How do economic hackers work?

It's the world of chat rooms, malware and sophisticated phishing plans. How are their inner activities?

When TJX was launched on January 17, 2006, computer systems stored data related to credit cards, debit cards and sales transactions that were damaged. It is said that they have been hacked since December. Security agents at Visa recorded growing fraudulent credit card and debit card related TJX properties, such as in TJ Maxx, Marshalls, and HomeGoods stores from mid-November. That means you can completely steal user data floating on the Internet to sell to the black market via website and chat room, at least for two months or more.

Hacking is no longer a children's game. It has become a big business. The vibrant online black market with stolen credit card data, driver's license code. And malware, the program that allows hackers to exploit security vulnerabilities on commercial software, is a powerful tool for hackers. Terrorism became highly organized. They use peer-to-peer payment systems such as buying and selling on eBay without fear of being discovered when working together.

Independent hackers still exist, but the FBI finds that organized crime is part of the hacking community, especially in the Middle East. ' Hackers are always ready to unlock computers, collect personal data and sell them for profit, ' said Chris Stangl, the FBI's terrorist crime inspector, the third-ranked unit behind the Terror and Love division. according to newspaper.

Drawing a complete picture of economic hackers is not easy. It is a vibrant underground world but not everyone can catch them all. From 'gleaning' internal and external sources, you can only outline a part of this world.

Direct method

' Now it is no longer a time for hackers to point out the vulnerability on the Net. They create sophisticated malware for commercial and profit purposes ', eEye's Maffret. Some hackers use a direct method of ransom attack. Criminals infiltrate corporate computers with malware and encrypt data in computers. Next, they asked the company to pay ransom to get the decryption key. This form is very popular in Russia. Uriel Maimon, a senior customer researcher for RSA, an EMC-owned security firm, said he has seen such kinds of attacks in the past five months.

But direct attacks are not the most common form, because they are quite risky. Directly, that is, ' there is a straight financial connection between victim and author or malware owner ' - David Dagon, research specialist at Georgia Tech Information Security Center, analyzed. The more popular form is the black data market. Online website abundantly on the Internet, is the place where busy trading activities such as debit card numbers, credit cards, cardholders' names, card verification values, three or four-digit codes are used to verify cards . Jeff Moss, manager of "The Dark Tangent" and the founder of Black Hat, said the security training research firm (owned by the father of Informationweek CMP) said he knew there was a terrorist organization in Europe. Europe earns half a million dollars every year from buying and selling databases and customer name lists.

Information on credit cards is mostly sold in large quantities. When buying, you certainly won't want to have each one, but a collection, a lot, a group. Because anyone can cancel or participate in fraud compensation. Although some websites offer price lists, information on basic cards is sold at least at $ 1 per card, depending on the quality of the data.

Credit card thieves call themselves 'carders' and often drop their malware via IRC chat rooms, public forums or private forums with names like CardersMarket or Carder.info, even E-commerce websites look very normal and harmless. Experienced hackers or carders are often tied to their own IRC, encrypted and password protected.

The forum is called CardingWorld.cc with over 100,000 articles from 13,000 registered members, most of them from Russia. And the English-speaking area on the website always refers to the US National Bank (Bank of America), Fidelity Bank, PayPal, credit card information from around the world, valid gift cards and translations. Safe transportation with large amounts of money. Most buyers and sellers on the forum require transactions and offers to take place on private messages in the message board system or ICQ instant messages.

Like Dumps International website, provide credit cards, equipment to encrypt and use credit cards as well as social security numbers (Social Security numbers), birth dates, mother's maiden names, codes Bank PIN number, patches of 'rendered' card with card number, card holder name, expiration date. The price charged for a card number can be up to $ 40 / standard card and $ 120 / a 'signed' card. If you buy a lot of 100 price cards, you can drop it to $ 30 / card.

The average lifetime for these websites is about 6 months before they are redirected in the new proxy server and have legal intervention. TalkCash.net, the website that operated until last summer, also provides a list of 'ripper', who are involved in the market but are not reliable, and firms 'verify' who prove that they can distribute the goods as promised.

Some terrorists use peer-to-peer payment systems like PayPal, E-gold to trade in gold and transfer back to cash in each country. Others use Western Union to generate payments. E-gold says that 'there is no way to ignore' for anyone who uses its services for criminal purposes. PayPal's chief information security officer, Michael Barrett, said the company often works with legal organizations when there is any indication that criminal activity has occurred.

Money transfer activities are often very dangerous because hackers are always stalking for ways to usurp. If the amount of money is large, from more than 10,000 dollars or more, it is advised to notify the bank to follow up. Large transactions can be broken up by hackers like when customers pay for plasma TVs, invade large amounts of iTunes accounts, World of Warcraft appraisal information and even hack into routers.

Trading in Malware

Another valuable commodity in the economic hacker world is malware like viruses, worms, and Trojans. They provide hackers access to enterprise systems.

' Hackers hope businesses will have to redeem their data ' (Kaminsky).

A recent report by Internet Security Systems (owned by IBM last year) warns the industry's emerging 'vulnerability exploitation service' with similar distribution and production networks. Legal product channel of the computer industry. ' Vulnerability vendors often buy faulty code from the black market, encrypt it to prevent piracy or piracy, sell it to top spammers .'

For any market economy, the highest value goods will control the highest price. In December, a flaw found in Microsoft's new operating system Vista was found and sold on the Romanian Web forum for $ 50,000. Raimund Genes, chief technology officer of security firm Trend Micro, makes sure the malware industry controls more than $ 26 billion of the 2005 security firm.

That huge amount of money appeals to an equal number of criminals. The ze-ro day vulnerability was discovered last year and sold for between $ 20,000 and $ 30,000. Zero-day is a dangerous vulnerability, always creating new enhanced variants as soon as it is discovered, and before manufacturers can patch their products.

Although warned about the dangers of ze-ro and other security holes for companies and their customers, very few legal organizations can prevent someone from writing a chapter. process to exploit these vulnerabilities. You cannot accuse someone of committing crimes when ' pointing out unpatched holes on the Internet ' - Marc Maiffret, founder and director of hacking department of eEye Digital Security said.

Phishing escalates

Phishing is also becoming an expensive underground business. Spammers often search for e-mail addresses on the Web to sell to hackers. Hackers rely on it to find a security vulnerability that can be exploited, create phishing websites and tell spammers who send e-mail phishing. Meanwhile, carders buy information stolen from hackers, create fake credit cards, fake debit cards to steal money or sell to many other crimes. Of course a terrorist activity can do many other things.

The Anti-Phishing Working Group, a consortium of community and private organizations, said that the tools used by phishing scammers are now increasingly sophisticated. The December report of this group recorded more than 340 new variants of keylogger (keyboard stealing software) and Trojan hours used by phisher in just one month. The number of days increased by 'better use of automated tools to create and test new variants,' the report said.

Potentially, these tools were spawned from Eastern Europe with phishing programs and automatic spam distribution mechanisms. Those who create them are mostly very young, only in their twenties. Some are educated and educated, but others are not. Some live in countries such as Romania, where Internet bandwidth in households is more than some companies in the US. They grew up on the Internet more than 10 years ago and the laws there are less strict than places like the United States.

Sophisticated technology is not the only aid tool for phishing commerce. It's unbelievable, but the '419' Nigerian scammers continue their work successfully with many users using e-mail. Those e-mails usually start with the phrase 'I need your help' and describe the circumstances that make them need a lot of money to save someone and move to a country. That money is called an 'advanced fee' because they may require victims to send money to help them free up some huge account with the promise of double or a large amount of compensation. The number 419 is the criminal code Negerian once once caused fever and stormed famous scams.

Last month, Michigan's former treasurer Alcona County was arrested and forced to pay $ 1.2 million he had "tackled" and at least sent some to the infamous Nigerian e-mail scam. The US Federal Trade Commission had to issue this warning on its website: ' If you receive an email saying that you need help with a money outside Nigeria or any other country, please send it to the Trade Council (FTC) at spam@uce.gov '.

'Pump and Dump' - Information and profit

On January 25, the Securities and Exchange Commission seized a 21-year-old boy in Florida when he destroyed a series of online brokerage accounts, and then had to eliminate a lot of names. his item. Investors say that Aleksey Kamardin of Tampa, during the last five weeks of the summer, has earned more than $ 82,000 when using compromised accounts funds in Charles Schwab, E-Trade, JPMorgan Chase, TD Ameritrade and many other online brokerage agencies to gently buy shares of trading companies. These purchases create a virtual craze for legitimate commercial activity, raising stock prices. Kamardin then sold the shares he had bought before at high prices and made the stock market decline.

That's the new bottle of old wine 'pum and dump', a form of stock fraud based on secret information. Thieves will invest in cheap stocks, using accounts on the Cayman Island or somewhere far away from land that can set up anonymous account information. When a thief buys or steals identity information, he will set up a fake account, or infiltrate someone else's account (as in the case of Kamardin) and buy large quantities of cheap stocks, hold price control.

This creates a sensitive situation for financial services providers. ' They do not want to prevent everyone's business. Therefore, creating these fraudulent accounts has become a risky part of their businesses, 'said Marc Gaffan, marketing director of RSA's consumer solutions division. Likewise, it is difficult to scrutinize the business order because they are strongly influenced by time. Delay causes investors to lose money and hesitate to invest in that company. Last year, E-Trade encountered a similar dilemma when a computer was attacked, open to terrorists running pump-and-dump on the E-Trade client, leading to fraudulent activity. on the $ 18 million loss reported in the third quarter.

What to do before this situation?

The New York Electronic Crimes Task Force of Secret Service conducted the largest search in 2002 when claiming a former database administrator for Prudential Insurance, Donald McNeese stole identity and fraud information. Credit card and money laundering. McNeese stole the records on a Prudential database containing information of 60,000 employees. When he tried to sell this information through the Web, Bill Moylan, a former inspector of Long Island's Nassau County Police Department, who performed secret missions discovered and contacted him. McNeese sent Moylan about 20 employee identification information and advised him to use it to create fake credit cards, some of which were sent to McNeese's home in Florida. McNeese was eventually sentenced to three years in prison and forced her to pay $ 3,000.

Secret Service is a US federal organization responsible for investigating terrorist plots and economic hackers. In 2004, the organization found a group of hackers using the Shadowcrew.com website for illegal purposes. Six years later they were brought to federal court and forced to hire defense attorneys for the theft of credit cards, bank codes and identity information. Last March, the Secret Service announced the capture of seven out of 21 suspects three months under Operation Rolling Stone, a program to investigate identity theft and online fraud "through Web criminal forums."

Even so, economic hackers still don't falter. At the RSA Security Conference, which took place in San Francisco last week, RSA Art Coviello chairman said that the identity theft market has reached one billion dollars and malware has increased by 10 in five years.

' The fundamental problem is that we have geographic enforcement organizations geographically, but there are no geographic factors on the Internet, ' said Dan Kaminsky, a security researcher at DoxPara Research. And: ' We can't eavesdrop on phones through the ocean or surprise someone's home in Romania without local cooperation. We only have talent and personnel within our country. '

As a result, law enforcement must be based on close cooperation of many private sectors such as financial institutions, Internet service providers and telecommunications companies. There are many criminals operating in local legal organizations throughout the country. Many of them have access to FBI InfraGard, the information sharing system between FBI and private areas. InfraGard has been a subsidiary of the FBI in the intellectual field since 1996 to support IT professionals and academia, serving as FBI-related terrorist investigations.

IT companies are also partly responsible for opening up the 'underground' online market with malicious codes and data theft when releasing software with vulnerabilities. security. IBM's ISS has recorded a total of 7247 software vulnerabilities in 2006, an increase of nearly 40% compared to 2005. Among them, the vulnerability comes from Microsoft, Oracle and Apple as the largest.

Businesses and end users must stand together with some loose responsibility or security, sometimes simply storing too much data. In the case of TJX, the cause is the storage of credit card data against Vista's regulations. ' The operating system will assume that it is wrong for everyone to leave the data '.

Companies need to carefully provide the data they are managing and assess the actual ability to protect it. If not, they may see these data on a black market website.