Hackers for hire July 17, 2008Posted by cyberpatrol in cybercrime, Cybercrime groups, Hacking.
add a comment
Dirty deeds done dirt cheap
Hackers are now professionals using white boards, pie charts and spouting words like ‘paradigm’, ‘cash cow’, and ‘model’.
A report from web security outfit called Finjan claims that the days of the lone hacker who steals and resells credit card numbers is a thing of the past.
Hacks for fame have been replaced by the concept of creating a business where you have frequent customers who buy your stolen product.
Finjan staff went under cover by pretending to be potential customers and found that cybercrime outfits have a structure much like the Mafia.
There is a ‘boss’ who is a business entrepreneur and doesn’t commit the crimes himself, with an ‘underboss’ who manages the operation. The number two sometimes provides the software tools. Then there are ‘campaign managers’ who lead their own attacks to steal data with their ‘affiliation networks’.
Stolen data is sold by ‘resellers’, similar to the Mafia’s ‘associates’. Since these individuals did not partake in the actual cybercrime, they know nothing about the original attacks.
Stolen credit cards and bank accounts are cheap while stolen healthcare-related information, login credentials for organisations, e-mail, and FTP accounts are more expensive.
Simon Fraser launches cyber crime research centre, aims to fight child porn with viruses July 9, 2008Posted by cyberpatrol in Anonymous, cybercrime, Cybercrime groups, cyberterrorism.
SURREY, B.C. — Cyber crime has a new enemy.
Simon Fraser University launched an International Cybercrime Research Centre on Tuesday, saying child pornography will be its first target with a type of “good virus” that scours systems with the tenacity of a chomping Pac Man character.
“In the same way that a bad virus works by infecting machines, by hunting for certain symbols, so a good virus can operate in much the same way,” said the centre’s new director, Robert Gordon. “Like Pac-Man, actually starting to destroy particular forms of imagery on the Internet.”
Gordon said they are already experimenting with the virus in some operating systems.
There are about 14 million pornography websites in operation today, and B.C. Labour Minister Iain Black pointed out it’s estimated there are about one million child abuse images contained inside those websites.
“I am very, very pleased the centre will be working to protect children,” Black told a crowd gathered at the Surrey, B.C., campus of the university.
Black announced provincial government support of $350,000 to help set up and operate the centre, as well as secure data and purchase lab equipment.
The B.C. government operates one of the largest Internet networks in North America, with 750,000 users.
While child pornography and identity theft are considered the most serious cyber crimes, the centre will also do research on criminal harassment through the Internet, money laundering, economic crimes and computer viruses.
Black compared the problem to the many-headed creature Hydra in Greek mythology.
“Each time you chop one (head) off another one appears. It happens in this case because the profits for criminals are absolutely enormous,” he said.
Black quoted a recent Canadian survey that found more Canadians believe they’re likely to be victims of Internet crime than they would be victims of crime on the street.
Many people ignore or delete requests for money, their bank account information or credit card numbers, but the mass quantities of illegal requests going out means that some people do send information to criminals.
Gordon believes that getting the word out about these scams will be a key priority for the centre.
“It’s the same old confidence trickery that’s been going around for about 500 years, but it’s just in this new mode,” he explained.
Gordon said in the last few days he has received similar requests from criminals and simply deleted them.
He said the centre will also focus on crime detection and helping to prosecute those responsible, a difficult predicament when the person accused of committing the crime is likely in another country.
“That requires international agreements around investigations and such proceedings,” Gordon said.
Vancouver Police Insp. Kevin McQuiggan, of the forensic services section, said the centre is an excellent way to collaborate on these types of crimes.
“I think it goes beyond the police, and that police and industry and academia all have to work together to address the problem.”
The centre will also investigate crime trends and help establish new tools to counter constantly changing Internet crimes.
Cyber sleuths operate in the digital realm Computer crime unit has paid dividends, local police say June 29, 2008Posted by cyberpatrol in Cybercrime groups.
add a comment
The Eagle Tribune, 29 June 2008
By Jim Patten
From the comfort of his North Andover home, Richard Disler trolled the Internet chat rooms, trying to hook up with underage girls.
That’s where the 43-year-old accountant met a girl named “Sara.” They began chatting online, and she eventually suggested a place where they could meet.
But Disler was arrested before the meeting occurred. That’s when he learned that “Sara” was actually Medford police Lt. John J. McLean, commander of the North East Massachusetts Law Enforcement Council’s Computer Crime Unit.
The Computer Crime Unit was also called in several years ago when a Vermont man traveled to Haverhill to have sex with an underage local girl he had met online. While in Haverhill, the man took nude pictures of the girl. He was caught by police, and the Computer Crime Unit retrieved the pictures from his laptop.
Haverhill Detective Capt. Alan Ratte said as criminals become more adept with their use of technology, the Computer Crime Unit’s expertise is critical to local police departments.
“I think the value of the unit speaks for itself,” he said.
North Andover police Detective Lt. Paul Gallagher agreed, calling the unit an “invaluable asset” to local police.
NEMLEC and its various specialized units serve 48 police departments and two sheriff’s departments in Essex and Middlesex counties. Formed in 2001, the seven-member Computer Crime Unit has investigated 800 cases, averaging between 135 and 200 a year, McLean said. It is based out of Medford and Peabody.
“Seventy-four percent of our case load is child exploitation,” he said. The rest are financial crimes, fraud, threats, and other crimes.
Officers assigned to the unit are drawn from various Massachusetts police departments. They must have good computer and investigative skills, and are sent to a series of training courses to become certified.
Computer crime investigations involve both forensic work and cyber investigations.
In forensic work, investigators examine the contents of computers that have been seized, and contact internet service providers to determine what information the user had on the computer, McLean said. Cyber investigations involve actual online work, tracking offenders and making undercover approaches to them, as in the Disler case.
Since the formation of NEMLEC’s Computer Crime Unit, there has been an explosion in technology and its uses, McLean said. Now the unit is getting involved in homicides, rapes, and other crimes because of what criminals are putting online or sending via their cell phones.
“The days of old where we just did kiddie porn and electronic crime are long gone,” he said.
Middlesex County Deputy Sheriff Tim McGibbon, a three-year veteran of the unit, says the effort is definitely worthwhile.
“More and more search warrants are including standard language to grab computers, cell phones, and PDAs,” he said. “Everybody knows everything is stored on computers.”
For all of their hard work, McLean said, he is concerned about the future of the Computer Crime Unit because it doesn’t have a steady source of funding.
“Without sustained funding, I don’t know what the future holds,” he said.
McLean said the unit depends on contributions from NEMLEC member communities and corporate donations for support. He said the costs for hardware, software, training and upgrades can reach about $75,000 a year, and that does not include the salaries of unit members, which are paid by their respective departments.
“That is a reasonable figure, but on the low end for the size of the unit and the number of jurisdictions we cover,” he said.
FIRST Moves to bring cyber crime fighters together June 24, 2008Posted by cyberpatrol in Cybercrime groups.
add a comment
VANCOUVER, CANADA, A new initiative to ease tensions between law enforcers and internet security experts was launched here today at the 20th annual conference of FIRST, the Forum of Incident Response and Security Teams.
During a session which heard warnings that the war against cyber crime was in danger of being lost, members were told that computer emergency response teams from the finance industry were moving to find an answer to one of security experts’ key complaints: that national law enforcement agencies refuse to investigate cyber criminals when the value of their thefts is below a certain threshold.
Foy Shiver [FOY SHIVER] Deputy Secretary-General of the Anti-Phishing Working Group, announced that a forum was being established which would allow different teams to pool and analyse intelligence from individual attacks that so disparate crimes by the same criminal gangs could be aggregated and presented to law enforcers in a single body of evidence.
Mr Shiver said: “There are issues like privacy which will need to be sorted out, but we’re confident we can resolve them”
Delegates had complained that, particularly in commercial enterprises, it was hard to sustain a business case for security teams if law enforcers failed to follow up evidence – one said that in his territory, police wouldn’t investigate a cyber crime that had a haul of less than $50,000.
FIRST’s law enforcement special interest group decided to launch a website to provide both sides with useful and instructional materials.
Opening the session, Chris Painter [PAINTER], of the US Department of Justice, who chairs the G8 High Tech Crime Group, said that Internet crime gangs were increasingly more organised, and often masterminded their operations simultaneously in different countries.
John Pignataro, [PIGNATARO] director of Security Incident Response Team Investigations at Citigroup reported that the number of new phishing sites encountered by his bank had quadrupled in five years from 15 each week to nearer 60, and Tom Mullen [MULLEN], Head of Investigations for BT, the British telecommunications giant, revealed a 35 per cent per annum increase in reported incidents over four years.
Levi Gundert [LEVI GUNDERT], who moved from working for the US Secret Service in Los Angeles to join Team Cymru, the Internet security research firm, called for collaboration between law enforcers and security teams to be more structured, and for the two sides to teach and help each other.
“I thought things were bad when I worked for the Secret Service,” he said. “But now I am at Team Cymru I understand how bad it really is. We are losing the war against cyber crime badly.
“There is frustration on both sides – on the law enforcers’ side, about lack of resources and perceived lack of results, and about information overload, and on the security teams’ side, about the information they supply seeming to go into a black hole and the law enforcers not appearing to respond.”
Two speakers from the host country – Robert Pitcher of the Canadian Cyber Crime Incident Response Centre, and Dan Howard of the RCMP Integrated Technological Crime Unit – described how collaboration was achieved in Canada.
More than 400 delegates are attending the FIRST conference. Founded in 1990, FIRST is a non-profit body which consists of internet emergency response teams from 194 corporations, government bodies, universities and other institutions from across the Americas, Asia, Europe and Oceania. It leads the world’s fight-back against cyber-crime, sabotage and terrorism, and promotes co-operation between IERT’s and law enforcement agencies.
- Contact Information
- Frank Wintle
- Communications Officer
- +44 7850 102194