mailing list archives
As Cyber Crime Matures, More Hacked Accounts Expected
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 3 Feb 2014 18:52:08 -0700
Last week's arrest of Russian bank hacker extraordinaire Aleksander
"SpyEye" Panin doesn't mean online bank accounts are suddenly safer. Not
that anyone thought they were. Bank fraud is here to stay and the guys
behind it -- many of them Russsian -- are multiplying and becoming more savvy.
Panin, known as Gribodemon in the underground "darknet" where trading in
malware happens like fruit and veggies in a framer's market, was picked up
by FBI agents while vacationing in the Dominican Republic. He pleaded
guilty last week to a single count to commit bank fraud and wire fraud.
Right around Thanksgiving, nearly 100 million Target account customers had
their privacy rights tampered in the most public data breach of the year.
"These are no longer isolated incidents," says Nart Villeneueve, a senior
malware researcher at FireEye in California. "We pay attention to the big
breaches like Target, but on a smile scale this type of cyber crime is
happening to everyone every day. It is becoming all too common. And in the
underground forums where criminal hackers congregate, there is always new
malware coming to market."
And it is designed to attack a computer or a device near you.
Last year, in one of his year-ending predictions on what will transpire in
cyber space this year, Kaspersky Lab CEO Eugene Kaspersky said there was a
chance for cyber crime and high level cyber espionage to become so severe
that the web could breakup into little zones. That would mean Russians
wouldn't be able to access the U.S. internet, and vice versa.
Then again, to an experienced malware writer, or a computer genius with mal
intent, cyber walls are meant to be knocked down.
Last year, Russian cyber gang Karbart, a collection of malware writers who
created trojan files similar to Panin, was arrested by the KGB.
While cybercrime is certainly not exclusive to Russia, the rise of
cybercrime in the region was facilitated by the rise and fall of the Soviet
Union, as well as an abundance of highly skilled technical personnel,
coupled with limited lucrative employment opportunities, notes FireEye
researchers. Russia is teeming with networks of talented cybercriminals.
With little risk of prosecution, in Russia in particular, home grown
cybercrime networks continue to flourish.
FireEye, which builds devices for corporate and government computer
infrastructure designed to sift through dubious email attachments, says
these criminal networks are organized using an affiliate model known as
"partnerkas." Patnerkas rely on a series of dubious relationships that
allow cybercriminals to profit from all sorts of activities including spam,
rogue pharmacies, fake antivirus, clickfraud, and ransomware. In this
model, development and distribution are shared among multiple actors. The
partnerka supplies the product - whether malware binaries or
pharmaceuticals - and the affiliate members distribute them.
Patnerkas rely on payment processing capabilities, bulletproof hosting, and
underground marketplaces to carry out their operations.
The ability to process credit card payments through companies such as
Chronopay has allowed cybercriminals to operate online pharamacies, charge
for the installation of fake antivirus software, commit credit card fraud,
and support porn sites. Interestingly, there is a fair amount of crossover
between the adult website industry in Russia and cyber crime.
Cyber security firms and law enforcement like the FBI often infiltrate the
anonymous internet, where nearly all of the illicit communication between
hackers with criminal intent takes place.
Sometimes the law wins. Sometimes the cybercriminals win.
CarderPlanet was shut down in the mid-2000s. The Silk Road, which sold
everything from Viagra to vigilantes, was shut down last year.
"It does happen," says Villeneueve about infiltration of the hacker forums
in the so-called "dark net". But companies and individuals who have had
their data breached and their bank accounts emptied shouldn't count on the
law outnumbering the criminals. "There are so many cases vying for law
enforcement attention that you can't be everywhere all the time,"
Villeneueve says. "It takes a fair amount of effort to track these forums
down. You can't just join one. You have to be allowed in by people already
respected in the group before you can participate and learn who's who and
what they're selling."
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
sales () riskbasedsecurity com
Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus
on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
- As Cyber Crime Matures, More Hacked Accounts Expected Audrey McNeil (Feb 07)