Welcome to the age of the Internet gangster. Gone are the days when young
computer nerds sat alone in their rooms figuring out how to break in to
their schools' computer systems to change grades. Also fading into
nostalgia are the times when hackers teamed up with small-time hoods to
pull off credit-card scams that victimized local banks. 
 
The days of spammers, phishers, and identity thieves -- the typical
culprits of today's online crime stories -- are upon us. These criminals
have created their own syndicates to invade your computers and crack your
company's network security.

Tony Soprano is a fictional crime boss, but his character has become a
modern-day symbol of the somewhat glamorized image of life within a crime
family. Does the Tony Soprano of today have a hand in Internet crime? In a
word, yes.

Over the past several years, Internet security firms have discovered strong
connections to gangs in Eastern Europe that have worldwide reach and
operate with seeming impunity.

Today's Internet criminals have extended the turf of what law-enforcement
agencies have traditionally called the Mafia. These Internet bad guys have
adapted to new modes of crime, turning from numbers and narcotics rackets
in the mid-20th century to Internet identity theft and denial-of-service
(DOS) attacks.

Criminal Business Model

Today's Internet hooligans follow a basic business model, according to
Andrew Jaquith, senior analyst at the Yankee Group. While the size of the
criminal organization might vary, the basic network-crime process involves
four levels of expertise.

It starts with vulnerability checkers. These computer engineers look for
entries into corporate networks. Once an opening is located, specialists
create custom-written software to maximize the vulnerability. Then other
specialists get into the act to use the compromised systems as a base to
locate other vulnerable computers.

As a collection of compromised computer systems is established, other
programmers write software to place all the compromised computers under the
control of one master criminal, the fourth actor in the chain.

The result of this strategy is what computer security experts identify as a
drastic upsurge in the intensity and caliber of network attacks. Internet
crime lords passed a watershed of sorts one year ago, Jaquith said. "It was
at that point that viruses, Trojans, and spam started to be linked with
monetary payouts," he said.

Before last year, spam, adware, and spyware antics were relatively
innocuous, being little more than an inconvenience to computer users. "But
12 to 18 months ago, the folks that did these things realized that they
could generate e-mail spam and martial denial-of-service bots for extortion
purposes," he said.

The term "botnet" is slang for a network of remotely controlled computers
that carry out instructions from one or more hackers. The newest viruses
circulating on the Internet are able to scan a potential host computer for
vulnerabilities, then take over that computer and adapt to its environment,
propagating itself by connecting through the Internet to other potential
hosts. The more compromised computers there are linked together, the more
valuable the botnet becomes.

Given the existence of botnets that consist of thousands of personal and
enterprise computers, many Internet security experts are convinced that
Internet criminals are developing their own hierarchy, from traditional
street runners or soldiers to a cadre of crime captains who report to
higher-up dons.

"We hear that botnets are rentable by the hour now," said Jaquith, who
pointed out that botnets have become hot commodities for Internet crime
families. "That phenomenon is certainly real," he said.

Hotbed of Network Criminals

Pick any geographic region where a lack of government control is the norm,
and you have the perfect setting for criminals to set up a home base. For
starters, look at Romania and the states of the former Soviet Union, said
Dmitri Alperovitch, principal research engineer at CipherTrust, an Internet
security company.

"There is a 10-to-15-year evolution of hacking activity in that part of the
world," he said. "It is a place where that kind of activity is not pursued
by local law enforcement." What was once a ragtag collection of second-rate
hackers has matured into a thriving community of professional-class
intrusion technicians.

GeoTrust CEO Neal Creighton, whose company operates a global
identity-verification program for e-mail systems, said sophisticated
hackers have gravitated to Eastern Europe. "Even Poland has a network of
hackers operating with runners in the U.S.," Creighton said. "These hackers
are getting organized more than ever. They are starting to move to other
markets," he said, adding that fake auctions on eBay (Nasdaq: EBAY - news)
are becoming one of the most prevalent scams for cyber criminals from
Eastern Europe. 

Members of the hacker community throughout that region, Alperovitch said,
now are adapting to take advantage of the latest phishing scams. "It's a
natural transition taking place," he said. Phishing is the term applied to
online schemes that attempt to lure people into giving up sensitive
information -- such as passwords or credit card numbers -- by masquerading
as trustworthy sources. 

A recent scam discovered by one of Creighton's security investigations
lured people to a phony bank site, using an e-mail that directed account
holders to click a link to update their information. Failure to comply,
warned the message, would result in the account being frozen for security
reasons. The operation seemed to be set up in Russia. 

"The bad guys were running several dynamic name servers so when one Web
site was shut down, the operators simply routed consumers to other fake Web
sites in Poland," said Creighton. 

Like the Sopranos 

Research by CipherTrust shows a close connection between phishing and crime
syndicates. In an article titled "Phishing: 21st Century Organized Crime,"
the company outlined the process wherein information gained through online
scams is sold and the profits routed to international criminals. 

Tracking this criminal activity is difficult because, as the information
crosses international borders, it is often outside the jurisdiction of any
single nation's law-enforcement agencies. This confusion gives Internet
criminals an added advantage, the report says, buying them time to
organize, work with "peer groups," and launch more sophisticated attacks. 

Internet crime is just like the criminal activity portrayed on the HBO
series The Sopranos, said GeoTrust's Creighton. Many of the attacks revolve
around extortion that must be paid to protect against criminals trashing a
company's business reputation, he said. 

"Like the TV Sopranos, family members operate on a
need-to-know-the-boss basis. People are controlling the street-level
soldiers, but a lot of it is piecemeal," Creighton said. He also said
that details are hidden so successfully by those controlling the scams
behind the scenes that sometimes people working on the front lines might
not even realize that anything illegal is happening. 

Often, innocent work-at-home patrons get duped into doing the dirty grunt
work in an Internet-based scam. Known as "drops" or
"mules," these
street-level soldiers are usually recruited online at job sites. This
method of recruitment is both very typical and very prevalent, according to
CipherTrust's Alperovitch. 

In one kind of criminal strategy that could be called "address laundering,"
recruited workers receive packages of merchandise purchased through
phishing scams and forward those packages to the next location. "They
simply get paid for handling the merchandise and don't know they are doing
something illegal," he said. 

The mules are the bottom of the feeding chain in Internet crime. They are
recruited and handled by the next tier in the operation, the mule herders.
These are the people who place ads in local papers and on Web site job
boards to recruit the mules. 

As part of a phishing scam, the mule herders distribute stolen account
information to the mules, who think that they are working with legitimate
banks. They are instructed by the mule herders to go online to complete
various banking transactions. Another part of the scheme involves sending
the mules to withdraw funds from money access centers and to deposit the
money into other "company" bank accounts. 

Law-enforcement agents cannot always trace the illegal activity to the
culprits. Even if some workers get suspicious, they do not know the real
identities of the herders who contact them via stolen phone cards and
carefully camouflaged e-mail addresses. 

"It is a very sophisticated operation," said Alperovitch. Runners in local
areas are recruited to pick up money and relay it through Western Union and
bank machines. If law enforcement closes in on these local underlings, the
collared workers often have no knowledge to trade with police. 

Sleeping with the Phishes 

The most prevalent type of phishing scam involves setting up a site that
has the complete look and feel of an online bank or a popular Internet
destination, like PayPal. Phishers send out e-mail to get unsuspecting
users to log on and provide their account information, which is then
stolen. 

Another common tactic is to entice customers to buy products at what will
turn out to be a fake e-commerce store. A criminal will set up a phony Web
site for a few weeks, collect orders, and then suddenly disappear. 

One of the newest phishing trends to emerge has almost everybody in the
security industry concerned: Trojan phishing. So-called Trojan programs,
named after the horse of mythology that put the Greeks inside Troy's city
walls, disguise themselves as beneficial files, but actually enable hackers
to gain access to computers from remote locations to steal account
information directly from a computer. 

Some hackers use these Trojan-infected computers to set up networks of
so-called "zombie" machines. "The advantage to the hacker is
a continuous
data flow and little chance of detection," said Alperovitch. 

The Trojans also give criminals a way in to install keylogging software,
which is quickly becoming the tool of choice for Internet gangsters. A
study released recently by the digital-infrastructure company VeriSign
(Nasdaq: VRSN - news) discovered thousands of different kinds of keylogging
programs in operation, with potentially hundreds of thousands of computers
infected. 

Keyloggers consist of coding that is secretly deployed and silently
installed on unsuspecting consumers' computers. The software can record
every keystroke on infected systems and send that information back to
hackers automatically. Such programs often are piggy-backed in phishing
e-mail or spyware applications that are able to elude antivirus software
and firewalls. 

Remote Control Crime 

Some European and Asian governments are beginning to work with U.S. and
British law enforcement agencies to fight back against Internet crime
conglomerates. But the hackers' abilities to work thousands of miles from
where the actual thefts occur give them a solid advantage and a degree of
anonymity. 

According to Alperovitch, U.S. and British agents are trying hard to get
other countries to cooperate in sharing criminal information to stop
Internet crime. So far, that trust has been hard to establish, mostly
because many countries don't understand the severity of the problem,
according to security experts. 

"These Internet scammers can set up from foreign countries using stolen
credit cards to establish accounts at various Web site hosting companies,"
said Creighton. "Then they can point those Web servers to other hacked
servers, hijacking lots of Web servers along the way." 

Creighton and other experts said this type of remote operation keeps
rolling from one distant server to another as banks catch up with them and
shut them down. Meanwhile, the perpetrators never have to leave their
homes. "Server owners have no idea that this illegal activity is going on
from their own servers," he said. 

GeoTrust's Creighton feels that Internet security firms are gradually
turning the tide against criminals. "We're seeing more awareness in
consumers, and software products are now able to warn Web surfers of unsafe
Web sites. So there are a lot of solutions popping up," he said. "Phishing
sites' up-time is now being reduced to a safer level." 

CipherTrust's Alperovitch is less sure. "We are seeing perpetrators moving
to places where there is no law enforcement. In the history of online fraud
and security breaches, solutions never solve much of the threat criminals
pose," he said. 

The only real solution that has a chance of working, according to
Alperovitch, is deterrence. "That can only come from fear of incarceration,
which is present in the Western world only. Elsewhere that is not
apparent."



---
Ed Koon, System Administrator
doc{at}docsplace.org
Doc's Place BBS Online
DOCSPLACE.TZO.CO