Return of the Web Mob
Parore writes "eWeek is running a story about the return of the web mob, highlighting all the similiarities between the online attacks and the real-world mafia. From the article: "Black hat hackers have set up e-commerce sites offering private exploits capable of evading anti-virus scanners. An e-mail advertisement intercepted by researchers contained an offer to infect computers for use in botnets at $25 per 10,000 hijacked PCs. Skilled hackers in Eastern Europe, Asia and Latin America are selling zero-day exploits on Internet forums where moderators even test the validity of the code against anti-virus software."
$25 to infect 10,000 pc's sure is cheap. If this guy can get only 25 bucks per 10,000, he must have competitors (read: there's a lot of people doing this), and it must be easy to do. These, of course, are not good signs.
However, it occurs to me that the best measure of Microsoft's success in security is the market price for 10,000 infections. For example, if Vista turns out to be an inpenatrible tank, we should see the price go up to 50 or 100 bucks, maybe more.
At the end of the day, until we all stop using the same operating system, we're doomed to a continual barrage of large-scale infections (remember the Irish potato famine?)
- The Kessel run is for nerf herders. I can circumnavigate the entire Central Finite Curve in a lot less than 12 parse
Only kidding of course, well partially. How many botnets consist of linux or OS-X machines?
It does however show just how hopeless windows security is. Even criminals have costs so if they can make a profit after paying their hosting and electricity and hardware and man power with just 25 dollar per 10 thousand machines then the cost and labour of infecting a windows machine must truly be trivial.
Lets face it the mafia doesn't do it for penny profits. They are not supermarkets surviving on a 1 cent per sale profit. They want millions and they want them now.
How many times $25 does it take to intrest a mobster?
Frankly I don't think the problem is going to go away. The idea that MS is ever going to provide a secure OS is laughable and even if they did nothing helps against a dimwitted user who happily installs anything if it promises a nudie picture.
They only two easy solutions I see is to install a serious watchdog on the net. One who can kick off ISP's that host the mob AND users who let their PC's get infected.
Would that be workable? Even "respectable" western ISP's barely respond to complaints about attacks. We got a spam watchdog that already kicks of ISP off the email net when they misbehave and this just barely works. If the same was applied officially to the net as a whole entire parts of the world would be disconnected.
Perhaps it is just something we got to live with. The real live mafia never went away. Why should the net be any different. As long as their is money to made people will attempt to get it.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
You can do more with a kind word and a gun than with just a kind word. -- Al Capone
AV software is akin to a kind word when it comes to combating the net mafia.
During the Wild West days when law enforcement was scarce, militias and posses were deputized to keep the peace. Today, police and government are stretched thin, so Congress should deputize 'white hats' to attack/track down virus writers. This has got to be better than the reactionary stuff we are legally permitted to use.
I read
Maybe some administrators need to do what they did when there was no enforcement in the American old west. Take justice into their own hands. So you have the IP of a vulnerable bot that is assaulting your network? Nuke the SOB. If you must be friendly, leave a happy little "Your machine has been hijacked and when asked, your ISP was too busy to tell you. So I have conveniently and remotely removed all network drivers from your system."
Or, with a nod to the William Gibson, a little BLACK ICE to damage the foreign system beyond repair.
This is unrealistic I'm sure, illegal almost definately ( proactive self defense ? ). But damn would it be nice.
They're there affecting their effect.
Holding Joe Sixpack responsible for his computer's actions? Doubt it.
Remember that he's the one that generates money for the ISPs. He's not downloading Terabytes of movies.
He is the one that buys the crappy "download accelerators" and other useless programs.
He is the one that uses online banking.
He is the one that buys at Amazon.com and EBay.
Let's face it, he is the one they shape the internet for! The 'net ain't our net anymore. Hasn't been for well over 10 years now.
Now imagine he's held responsible for what happens out of his box. He doesn't know jack about his PC. He doesn't know he has a zillion dialers, trojans, adbots and whatnot, from klicking EVERYTHING presented to him. He only knows that "the net" somehow "did this" to his PC.
What is he going to do? Learn how to use it? Or stop using it altogether?
Which one is more likely? And would the industry like that reaction?
So will he ever be held responsible?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I've installed and run investigative workstations for my employer. It ain't easy. Our methodology is to set up workstations that are as bulletproof as we can make them (considering the places we're going to visit, that's a given) and then let specialists try to develop leads. We have procedures to allow non-LEO personnel do the initial legwork; they surf and chat and poke around, extensively logging everything. When something interesting pops up, they're free to dig deeper. Eventually, when they think they have enough information to write up a report, they do so and turn it over for review. If it's picked up for serious investigation, either on the criminal or civil side, it passes from their hands and they never really know what becomes of it. That's fine with me; the initial lead development is what's fun, anyway. I'm one of the few people I know who can say he's spent a great deal of time being paid by Uncle Sam to surf porn (and other unsavory stuff).
What bugs me are the amateurs. There's a certain nexus between the sleazy side of the porn world and financial crimes, so I've spent a bunch of time in places that, at first blush, might seem more titillating than profitable. You would not believe how many transparently fake attempts are made by local, often small-town cops to entice people into illegal behavior. By far, the most common problem is the "I'm a 12-year-old girl. Would you like to talk to me about sex?" thing. Yes, some of them are that crude. Apparently, there are a bunch of Barney Fifes out there who have convinced their bosses to set up an AOL account for them in a back room at the police station for the purpose of generating a few easy, cheap, and sensational arrests that'll get the name of the local DA in the paper before the next election.
I used to wish they'd just go away, but afaik perhaps they already have. I haven't worked in lead generation for several years so I haven't been in any of those places in quite a while.
Anybody have any recent experience with this? Are there still woefully clueless LEOs out there popping up at inappropriate places pretending to be hot-to-trot preteens? God, I hope not; they were a royal pain in the ass.