The A to Z of cyber crime

The profile of the hacker has changed dramatically since their first appearance on the consumer internet radar 20 or so years ago and, with it, so has the nature of their crime. Whereas online attacks were anarchic attempts to undermine the system, what we've seen these days is that now cyber crime is about ID theft, fraud and trying to take as much money from users as possible. The only real difference between virtual attacks now is the tools of the trade - a mouse instead of a gun. So, for a quick tour of what else has changed and exactly how it works, here's the Pocket-lint A to Z of cyber crime.

A - Albert Gonzales

Gonzales is an American born hacker of Cuban parents currently awaiting sentences for his crimes of credit card theft and subsequent resale of over 170 million card and ATM numbers from 2005 through 2007. He was busted by the US Secret Service as part of a cyber crime forum called the ShadowCrew - a 4000 strong community of online hackers, thieves and fraudsters. Albert agreed to cooperate with authorities to avoid jail but at the same time started up his old ways again by getting a list of the Fortune 500 retail companies and hacking into their systems for their customer databases. He was eventually caught for a second time and arrested at his Miami condo along with $1.6m million, a blue 2006 BMW, his laptop and a Glock 27 pistol.

B - Botnet

A botnet is a network of what are often referred to as zombie computers which have been compromised by malicious code and are used to hack other systems on the Internet. They provide both anonymity to the cyber criminals operating them, known as the bot-herder or bot-master, and huge amounts of resources sometimes with around 10,000 nodes or machines each. Typically, computers become part of them through phishing schemes after which the code will run as quietly as possible to avoid detection. It's been estimated that up to 25% of the world's computers are part of one.

C - CVV2

CVV2 is hacker code for credit cards as named after the security code by the magnetic strip. They're a sought after commodity in the cyber criminal world but sold in batches of around 10 for $10, they're still relatively cheap as many are inactive and it's also quite hard to extract money from them without setting off all sorts of fraud systems unless you happen to be in the same country as the victim.

D - Denial of Service

A DoS is designed to stop websites or computer systems from functioning properly by overloading them with requests to either slow them down or forcing them to be reset. Typically, a botnet will be used to bombard the victim server from all angles simultaneously. The technique is most often employed for reasons of anarchy but it's also common for blackmailing and extorting money from banks and credit companies.

E - Ehud Tennenbaum

Nicknamed The Analyzer, Ehud Tennenbaum is an Israeli hacker known for his technical skill. In 1998, at just 19, he was caught by the FBI after a series of hacks in NASA, the Pentagon and the Knesset in what the then-US Deputy defence secretary, John Hamre, called "the most organized and systematic attack on US military defence to date". Initially, the attack was thought to be the Iraqi government in an act of war and after permission from the US president, Operation Solar Sunrise was kicked into action which sent the full weight of all the US agencies after the perpetrators. The attack was eventually traced back to Tennebaum and two California teenagers.

Rather than agree extradition, the Israeli government insisted they would punish Tennebaum. He received 6 months community service and a well paid job in the Israeli Secret Service. Sadly, Tennebaum slipped back into his old ways and was arrested in 2008 by Canadian police for credit card fraud. He'd been pulling entire bank databases from their websites using sql injection for years and was only caught after getting complacent and withdrawing the money himself from ATM machines with video cameras and operating from a hotmail account that was registered to his real name.


F - Full

A Full is the hacker term for a complete identity or full personal profile. These are prized very highly as unlike CVV2s they cannot be cancelled and can be used for multiple fraudulent purposes, including opening accounts to launder money through. A full consists of full name, date of birth, home address, e-mail, mother's maiden name, phone numbers and government ID.

G - Guzman

Onel de Guzman is the man who admitted to the unleashing of the infamous ILOVEYOU virus of May 2000. He has never claimed to be the architect but has said that he unwittingly released it by creating the backdoor trojan to the worm that allowed it to work. The code itself was a worm sent as a LOVE-LETTER-FOR-YOU.TXT.vbs attachment to an e-mail with the subject line ILOVEYOU. Once opened, the attachment replaced all multimedia files with copies of itself and sent out the ILOVEYOU mail to everyone on the infected user's address book. The malware propagated incredibly quickly because of both its clever and social engineering. It came from a trusted source and was about a subject which everyone wanted to read.

After bringing down thousands of system all over the world - including the British Parliament's network, the CIA and the Pentagon - the worm was finally brought to a halt when a 25-year-old Thai software engineer by the name of Narinnat Suksawat wrote a program called "Rational Killer" which deleted the malware and undid all its work. Suksawat was given a job by Sun Microsystems 2 months later as a senior consultant.

H - Hackers

Although traditionally associated with techie malcontents sticking two fingers up at the world from their basement, hackers have very much changed profile. Organised gangs and traditional criminals are at the heart of cyber attacks and although the tools of the trade have changed the game and the attitudes of the players are very much the same. The motives behind the attacks are almost entirely financial with the aims to defraud and steal identifications. The authorities have suggested that much of the money is to fund drug dealing although in practice it's very hard to tell. If there was any doubt about the serious nature of this underworld business, then a string of kidnappings of the relatives of hacking informants made it very clear when they started a few years back.

I - IRC

IRC channels are an old and empirical form of online instant message chat most often used in internet forums. Many IM clients these days can also support IRC. Among other uses, IRC is a common way of communication for hacker forums such as the ShadowCrew and is the main form of interaction for the cyber criminal underworld of highly specialised operatives. It is often also used as a way for the hackers to communicate with nodes on botnets.

J - Justice

Because of both its international nature and its lack of precedents, the law and those who enforce it have had a serious battle in successfully prosecuting cyber criminals. It's very difficult for some countries to agree extradition and sentencing has been hard to judge. Hidden funds and wild guesses about the damage caused by a malware attack have made this even more difficult. Many of international laws on the matter are finally being homogenised but two of the first reasons a hacker will give for committing their crimes is that it's hard to get caught and the sentencing is light.

K - Key stroke logging

This is a classic way to get information from an infected computer. Certain pieces of malicious code installed on your computer will send back real time .txt files of every key that you press on your keyboard. They can also provide screen grabs too. Much of the data is, of course, nonsense but it's not difficult to extract personal and financial details every time you make a purchase online or access your bank accounts.

L - Laundering

Money laundering is probably the toughest problem facing cyber criminals. With so many automatic fraud systems, it's very hard to use stolen credit or account information to actually get the money out of the system. Mules are needed for the practice in the country from where the stolen information originates. Most mules have enough knowledge of what's going on with the proviso that they can keep a certain percentage of the money on the understanding that they'll take the full wrap if caught. Some are also tricked into it with too good to be true type job advertisements you'll see in the papers and online.

M - McColo

McColo was a San Jose based web hosting company until it was closed down in 2008. It offered substantial protection to its clients and was responsible for huge amounts of the world's spam as a haven for hackers and botnets. When it was finally forced to close, there was an overnight 7% drop in spam world wide.

N - Norton

Like it or not, Symantech provides what is currently the top internet security suite available. In independent testing it dealt with 100% of the threats thrown at it where all of its rivals let some slip through the net. There are also good free anti-virus options but at the time of writing, Norton is the top with claims from Symantech that it is also one of the lightest solutions out there too.

O - Operation Phish Fry

In a recent effort to shut down a particularly prevalent spamming network the Secret Service, FBI and Egyptian local forces worked together in what was nicely called Operation Phish Fry. Over 100 people were arrested with half of them sending out the attacks from Egypt and the other half in California both trying to draw money from the harvested account information.

P - Phishing

Fishing is one type of cyber crime attack rather than straight malware. It's most usually done via e-mail often pretending to be your bank or any other kind of online service to trick you into clicking onto a bogus link and take you to a site that spoofs the bona fide version to the one you're used to. The person is then tricked into entering their account details which are then registered remotely by the hacker. There's also a very good chance that you'll have downloaded some malware, typically a key stroke logger, from visiting the site in the first place. An easy way to avoid these is by carefully reading the URL before you click on it. Many look very like the ones they are supposed to be except with a small spelling difference.

Q - Quorum

Quorum is the reputation system used specifically by Symantech in the anti-virus products. Reputation profiling exists in all good security products and is a way to predict whether an application attempting to run on your machine is malicious or not. It looks at features of how old it is, its prevalence across the Internet and other metadata to detect its true motive without having to have seen it before. It's the only current way of recognising brand new attacks before the malware is black-listed and all the software can be patched and updated.

R - Rogue anti-virus

The biggest new vector in cyber crime attacks is the rogue AV. They started coming to the forefront in 2006 and are fake anti-virus and security programs that people actually buy and install themselves. They are often reskins of real AV programs done incredibly convincingly. Unwitting users pay for them online, thus giving money up front as well as their credit card and personal information, the program will almost certainly also install all sorts of malicious code and will be impossible to remove. It may also ask for money for updates and subscriptions. It's the gift that keeps on giving.

S - SQL Injection

This is a more complex method for the more technical hacker and is a way of probing for weaknesses in a website. Skilled operatives can test the front end of an online service until they find the way into the back and the information behind it. Once inside, the hacker can pull the entire database in one go. Fantastic if it happens to be a bank or popular online retailer.

T - Toolkits

You really don't have to know much to be a hacker any more and there are even a whole bunch of toolkits you can buy from specialist developers that will do all the work for you. Software with names like Icepack, Firepack and Neosplit will cycle through thousands of different attacks so that when a user is tricked into navigating to your site where the program is hosted, it can eventually find a weakness. Naturally, software piracy is as big an issue in the underworld as it is everywhere, so these days the packs are free but with money charged for premium support and services.

U - Ukraine

Many of the cyber criminal underworld and particularly the organised crime section of it have originated in Eastern Europe. It's slowly becoming less difficult to gain extradition orders for hackers over there, but in the Ukraine there's actually a law saying that MPs and anyone who has ever been one is immune from extradition. One particularly enterprising hacker has managed to get himself elected and is now entirely bullet proof.

V - Virus

This is the old word for computer attacks until they became more sophisticated. A virus is something that doesn't require any human help to work apart from unwrapping them in the first place. They are executable files that will arrive on your machine often via e-mail or by navigating to a certain website. They can still be stopped by you AV system when they try to execute and will often cause serious damage to your system if they manage to attack. Worms, trojans and all the traditional types of malware are computer viruses.

W - War Drive

A war drive is the method non-technical hackers like Albert Gonzales can use to break into computer systems. In Gonzales' case, it was simply a question of getting his laptop within range of wireless networks until he'd find what was unsecure. Naturally, they're relatively few and far between, but once inside the hacker has complete and easy access to all the information they need.

X - XXX websites

5 or 10 years ago, one easy way to greatly reduce your chances of picking up any malicious codes was to avoid porn websites. They often contained adware and were merely just fronts for uploading as much nonsense to your machines as possible while also delivering very little of what the user actually came there for. These days it's not much more the case than any other kind of site. All sorts of websites are compromised these days and, in fact, the more reputable the page, the better the chance of passing on malicious code.

Y - You

Cyber crime and malware isn't about attacking computers any more. It's about attacking you. The aim is to take your credentials and your identification so that they can extract your money and open accounts under your name. Ultimately, it doesn't matter how good an internet security suite you have running on your machine. If you habitually make bad choices online and start filling in your details where you shouldn't, then you will become a victim.

Z - Zango

Zango was a software company that provided users access to its partners' videos, games, tools and utilities in exchange for viewing targeted advertising placed on their computers. Much of this advertising contained malicious code for attacking the user and thus Zango was known to be an adware downloader. Its installation was complex in that the larger part of it was easy to remove but there were diffuse elements in other applications, such as the Zango Hotbar that became integrated into the web browser, that could not. These continued to supply Zango's shady affiliates the real estate to attack users. After years of litigation, the site was finally closed down in early 2009 apparently several million dollars in debt.





>