nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
1. Cybercrime – A Tech
View & Alternative
Perspective
26th February 2011
C N Shashidhar & Simran Gambhir
http://null.co.in/ http://nullcon.net/
2. Cybercrime 101 – A
Technology view
26th February 2011
C N Shashidhar
http://in.linkedin.com/in/cnshashidhara
http://null.co.in/ http://nullcon.net/
3. The modern thief can steal more with a computer than
with a gun. Tomorrow's terrorist may be able to do
more damage with a keyboard than with a bomb.
United Nations Interregional Crime & Justice Research Institute, UNICRI – Italy
Every new technology opens the door to new criminal
approaches
Phrack mag, Issue# 64, Article# 13, “Anonymous”
http://null.co.in/ http://nullcon.net/
3
4. Hackers – Hacker Profiling Project
• Wannabe (Lamers) - I wud luv to be a hacker type
• Script Kiddies – rely on scripts & programs written by others
• Cracker – Technically skilled with malicious intentions
• Ethical Hacker – Highly skilled with good intentions – law abiding
• QPS (Quiet Paranoid Skilled hacker) – Operate alone – Whitehats /
Blackhats
• Cyber Warrior/Mercenary – Hacker for hire
• Industrial Spy Hacker
• Govt. Agent Hacker
• Military Hacker – IW specialists
4
10. Cyber Crime Biz model
• C2C model – Criminal to Criminal
• Cyber crime is the No. 1 criminal activity overtaking drugs in the US in
2009
• Organized as Corporate Biz model –Highly sophisticated syndicates
• Russian mafia using business partners & rewarding top performers
• Crime as a Service
• Crimeware
• Carding
• Spam
• Phishing & Bank frauds – ATM skimming
• Pharma scams
• Pornography
• Criminal ISPs
• Counterfeiting
• Virtual money
• Money Laundering
10
11. Crime as a Service
• Crimeware
• Bots, Trojans, Key loggers & Viruses
• Zeus Banking trojan/botnet – Customized & delivered as SAAS ; full blown version - $ 700 USD ;
• TJ Maxx & Heartland systems attacks – 1 Bln card details compromised - Albert Gonzalez
• RBS Worldpay hack – 9.5 $mln USD loss – 4 hackers – Viktor Pleshchuk of St Petersburg arrested in
March 2010. Others involved – Sergie Tsurikov of Tallin, Estonia, Oleg Covelin of Chisinau, Moldova &
Hacker 3
• Identity theft
• Complete Identities for sale – Address, SSN, Bank A/c, Credit Card info – Price $ 1 to
$50 per identity, guaranteed Service Level Agreements
• Application theft – Using fake identity to open accounts
• Account takeover – Masquerade as real owner of account & ask for change in mailing
address
• Carding – Verifying validity of card data
• Spam – Unsolicited mails
• Phishing – Emails to user for reset of banking pin
• Bank frauds – ATM skimming (video)
• Pharma scams
• Pornography
• Counterfeiting
• Virtual money / Digital Cash
• eGold
• Yandex
• Webmoney
• Money Laundering
11
12. Cyber Crime & Infrastructure
• 2001 – 2005
– Shadowcrew – Founded in 2002 by Seth Sanders (Kidd), Kim Taylor (MacGyver) & Albert
Gonzalez (CumbaJohnny). 4000 members internationally. Carding site busted by US Secret
Service in 2004
– Cha0 – Cagatay Evyapan - Turkish – Biggest ATM Skimmer ever – Arrested Sept 2008
12
13. Cyber Crime & Infrastructure
• 2001 – 2005
• Dark Market – The Facebook for Fraudsters
• Founded in 2004 by Renukanth Subramaniam (JiLsi), Marcus Keller (Matrix001) & Max Ray Butler
(MaxVision & Iceman) – Carders Market – 86 $ mln business – Infiltrated by FBI agent Keith
Mularski & shut down in 2008 – JiLsi worked as a Pizza Hut despatch courier by day & used the
Java Bean internet café at Wembley as his office for operating on DarkMarket forum. Carried the
OS on a USB stick to avoid leaving trails
• DarkMarket price list
• Trusted vendors on DarkMarket offered a smorgasbord of personal data, viruses, and card-
cloning kits at knockdown prices. Going rates were:
• Dumps Data from magnetic stripes on batches of 10 cards. Standard cards: $50.
Gold/platinum: $80. Corporate: $180.
• Card verification values Information needed for online transactions. $3-$10 depending
on quality.
• Full information/change of billing Information needed for opening or taking over
account details. $150 for account with $10,000 balance. $300 for one with $20,000
balance.
• Skimmer Device to read card data. Up to $7,000.
• Bank logins 2% of available balance.
• Credit card images Both sides of card. $30 each.
• Embossed card blanks $50 each.
• Holograms $5 per 100.
• Hire of botnet Software robots used in spam attacks. $50 a day.
13
14. Cyber Crime & Infrastructure
Login page of Darkmarket.ws
14
15. Cyber Crime & Infrastructure
User who is interested in buying access to 3000-4000 infected machines a
week.
15
16. Cyber Crime & Infrastructure
"Get more $$$ for your logs" - this user is advertising cashing services for various banks, used to steal
money from online bank accounts. Credentials for these accounts have been stolen via keyloggers.
16
17. Cyber Crime & Infrastructure
Distributed-denial-of-service attacks for sale. "This is a great deal on DDOS attacks and cannot be beat by anyone!"
200 "dove" stickers for $1500. "Dove stickers" are VISA credit card holograms.
17
18. Cyber Crime & Infrastructure
• Russian Business Network – Verisign – “Baddest of the Bad”
• RBN–2$ bln (08) & 150$ mln rev (06-07) ; Criminal ISP
• Bullet proof hosting
• Owned by Flyman – nephew of Russian politician
• Located at #12, Levashovskiv prospect, 197110, St Petersburg, Russia
• Tracked by Law Enforcement agencies
• Recruit skilled hackers in Russia for creating malware & exploit 0 days
• Mysteriously disappeared on 4th Nov 2007 – Believed to be operating
under different names
• Google maps image of RBN location
18
20. Cyber Crime & Infrastructure
• Russian Business Network
20
21. Cyber Crime & Infrastructure
Russian Business Network
21
22. Cyber Crime & Infrastructure
• 2005 to Now
• Innovative Marketing Inc
• Founded by Daniel Sundin & Sam Jain in 2002 at Belize & later moved to Kiev, Ukraine
• Pirated music, software, pornography & Viagra
• Disbanded in 2008 but operating under different names
22
24. Cloud
Cloud increasingly being used by cyber criminals
By way of example, O’Connor said cyber criminals could use
the Cloud to secretly store and distribute child abuse material
for commercial purposes.
Legitimate businesses may well be turning to the Cloud in increasing
numbers, but so too are illegitimate business, according to the
Minister for Home Affairs and Justice, Brendan O'Connor.
In a speech, given at the International Association of Privacy
Professionals Annual Conference in Sydney, O'Connor said cyber
criminals were increasingly exploiting the Cloud to achieve their own
aims.
"Cyber criminals can not only steal data from Clouds, they can also
hide data in Clouds," he said. "Rogue Cloud service providers based in
countries with lax cybercrime laws can provide confidential hosting
and data storage services, which facilitates the storage and
distribution of criminal data, avoiding detection by law enforcement
agencies.
24
25. Cyber Crime Protection
• Regulatory framework to combat Cyber Crime – UN & NATO leading
the way now
• Stricter laws to combat Cyber Crime – No safe havens
• Long term responses – Coordination & Harmonization of efforts at
National & International levels
• User awareness & education – Public / Private partnership
• Switch to banks offering secure services & tell them
• Genuine Software
• Patch regularly
• Use effective Anti Virus
• Use a personal firewall
• Use common sense when transacting online / ATMs
25
33. A Market Need
Hawala is illegal in many
countries around the world
Hawala provides a means to an end
for millions of people (people the “legal”
systems do not know how to serve!)