Slashdot Mirror

← Back to Stories (view on slashdot.org)

Largest Hacking Scam in Canadian History

Posted by CmdrTaco on from the stole-all-the-maple-syrup dept.

vieux schnock writes "Police raided several homes across Quebec on Wednesday and arrested 16 people in their investigation, which they say uncovered the largest hacking scam in Canadian history. (...) The hackers collaborated online to attack and take control of as many as one million computers around the world that were not equipped with anti-virus software or firewalls."

18 of 211 comments (clear)

  1. Spot the key words by Silver+Sloth · · Score: 4, Insightful

    The hackers collaborated online to attack and take control of as many as one million computers around the world that were not equipped with anti-virus software or firewalls

    Police won't reveal what the information was used for but investigators estimate that the network profited by as much as $45 million. Hmm... as many as, as much as, or maybe they're inflating the figures to show what macho investigators they are.
    --
    init 11 - for when you need that edge.
    1. Re:Spot the key words by powerlord · · Score: 5, Insightful

      Nah, nothing so covert. Its simply that, "as many as", sounds a lot better than, "three computers we know about, but we really have no clue" or "we found 5 million deposited in their bank accounts in the last month, but the accounts have been open for nine months, so who knows how much money they could have collected previously".

      Alternatively they probably have a pretty good idea of the ranges involved, but hey, high numbers make a better press release.

      --
      This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
  2. Obligatory: by powerlord · · Score: 5, Funny

    Blame Canada! ... eh?

    --
    This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
  3. Re:Really? by Brian+Gordon · · Score: 5, Funny

    Are you serious? There are hundreds of millions of PCs in the world (billions?), and the vast majority of them aren't properly secured. Also the vast majority of them have 10 smiley toolbars and take 45 minutes to boot.

  4. Re:So which is it? by Anonymous Coward · · Score: 5, Funny

    It's 16 Canadian people, or 14 Americans... it's just the exchange rate.

  5. Hardly the first time Canada has caused problems by elrous0 · · Score: 4, Funny

    Let us not forget Bryan Adams.

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
  6. Re:So which is it? by Iphtashu+Fitz · · Score: 4, Insightful

    Both.

    16 people were arrested.

    14 of those 16 were arrested on Wednesday.

  7. Re:Really? by TheRealMindChild · · Score: 4, Informative

    It doesn't even really matter at this point. Let's be honest... the average computer user doesn't know the difference between U2-Somesong.mp3 and U2-SomeSong.exe. It doesn't take much to write an application that would be able to run in a restricted user account... just connect outbound on port 80 for coordination, and for payload delivery. The code would be simple enough that you could change the binary significantly enough that the fingerprinting that virus scanners use are practically worthless.

    That doesn't even address the vector of replacing the setup.exe (or equivalent) on, say, an Office 2003 cd posted on thepiratebay. Obviously, the install has to run as admin, so you pretty much know, you are a shoe in for a compromised machine for anyone who tries to install it. And again, it would be such a trivial, simple application, that you could change the attacking binary pretty much at will.

    --

    "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
  8. Haha by ViralInfection · · Score: 5, Informative

    From the ages of 17-26.

    Wouldn't you say the RCMP is just hunting down script kiddies?

  9. Re:From TFA: by Anonymous Coward · · Score: 5, Insightful

    I'd assume you're always authorized to use your own computer.

    Then again, in today's climate, maybe not...

  10. The Unwritten Story... by Panaqqa · · Score: 5, Funny

    These arrests were in Quebec. What they are not telling us is that the arrests were REALLY for not hacking into the boxes using both official languages.

  11. Re:Profitable by calebt3 · · Score: 4, Funny

    they will probably server a couple years Someone needs more coffee.
  12. Re:From TFA: by morgan_greywolf · · Score: 5, Funny

    I'd assume you're always authorized to use your own computer. Nope. There are times when I'm not authorized to use my own computer. Just ask my wife! ;)
    --
    My blog
  13. Re:Really? by Anne+Thwacks · · Score: 4, Insightful
    the average computer user doesn't know the difference between U2-Somesong.mp3 and U2-SomeSong.exe.

    The average user cannot tell there is a difference - because the Windows default is to hide the extension!

    It may be criminally insane, but its the default.

    --
    Sent from my ASR33 using ASCII
  14. Re:Hardly the first time Canada has caused problem by i_ate_god · · Score: 5, Funny

    As with a lot of our other trash, we simply shipped Celine Dion to America. Now she's your problem, enjoy.

    --
    I'm god, but it's a bit of a drag really...
  15. Re:Really? by ultranova · · Score: 5, Interesting

    To make matters worse, some attacks may even occur if you are dealing with safe file types, like a PNG or even PDF.

    There are no safe file types. All files can be viewed as programs meant to run in a specialized virtual machine (the program which is used to open them). For example, a PNG file is a program which, when run, will compute an array of bytes (the image pixels). The same goes to PDF. In this view, since all files are programs, it is in principle possible that any of them could contain code which can result in unexpected behavior of the virtual machine executing them.

    Of course some file types are easier to compromize than others, either due to sheer complexity or ambiguity of the specification or because they are Turing complete. However, it is impossible to guarantee that every viewer for any file type is free of defects. Anyone still remember ANSI codes for DOS, which could be embedded to text to change color but also to set macros to keyboard keys when the file was viewed ? And of course SQL injection attacks are based on formatting a text string so it will cause unexpected results, not to mention causing a buffer overflow with an overlong string.

    I repeat: there are no safe file types. They all have a potential to contain malicious code, because there is no such thing as data which is not also a program. From a certain point of view, GIMP is simply a very specialized compiler...

    --

    Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

  16. Not enough coffee again. by ColdWetDog · · Score: 4, Funny

    Murderers barely serve jail time up here. Don't hold your breath.

    I read it as Moderators ...

    For one brief second, I thought there was real justice Up There.

    Time to crank the espresso machine up again.

    --
    Faster! Faster! Faster would be better!
  17. Re:Really? by ultranova · · Score: 4, Interesting

    Is a text file containing a single line of text followed by a carriage return a program?

    It can be. For example:

    '; ROLLBACK; UPDATE users SET admin = true WHERE username = 'ultranova'; '

    If the virtual machine which handles the username field of Slashdot login form naively passed this string to the database layer without specifically quoting it, this text string would make my account an admin account; well, actually, since I haven't studied Slashdcode, it propably wouldn't, but the point still stands: even text is not an inherently safe data format in all circumstances.

    How about the standard input device? When I type at the console keyboard, is that a program feeding into a "virtual machine" created by the console driver?

    The virtual machine in this case would be whatever program receives the input. And yes, the text you type is indeed a program being executed by that machine; each time it receives a keypress from you, that keypress instructs it to do something, right ? Even if that something is merely to output the letter (altought a text editor would also store the input internally, of course). And that is what a program is: a list of instructions.

    If not, why is a disk device different from another device?

    It isn't.

    --

    Forget magic. Any technology distinguishable from divine power is insufficiently advanced.