[SecurityRatty] tag: cybercrooks

Up next: Cellular botnets, cybermilitias

Fri, 17 Oct 2008 00:00:00 +0000

As cybercrime gets more organized and as more money is poured into malware development, it will be even harder to stop cybercrooks, according to the authors of a report on emerging cyberthreats.

FBI Announces They Operated and Closed the Dark Market Site

Wed, 15 Oct 2008 07:00:31 +0000

Something rings strange to me in these reports of the Feds having operated a forum and marketplace site for hackers, Dark Market. The article in Wired claims the Feds were tracking hacker’s movements and acquiring intelligence so they could perform a sting operation and catch the criminals. Then they closed the site and publicly announced their involvement with it:

The FBI almost certainly closed DarkMarket in preparation for a global wave of arrests that will unfold in the next month or so. The site was likely shuttered to avoid an Agatha Christie scenario in which a diminishing pool of cybercrooks are free to speculate about why they’re disappearing one-by-one like the hapless dinner guests in Ten Little Indians.

How on Earth does that make sense? If they close the market and announce their involvement, now they’ve given up their cover and surely all the hackers already know the FBI is on to them. They can simply move and restart their operations somewhere else.

Read the whole Wired article here.

DOJ Fingers Global Ring in Alleged Data Thefts

Mon, 11 Aug 2008 03:30:39 +0000

The cybercrooks who allegedly stole millions of credit and debit numbers from retailers belonged to a multinational group that used programming skills and wardriving techniques to break into corporate networks.

Symantec warns of new Word attack

Tue, 08 Jul 2008 09:00:00 +0000

Cybercrooks are actively taking advantage of what appears to be a previously undisclosed security flaw in Microsoft Word, according to an advisory issued by Symantec.

The best ways to protect your identity online

Mon, 09 Jun 2008 09:00:00 +0000

Here's how to protect yourself on social networking sites and other places where cybercrooks are searching for victims who may provide too much information.

New attack trend pushes POS encryption to the fore

Wed, 21 May 2008 20:00:00 +0000

The relatively scant attention that retailers have paid to securing their point-of-sale systems over the past few years is making the POS setups increasingly attractive targets for cybercrooks who are looking to steal payment card data.

Q&A: Schneier says cybercrime problem 'might not be fixable'

Tue, 22 Apr 2008 09:00:00 +0000

Bruce Schneier, CTO at managed security services vendor BT Counterpane, said in an interview that making things harder on cybercrooks may require actions that financial services firms won't like.

Hackers open new front in payment card data thefts

Wed, 16 Apr 2008 20:00:00 +0000

Security managers often describe their efforts to protect corporate data from being compromised as a full-fledged battle of wits against cybercrooks who are continually arming themselves with innovative tools and methods of attack.

Hackers Open New Front in Card Data Thefts

Mon, 14 Apr 2008 02:19:15 +0000

Recent thefts of credit and debit card data while it's in transit between systems are raising questions about whether the PCI security standards are fully equipping companies to fend off cybercrooks.

Localizing Cybercrime - Cultural Diversity on Demand

Thu, 21 Feb 2008 14:06:11 +0000

Cultural diversity on demand is something I anticipated as a future malware trend two years ago - "Localization as a concept will attract the coders’ attention" :

"By localization of malware, I mean social engineering attacks, use of spelling and grammar free native language catches, IP Geolocation, in both when it comes to future or current segmented attacks/reports on a national, or city level. We are already seeing localization of phishing and have been seeing it in spam for quite some time as well. The “best” phish attack to be achieved in that case would be, to timely respond on a nation-wide event/disaster in the most localized way as possible. If I were to also include intellectual property theft on such level, it would be too paranoid to mention, still relevant I think. Abusing the momentum and localizing the attack totarget specific users only, would improve its authenticity. For instance, I’ve come across harvested emails for sale segmented not only on cities in the country involved, but on specific industries as well, that could prove invaluable to a malicious attack, given today’s growth in more targeted attacks, compared to mass ones."

It's been happening ever since, and despite that it's already getting the attention of vendors, malware authors do not need to know any type of foreign language to spread malware, spam and phishing emails in the local language, they do what they're best at (coding, modifying publicly obtainable bots source code), and outsource the things they cannot do on their own - come up with a locally sound message which would leter on be used for localized malware, spam and phishing attacks, a tactic with a higher probability of success if there were to also request that spammers can segment the harvested email databases for better campaign targeting. The Release of Sage 3 - The Globalization of Malware :

"In this issue we look at the growing trend of localization in malware and threats. Cybercriminals are increasingly crafting attacks in multiple languages and are exploiting popular local applications to maximize their profits. Cybercrooks have become extremely deft at learning the nuances of the local regions and creating malware specific to each country. They're not just skilled at computer programming they're skilled at psychology and linguistics, too."

With all due respect, but I would have agreed with this simple logic only if I wasn't aware of translation services on demand for anything starting from malware to spam and phishing messages. We can in fact position them in a much more appropriate way, as "cultural diversity on demand" services, where local citizens knowingly or unknowingly localize messages to be later on abused by malicious parties. Malware authors aren't skilled at linguistics and would never be, mainly because they don't even have to build this capability on their own, instead outsource it to cultural diversity on demand translation services, ones that are knowingly translating content for malware, spam and phishing campaigns.

The perfect example would be MPack and IcePack's localization to Chinese, and yet another malware localized to Chinese, as these two kits are released by different Russian malware groups, but weren't translated by them to Chinese, instead, were localized by the Chinese themselves having access to the kits - a flattery for the kits' functionality, just like when a bestseller book gets translated in multiple languages. As for the socioeconomic stereotype of unemployed programmers coding malware, envision the reality by considering that sociocultural, rather than socioeconomic factors drive cybercrime, in between the high level of liquidity achieved of course.