---BREAKAWAY CIVILIZATION ---ALTERNATIVE HISTORY---NEW BUSINESS MODELS--- ROCK & ROLL 'S STRANGE BEGINNINGS---SERIAL KILLERS---YEA AND THAT BAD WORD "CONSPIRACY"--- AMERICANS DON'T EXPLORE ANYTHING ANYMORE.WE JUST CONSUME AND DIE.---
Pages
▼
Monday, November 12, 2012
The Russian underground economy has democratized cybercrime
If you want to buy a botnet, it'll cost you somewhere in the region
of $700. If you just want to hire someone else's for an hour, though, it
can cost as little as $2—that's long enough to take down, say, a call
center, if that's what you were in the mood for. Maybe you'd like to spy
on an ex—for $350 you can purchase a trojan that lets you see all their
incoming and outgoing texts. Or maybe you're just in the market for
some good, old-fashioned spamming—it'll only cost you $10 for a million
e-mails. That's the hourly minimum wage in the UK.
This is the current state of Russia's underground market in
cybercrime—a vibrant community of ne'er-do-wells offering every
conceivable kind of method for compromising computer security. It's been
profiled in security firm Trend Micro's report, Russian Underground 101, and
its findings are as fascinating as they are alarming. It's an insight
into the workings of an entirely hidden economy, but also one that's
pretty scary. Some of these things are really, really cheap.
Rik Ferguson, Trend Micro's director of security research and
communications, explains to Wired.co.uk that Russia's cybercrime market
is "very much a well-established market." He says: "It's very mature.
It's been in place for quite some time. There are people offering niche
services, and every niche is catered for." Russia is one of the major
centers of cybercrime, alongside other nations like China and Brazil
("the spiritual home of banking malware"). Russian Underground 101 details the range of products on
offer in this established market—Ferguson says that they can be for
targeting anyone "from consumers to small businesses." He points to ZeuS,
a hugely popular trojan that's been around for at least six years. It
creates botnets that remotely store personal information gleaned from
users' machines, and has been discovered within the networks of large
organizations like Bank of America, NASA, and Amazon. In 2011, the
source code for ZeuS was released into the wild—now, Ferguson says,
"it's become a criminal open source project." Versions of ZeuS sell for
between $200 and $500.
Cybercriminal techniques go in and out of fashion like everything
else—in that sense, ZeuS is a bit unusual in its longevity. That's in
large part because viruses and trojans can be adapted to take advantage
of things in the news to make their fake error messages or spam e-mails
seem more legitimate. For example, fake sites, and fake ads for
antivirus software, aren't as popular as they once were because people
are just more computer literate these days. Exploits which take
advantage of gaps in browser security to install code hidden in the
background of a webpage have also become less common as those holes are
patched up—but programs which embed within Web browsers still pose a
threat, as the recent hullabaloo over a weakness in Java demonstrates.
Ferguson points to so-called "ransomware" as an example of a more
recent trend, where the computer is locked down and the hard drive
encrypted. All the user sees on the screen is that tells them that their
local law enforcement authority (so, in the UK, often the Metropolitan
Police) has detected something like child pornography or pirated
software on their PC, and if they want to unlock it they'll have to send
money to a certain bank account. No payment, no getting your hard drive
back.
Amazingly, if you pay that "fine," then you will actually get your
information back, says Ferguson. "But you've labeled yourself as an easy
mark, and there's no telling if they haven't left behind a backdoor
which will let them come back and try again," he says. Child pornography
and pirated software have been in the news a lot over the past few
years, for obvious reasons, and that kind of thing directly influences
the thinking of hackers and programmers.
Taking the time to adapt these tools to recent trends can be very lucrative. DNSChanger,
a popular trojan from 2007 to 2011, would infect a machine and change
its DNS settings. When the user went to a webpage with ads on it, that
traffic would give affiliate revenue to the scammers. One prominent
DNSChanger ring (Rove Digital)
was busted in Estonia in 2011—the FBI had been tracking them for six
years, and during that time it was estimated that they'd earned around
$14 million from this little trick. It also meant that the FBI was left
with some critical Web infrastructure on its hands—those infected
machines (which included machines at major organizations) could only
access the Web through those Rove Digital servers. Months were spent
trying to get people to check their computers for infection and ensuring that when those Estonian servers were shut off, it didn't take down, say, a bank.
The most recent trends in cybercrime, though, are very much focused
on mobile—particularly Android, Ferguson explains: "We've seen so far
175,000 malicious threats for Android, and we expect that to be a
quarter of a million by next year. Those threats come from malicious
apps—if you want to stay safe, stick to official channels like Google
Play, don't just download from any site. Similarly, there aren't any
malicious iOS apps in the wild, on the App Store, but that only applies
to iPhones aren't jailbroken—downloading from other places puts your
phone at risk."
These threats aren't going away, either. In fact, according to
Ferguson, "prices are going down" across the Russian underground: "Let's
not pretend that these people aren't taking advantage of technology
just like normal businesses—improvements in technology are getting
faster, and there are things like cloud services which they also use.
The bad guys are using technologies to drive down costs in the same way
businesses are."
Ferguson cites the recent case of
someone claiming to have bought the personal information of 1.1 million
Facebook users for only $5 (£3.19) as further evidence of the growing
problem of online information leaking into the hands of these cybercrime
communities. Hackers and other cybercriminals make it their job to
analyze security measures and find ways around them, because that
information is where the value lies.
While hackers and other cyber criminals can save by buying in bulk,
the cost to the individual (or the business) that falls victim to one of
these techniques is potentially much higher. So, be vigilant, OK? Here's some of what you can buy on the Russian underground:
Basic crypter (for inserting rogue code into a benign file): $10-30
SOCKS bot (to get around firewalls): $100
Hiring a DDoS attack: $30-70 for a day, $1,200 for a month
Email spam: $10 per one million e-mails
Expensive email spam (using a customer database): $50-500 per one million e-mails
SMS spam: $3-150 per 100-100,000 messages
Bots for a botnet: $200 for 2,000 bots
DDoS botnet: $700
ZeuS source code: $200-$500
Windows rootkit (for installing malicious drivers): $292
Hacking a Facebook or Twitter account: $130
Hacking a Gmail account: $162
Hacking a corporate mailbox: $500)
Scans of legitimate passports: $5 each
Winlocker ransomware: $10-20
Unintelligent exploit bundle: $25
Intelligent exploit bundle: $10-3,000
Traffic: $7-15 per 1,000 visitors for the most valuable traffic (from the US and EU)
No comments:
Post a Comment