Slashdot Mirror

← Back to Stories (view on slashdot.org)

Largest Hacking Scam in Canadian History

Posted by CmdrTaco on from the stole-all-the-maple-syrup dept.

vieux schnock writes "Police raided several homes across Quebec on Wednesday and arrested 16 people in their investigation, which they say uncovered the largest hacking scam in Canadian history. (...) The hackers collaborated online to attack and take control of as many as one million computers around the world that were not equipped with anti-virus software or firewalls."

6 of 211 comments (clear)

  1. Re:Really? by TheRealMindChild · · Score: 4, Informative

    It doesn't even really matter at this point. Let's be honest... the average computer user doesn't know the difference between U2-Somesong.mp3 and U2-SomeSong.exe. It doesn't take much to write an application that would be able to run in a restricted user account... just connect outbound on port 80 for coordination, and for payload delivery. The code would be simple enough that you could change the binary significantly enough that the fingerprinting that virus scanners use are practically worthless.

    That doesn't even address the vector of replacing the setup.exe (or equivalent) on, say, an Office 2003 cd posted on thepiratebay. Obviously, the install has to run as admin, so you pretty much know, you are a shoe in for a compromised machine for anyone who tries to install it. And again, it would be such a trivial, simple application, that you could change the attacking binary pretty much at will.

    --

    "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
  2. Haha by ViralInfection · · Score: 5, Informative

    From the ages of 17-26.

    Wouldn't you say the RCMP is just hunting down script kiddies?

    1. Re:Haha by necro2607 · · Score: 3, Informative

      You're joking, right? Younger people not only have more free time to pursue the motivation to hack & crack, but also tend to have more drive to do so, and less ethical reservations about doing so. You know how a lot of techie guys say "yeah, I used to be into that, but i grew out of it", well, that's generally the case with the vast majority of "hacker types" with malicious intent, except that a fair number of them actually pursue those motivations to a much further extent than others.

      I used to hang out in chat rooms with guys who were developing their own exploits in C on netBSD machines they set up on their own, etc. etc.. (mid to late 90s).. They were all in their late teens, average of around 17 or 18 years old, no joke. There were a couple guys in college who were 20 or 21 or so, but really, the teens and early 20s is pretty much the prime time to delve into 'questionable' types of endeavours in the high-tech realm.

      Oh, by the way, for a little personal anecdote, I cracked/hacked/obtained/whatever the admin password for our Mac lab in my elementary school when I was 9 years old, in grade 3 or 4 (and got banned from the lab for a while of course). Then again, I used utils I found on the net (a keylogger IIRC), but I still think that required a lot more knowledge and investigation than most 9 year olds are willing to pursue. Actually, I created a custom HyperCard stack that let me execute any program I had on a floppy disk - it just had to match the same type/creator code as any of the programs that were available in At Ease. That's pure hack-mindedness at work, and no outside help was consulted. ;)

  3. Re:That summary needs fixing. by VorpalEdge · · Score: 2, Informative

    Common sense? Really? Most people, when they buy their first computer, expect it to "just work." They expect everything to be fine as it is, and for the patches (if they've ever heard of them) to be nice, but unnecessary.

    After all, what they were sold is good enough, right? They didn't exactly buy the "turn your computer into a botnet zombie" feature (bad jokes featuring MS aside). They still expect companies to have integrity, and to make products that actually work, and that don't explode when you turn around. Common sense in this situation would be "companies can't ship products with security holes, they'd get sued!"

    And yeah, I am aware that the parent is probably joking, but someone modded it insightful. :(

  4. Re:Really? by CarpetShark · · Score: 3, Informative

    That doesn't even address the vector of replacing the setup.exe (or equivalent) on, say, an Office 2003 cd posted on thepiratebay.


    Why stop there? Most of the Windows OS torrents are slipstreamed. There's no reason to assume they didn't slipstream a few viruses, bots, and backdoors in there too.
  5. Re:Really? by Anonymous Coward · · Score: 3, Informative

    There's a web of trust on the piratebay with trusted uploaders. Installing an OS or running a keygen from a newbie uploader is virtually guaranteeing you to get a trojan downloader. I've been playing around with a few of the torrents from the piratebay and installing them on a separate vlan at home. It's very enlightening watching all the network traffic when the compromised OS calls home. I am pretty sure this is one of the primary "seeding" vectors for the nu-war storm network. I weekly find new morphed storm clients using these trojan downloaders and I always submit them to virustotal.com.

    Moral of the story: Only trrrrust the pirates with the green skull. Arrrr.