This page contains a Flash digital edition of a book.
@InfosecurityMag


M


uch like the roots of organized crime over a century ago, the early 21st century has already seen


a signifi cant evolution in the tactics and capabilities of perpetrators in the online world who risk almost anything to make an illicit income. But unlike quasi-celebrity gun-toting gangsters, cyberattackers have proven to be stealthy, sophisticated and adaptable in the online cat-and-mouse game with law enforcement. Organized crime syndicates may have long arms, but there is still a geographical element to how they do business, whereas cybersecurity experts agree that the shadowy underground of cybercrime is borderless, porous and unfl inching in its objectives. According to Symantec’s ‘Norton Cybercrime Report 2011’, businesses and individuals lose $114 billion to cybercrime each year, with another $274 billion lost by companies trying to recover after an attack.


Internet Untouchables In tackling the problem on a global scale, Interpol is looking to streamline its response within its Global Complex for Innovation (ICGI), a new cyber R&D, training and forensics facility in Singapore. The new complex is slated to open in 2014 and will be part of the Interpol Singapore Center, although cybercrime monitoring will be round-the-clock with facilities in Lyon and Buenos Aires taking part as well. For its part, the FBI in the US has been active in pursuing cybercriminals within its borders, while also partnering with other law enforcement agencies on transnational cases. A major obstacle is that the most serious and egregious cyberattacks sometimes “fl y under the radar”, says Supervisory Special Agent James Harris of the FBI. “You might get a lot of press from a distributed denial-of-service (DDoS) attack, like a popular website going down, but the really professional underground attackers who do really good coding don’t get the same attention for some reason”, says Harris, who is also a Liaison Offi cer with the US Department of Homeland Security (DHS) and the US Computer Emergency Readiness


Team (US-CERT). “What gets a lot of visibility is often the amateurish stuff because it’s ‘sexy’ and fl ashy for the press, and it sounds exciting when people try to pull off an attack on some known entity.” Harris cites Operation Ghost Click as an example of a successful two-year investigation that virtually went unnoticed. The multi-jurisdictional operation dismantled a fraud ring that infected four million computers in 100 countries using malware called DNSChanger, which allowed hackers to control DNS servers. The six Estonian nationals charged in the sting were alleged to have used the compromised servers to lure unsuspecting users to fraudulent websites, in the process stealing personal and fi nancial information. Harris adds that they amassed $14 million in ill- gotten gains through the elaborate ring. “Even six months after we executed this order and notifi ed the public to check their computers if they were infected and get them fi xed, there were still 350,000 infected machines up to mid-April”, says Harris. Another recent operation, Wreaking


hAVoC, was a coordinated effort by the FBI and US Justice Department with Britain’s Serious Organised Crime Agency (SOCA) that led to the seizure of 36 websites called “Automatic Vending Carts”, which are essentially sites cyberattackers use to sell stolen credit card numbers. Cybercrime units in Australia, Germany, Ukraine, Macedonia, Romania and the Netherlands all participated in the operation by making a number of arrests and seizures. Who was behind these cybercrimes is not easy to distinguish in relative terms, Harris admits. While organized crime groups, particularly in Eastern Europe, have been known to engage in white-collar cybercrime, the perpetrators sometimes have no affi liation with any existing organization, either loose or established.


“In some cases they’re very organized groups, but other times they’re ad hoc in that they don’t even know each other in the real world”, he observes. “It’s an interesting phenomenon, but they all have developed these kinds of trust relationships in the black


market economy. You break your word on something – you’re out, and it’s hard to get close with them online to begin with.”


If You Can’t Beat Them… Thinking like cybercriminals is what Martin Voelk and his team at Cyber51 – a UK-based cybersecurity consultancy he co-founded – are hired to do by businesses of all types and sizes. With satellite offi ces in Germany, the US and “underground” associates in Argentina and Australia, Voelk says the company employs ethical hackers and IT experts with experience in both the private and public sectors.


Rather than go undercover and reach out to cybercriminals, Voelk says Cyber51’s job is to “put the hacker’s hat on” and do penetration tests at the behest of their clients, to probe for vulnerabilities that might be exploited for extortion purposes. “These guys are good at leaving no trace, so


fi nding the actual point of origin of an attack takes work, unless you’re dealing with an amateur”, Voelk contends. “What is known is that countries with really good broadband, like the US, Canada, the UK, Germany, Japan, among others, are used as relays. The attacks aren’t necessarily launched in those countries, but they’re used as relays because the broadband connections can do more damage by pushing malicious traffi c through.” He adds that clients are usually not proactive until after they’ve suffered a breach, while concerns over compliance with government regulations and audits is another key reason for the increased volume his fi rm has seen over the last few years. One victim that recently became a client was a British sports gambling site that was hit with a DDoS attack after it refused to pay a ransom. The attack crippled the site on a Saturday afternoon, which is peak time for the English Premier League, leading to considerable revenue losses that day. “We identifi ed the holes and helped them implement DDoS solutions in order to mitigate those threats in the future, but they also wanted to know more about how cyberattackers might think if they were to try again”, Voelk recalls.


www.infosecurity-magazine.com /// 29


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52