Return of the Web Mob

Parore writes "eWeek is running a story about the return of the web mob, highlighting all the similiarities between the online attacks and the real-world mafia. From the article: "Black hat hackers have set up e-commerce sites offering private exploits capable of evading anti-virus scanners. An e-mail advertisement intercepted by researchers contained an offer to infect computers for use in botnets at $25 per 10,000 hijacked PCs. Skilled hackers in Eastern Europe, Asia and Latin America are selling zero-day exploits on Internet forums where moderators even test the validity of the code against anti-virus software."

Look at the Price!

[Spinlock_1977]

$25 to infect 10,000 pc's sure is cheap. If this guy can get only 25 bucks per 10,000, he must have competitors (read: there's a lot of people doing this), and it must be easy to do. These, of course, are not good signs.

However, it occurs to me that the best measure of Microsoft's success in security is the market price for 10,000 infections. For example, if Vista turns out to be an inpenatrible tank, we should see the price go up to 50 or 100 bucks, maybe more.

At the end of the day, until we all stop using the same operating system, we're doomed to a continual barrage of large-scale infections (remember the Irish potato famine?)

$25 for 10.000 computers

[SmallFurryCreature]

No wonder Bill Gates doesn't believe in the 100 dollar laptop. He is supplying the world with PC's that cost you a fraction of a cent.

Only kidding of course, well partially. How many botnets consist of linux or OS-X machines?

It does however show just how hopeless windows security is. Even criminals have costs so if they can make a profit after paying their hosting and electricity and hardware and man power with just 25 dollar per 10 thousand machines then the cost and labour of infecting a windows machine must truly be trivial.

Lets face it the mafia doesn't do it for penny profits. They are not supermarkets surviving on a 1 cent per sale profit. They want millions and they want them now.

How many times $25 does it take to intrest a mobster?

Frankly I don't think the problem is going to go away. The idea that MS is ever going to provide a secure OS is laughable and even if they did nothing helps against a dimwitted user who happily installs anything if it promises a nudie picture.

They only two easy solutions I see is to install a serious watchdog on the net. One who can kick off ISP's that host the mob AND users who let their PC's get infected.

Would that be workable? Even "respectable" western ISP's barely respond to complaints about attacks. We got a spam watchdog that already kicks of ISP off the email net when they misbehave and this just barely works. If the same was applied officially to the net as a whole entire parts of the world would be disconnected.

Perhaps it is just something we got to live with. The real live mafia never went away. Why should the net be any different. As long as their is money to made people will attempt to get it.

Oddly Appropriate Quotation

[pmike_bauer]

Considering the topic, the quotation at the bottom of the page is appropriate:

You can do more with a kind word and a gun than with just a kind word. -- Al Capone

AV software is akin to a kind word when it comes to combating the net mafia.

During the Wild West days when law enforcement was scarce, militias and posses were deputized to keep the peace. Today, police and government are stretched thin, so Congress should deputize 'white hats' to attack/track down virus writers. This has got to be better than the reactionary stuff we are legally permitted to use.

Re:People that matter don't care

[LordOfTheNoobs]

Maybe some administrators need to do what they did when there was no enforcement in the American old west. Take justice into their own hands. So you have the IP of a vulnerable bot that is assaulting your network? Nuke the SOB. If you must be friendly, leave a happy little "Your machine has been hijacked and when asked, your ISP was too busy to tell you. So I have conveniently and remotely removed all network drivers from your system."

Or, with a nod to the William Gibson, a little BLACK ICE to damage the foreign system beyond repair.

This is unrealistic I'm sure, illegal almost definately ( proactive self defense ? ). But damn would it be nice.

Re:Is anyone really surprised?

[glsunder]

anti-virus software is that it is 100% reactionary.

Thank the game companies for that. Isn't it just wonderful that anyone with kids has to give them admin rights just so the copy protection software can run on games?

If MS wanted to solve the problem they could, but they have to fight EA, UBIsoft, etc to get it done. Games are the lifeblood of windows in the home. Take them away and there's little reason for people to not use another OS, whether it be linux or mac. So, without another solution, MS isn't going to fix the problem, the general population isn't going to switch to another OS, and we're stuck with the status quo.

This will never happen

[Opportunist]

Holding Joe Sixpack responsible for his computer's actions? Doubt it.

Remember that he's the one that generates money for the ISPs. He's not downloading Terabytes of movies.
He is the one that buys the crappy "download accelerators" and other useless programs.
He is the one that uses online banking.
He is the one that buys at Amazon.com and EBay.

Let's face it, he is the one they shape the internet for! The 'net ain't our net anymore. Hasn't been for well over 10 years now.

Now imagine he's held responsible for what happens out of his box. He doesn't know jack about his PC. He doesn't know he has a zillion dialers, trojans, adbots and whatnot, from klicking EVERYTHING presented to him. He only knows that "the net" somehow "did this" to his PC.

What is he going to do? Learn how to use it? Or stop using it altogether?

Which one is more likely? And would the industry like that reaction?

So will he ever be held responsible?

But some are trying

[BenEnglishAtHome]

I've installed and run investigative workstations for my employer. It ain't easy. Our methodology is to set up workstations that are as bulletproof as we can make them (considering the places we're going to visit, that's a given) and then let specialists try to develop leads. We have procedures to allow non-LEO personnel do the initial legwork; they surf and chat and poke around, extensively logging everything. When something interesting pops up, they're free to dig deeper. Eventually, when they think they have enough information to write up a report, they do so and turn it over for review. If it's picked up for serious investigation, either on the criminal or civil side, it passes from their hands and they never really know what becomes of it. That's fine with me; the initial lead development is what's fun, anyway. I'm one of the few people I know who can say he's spent a great deal of time being paid by Uncle Sam to surf porn (and other unsavory stuff).

What bugs me are the amateurs. There's a certain nexus between the sleazy side of the porn world and financial crimes, so I've spent a bunch of time in places that, at first blush, might seem more titillating than profitable. You would not believe how many transparently fake attempts are made by local, often small-town cops to entice people into illegal behavior. By far, the most common problem is the "I'm a 12-year-old girl. Would you like to talk to me about sex?" thing. Yes, some of them are that crude. Apparently, there are a bunch of Barney Fifes out there who have convinced their bosses to set up an AOL account for them in a back room at the police station for the purpose of generating a few easy, cheap, and sensational arrests that'll get the name of the local DA in the paper before the next election.

I used to wish they'd just go away, but afaik perhaps they already have. I haven't worked in lead generation for several years so I haven't been in any of those places in quite a while.

Anybody have any recent experience with this? Are there still woefully clueless LEOs out there popping up at inappropriate places pretending to be hot-to-trot preteens? God, I hope not; they were a royal pain in the ass.

web mob or webmob?

[Wolfspelz]

I thought webmobs are like flashmobs, but on the web as they write in the webmobs manifesto http://www.webmobs.de/manifesto.html. There seem to be 2 different meanings of the same word.

Understanding the "real" mob

[argoff]

It is clear that the author of this article has absolutely no understanding of the real web "mob" (which isn't even called that BTW). This article is total BS and probably some kind of government set up.

For people who want to understand the "real" "mob", they need to understand the Underground Economy (UE). What they need to understand is business and commerce. 90% of UE transactions is just regular business trying to aviod taxes and regulations. They have an elaborate offshore finance network that can transfer money arround the world faster than governments can track it. Most of the money is gained thru (some) female services, hotels, casinos, people smuggeling, and (some) drugs, and the biggest one - tax free duty free trade - and not thru online hacking nor thru draining peoples bank accounts or even defrauding people. In fact, they try to distance themselves from these activities because they want return customers built on a trust relationship. Most fortune 500 companies have regular dealings in the UE.

It is highly factioned, and some people do try to blackmale, eg (give us money, or don't report us when we rob you or else such and such government will find out about your hidden transactions) - but this is mostly on a rogue individual level and not a large commercial level. In fact, when the FBI trackes these people down - it helps the UE, because it lowers their transaction costs and liabilities. Also, if they need access to secure systems, they don't need to hack into them. They have a lot of high level bank officers and government officials in their pockets. The real UE also hates terrorisim which in the last few years has increased their transaction costs several fold. The goal is to hide financial transactions from taxes, regulation, and rogue lawsuits, not to hide finances for terrorisim. Also most of the UE is split between drugs. Many try to distance themselves from the drug trade to avoid the higher costs of business, but the money is so big that it can't be ignored all together.

Another thing that most people don't understand is that the war on drugs and the financial part of the war on terrorisim is really just an excuse to wage war on the UE. When corporate money associates the UE with drug lords and terrorisim, then they tend to keep their money at home more where their respective governments can tax the living daylights out of them. Given the costs of the war on terror, the big welfare states of most governments, and really really bad fundamentals of the US dollar lately - this has become a high proiroty for the US government in recent times.

One more thing, the US dollar is in deep deep shit. The US economy can't pay off it's debts without watering down the dollar (or default which they can't do because it will cause a cascading chain of defaults), but they cant water down the dollar without sparking a stagflation spiral. When it spirals out of controll it will cause hell in the US and every country in the world. Anyone who doesn't have precious metals is either stupid, poor, or going to be poor. It used to be that the dollar was the currency of choice for the UE, then when the dollar devalued the currency of choice became the Euro, now the currency of choice has been moving quickly torard Gold.