5000– Buyers include iDefense, Russian Mafia, Chinese and French
governments, etc
• List of 5000 IP addresses of computers infected with spyware/trojan for remote control - $150-$500
• List of 1000 working credit card numbers - $500-$5000– Price has increased since Operation Firewall
• Annual salary of a top-end skilled black hat hacker working for spammers - $100K-$200K
![Page 28: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/28.jpg)
Q & AQ & A
![Page 29: Organized Cybercrime Simple Nomad nomad mobile research centre](https://reader035.vdocuments.mx/reader035/viewer/2022081506/56649cf85503460f949c8ca3/html5/thumbnails/29.jpg)
FinFin
Images © 2005 NMRC www.nmrc.org