Organized Cybercrime
Simple Nomad
nomad mobile research centre
“With just a few keystrokes, cybercriminals around the world
can disrupt our economy.” - Ralph Basham, Director of the
U.S. Secret Service at RSA 2005.
“With just a few keystrokes, pundits can disrupt our freedoms.”
- Daaih Liuh, NMRC, 2005
“With just a few keystrokes, I can turn those pundits off and
watch porn instead.” – jrandom, NMRC, 2005
Outline
•
•
•
•
The Players
The Weapons
Precision Tactics
Examples
The Players
The Players
•
•
•
•
•
•
Former Soviet Military
Russian Mafia
Professional Hackers
Spammers
Traditional Mafia
Basic Cybercrime
Organizations
Former Soviet Military
• Military industrial complex in Soviet Russia was
even more corrupt than their USA counterparts
• With the collapse of communism, many upper
military personnel in Russia had few skills that
paid well
– Good at money laundering
– Good at moving goods across borders
– Connections with international crime
Russian Mafia
Sergei Mikhailov, head of the Moscow-based Solntsevskaya
Organization, with 5000+ members worldwide. Starting with
extortion, counterfeiting, drug trafficking, and blackmail, his
own organization eventually graduated to arms dealing, money
laundering, and infiltration of government and legitimate
business. Mikhailov’s Solntsevskaya Organization owns
banks, casinos, car dealerships, and even an airport.
Solntsevskaya is believed to be behind many cyber-related
online crime ventures.
Russian Mafia
Dolgopruadnanskaya is the second-largest gang operating out
of Russia. They are considered ruthless and also are believed
to be behind numerous current cybercrime activities, in
addition to numerous other standard criminal ventures. They
are believed to be behind a rash of bank robberies conducted
over the Internet in 2001 against banks using vulnerable
Windows NT web servers.
Russian Mafia
• Cybercrime elements are considered “divisions”
– The actual hackers themselves are kept compartmentalized
• Due to protection from a corrupt Russian government,
most “big cases” do not net the big players, e.g.
Operation Firewall
• There are thousands of organized crime gangs operating
out of Russia, although most are not involved in
cybercrime.
• When new hacking talent is needed, they will force
hackers to work for them (or kill them and/or their
families)
Professional Hackers
• Paid per the job, usually flat rates
• State-side hackers can earn up to $200K a year
• The work is usually writing tools for others to
use, developing/finding new exploits, and coding
up malware
• Occasionally they will do a black bag job, but
these are rare, unless they are simply looking for
“loot” on easy targets
Spammers
• They earn millions per year selling their direct
mail services
• They are not picky and do not consider the
person doing the selling is committing fraud,
including the Russia Mafia
• After years of jumping from ISP to ISP, it is much
easier to lease “capacity” from hacker botnets or
develop their own
• They are the main employer of professional
hackers
Traditional Mafia
• They are currently leaving most of the “work” to
others
• Online ventures are sticking close to such things
as pr0n, online gambling, etc
• They are taking advantage of technology, using
computers heavily, and using reliable encryption
Basic Cybercrime Organizations
• Fluid and change members frequently
• Will form and disband on a “per project” basis
• Rife with amateurs, take a lot of risk considering
the small payoffs
• Although the most troublesome, they are
considered the bottom feeders
– Think criminal script kiddies
– This is usually who the Feds get, not the big guys
The Weapons
The Weapons
• Botnets
– Average size is 5000 computers, some have been as large as
500,000 computers
– New command and control software allows botnet capacity
leasing of subsections of the botnet
• Phishing
– You guys *do* know what phishing is, right?
• Targeted Viruses
– Used to create quick one-time-use botnets
– Also used when specifically targeting a single site or
organization
• The usual Internet attack tools
– Metasploit, etc
Precision Tactics
Precision Tactics - Hotel
• Hacking the PC in the hotel room
– Can do remote
– Will check into the same hotel as target if need be
– Will resort to wiretaps, closed circuit video cameras, and other
physical penetration attempts
• Known times when the target is out of the room are
especially dangerous
– Speakers and trainers are especially vulnerable, since they have
to be in their talks, other do not
• Law enforcement regularly bugs hotel rooms at security
conferences
– Hotels (especially Vegas, Atlantic City) will comply to avoid LE
looking at their computers
• Organized crime outfits *do* attend conferences
Precision Tactics – Office
• Posing as regular office personnel
• Planting network-based or hardware-based
sniffing devices
• Conventional listening devices (bugs) are not
uncommon
Precision Tactics – Infiltration
• Will pose as script kiddies, and “gain skills” fairly quickly,
rising in status in various IRC channels
• Will join and form hacking groups
• Will direct attacks for the group to perform, usually
directing blame toward the kiddies rather than
themselves
• This is not a new technique – it is in use today by some
governments, most notably French Intelligence
Examples
Examples – Internet Black Market
Pricing Guide
• Exploit code for known flaw - $100-$500 if no exploit
code exists
– Price drops to $0 after exploit code is “public”
• Exploit code for unknown flaw - $1000-$5000
– Buyers include iDefense, Russian Mafia, Chinese and French
governments, etc
• List of 5000 IP addresses of computers infected with
spyware/trojan for remote control - $150-$500
• List of 1000 working credit card numbers - $500-$5000
– Price has increased since Operation Firewall
• Annual salary of a top-end skilled black hat hacker
working for spammers - $100K-$200K
Q&A
Fin
Images © 2005 NMRC
www.nmrc.org