Slashdot Mirror

← Back to Stories (view on slashdot.org)

Web Fraud 2.0 — Point-and-Click Cracking Tools

Posted by kdawson on from the getting-too-easy dept.

An anonymous reader writes "The Washington Post's Security Fix blog is running a fascinating series that peers inside some of the Web-based services cyber crooks are using to ply their trade: from masking their identity, to defeating CAPTCHAs, to creating counterfeit documents and validating stolen credit and debit cards. Everyone familiar with this space hears about these kinds of tools and services all the time in the abstract, but the Post blog includes screen shots and background details on the popularity of the services and how each one is helping to bring cyber crime that much closer to the realm of even the most newbie scam artists." Many of these tools require a working knowledge of Russian. Wouldn't surprise me to learn that Chinese-language tools exist too.

17 of 92 comments (clear)

  1. Language Support by introspekt.i · · Score: 5, Funny

    Many of these tools require a working knowledge of Russian. Wouldn't surprise me to learn that Chinese-language tools exist too.

    Damn. And here I was looking for fraud tools in Klingon. No wonder I can't ever find anything.

  2. Horror Show! by ColdWetDog · · Score: 3, Funny

    Finally, a use for all the Russian courses I took in high school and college.

    --
    Faster! Faster! Faster would be better!
  3. Re:Holy Stereotypes! by Jack9 · · Score: 5, Insightful

    Except it isn't a stereotype...it's a statistical certainty. Wouldn't surprise me to learn that English-language tools exist too?
    See how stereotype doesn't apply? Probably not.

    --

    Often wrong but never in doubt.
    I am Jack9.
    Everyone knows me.
  4. Re:Holy Stereotypes! by Anonymous Coward · · Score: 3, Informative

    http://www.spamhaus.org/statistics/countries.lasso

    1 United States 1571
    2 China 428
    3 Russian Federation 305
    4 South Korea 197
    5 Germany 180
    6 United Kingdom 180
    7 France 177
    8 India 153
    9 Japan 147
    10 Brazil 147

    In other words, the US beats the next 7 countries combined, Germany, France and the UK together beat China and every two of them beat Russia.

    We'd be a lot better at fighting the bad guys if we wouldn't assume that "we" are the good guys.

  5. stereotype day by jacquesm · · Score: 4, Insightful

    Is today global stereotype day and did I miss the memo ?

    Hitting on the Russians seems to be in real fashion these days, you'd almost think there was a political motive behind it. Is France out of fashion or so ?

    Really, the reason these tools exist is because there are several requirements before you can deploy these tools, which are:

    - access to international banking
    - a large base of hackers, preferably unemployed
    (I use 'hacker' in its original form)
    - organized crime

    The USA, China, Germany and Russia all have these in abundance so that's where you will find your toolkits.

    --
    MP3 Search Engine
    1. Re:stereotype day by Zontar_Thing_From_Ve · · Score: 4, Interesting

      You forget the main reason the tools and the crime exists in Russia:
      - a weak, corrupt legal system.

      Russians (and quite a few people in the other states of the ex-USSR) have a weird sense of entitlement that causes them to believe that it's perfectly acceptable to steal from the rich. They suffered under communism for so long that it's quite all right to get some payback by stealing from the West now.

      Since Russian law really doesn't care about crimes that are committed outside of Russia against non-Russians and anyway you can just bribe a judge to get whatever ruling you want, there really is no stopping these people. Well, I can think of ways to stop them, but let's just say that I don't think the USA or the EU has the stomach for what it would take. The weak legal system argument probably applies to China too.

    2. Re:stereotype day by jacquesm · · Score: 3, Insightful

      Been there, done that, and again, that's just another stereotype. Canadians do not routinely bash Americans more than the Americans probably deserve on account of abusing tariffs and nafta.

      --
      MP3 Search Engine
  6. This shouldn't be terribly surprising by Enlarged+to+Show+Tex · · Score: 4, Interesting

    All this really means is that script kiddies can now do identity theft as easily as they can perform DDoS attacks...

  7. Re:Holy Stereotypes! by Anonymous Coward · · Score: 4, Informative

    http://www.spamhaus.org/statistics/spammers.lasso

      1 HerbalKing India
      2 Vincent Chan / yoric.net Hong Kong
      3 Alex Blood / Alexander Mosh / AlekseyB / Alex Polyakov Ukraine
      4 Nikhil Kumar Pragji / Dark-Mailer Australia
    Queensland
      5 Ruslan Ibragimov / send-safe.com Russian Federation
      6 Leo Kuvayev / BadCow Russian Federation
      7 Pavka / Artofit Russian Federation
      8 Russian Business Network Russian Federation
      9 Yambo Financials Ukraine
    10 Alexey Panov - ckync.com Russia

  8. Made in USA versions sold by Google by Animats · · Score: 4, Interesting

    If you want made-in-USA tools for this, try searching Google for "craigslist auto posting tool". Google offers seven paid ads for spamming tools and crackers. ("The worlds Best Selling Craigslist software. Works with new CAPTCHA!") Three of them (including one that advertises "Only Automated Solution for the new captcha. Nobody else is automated.") are available through Google Checkout.

    This has been going on for months, despite press coverage. I'm beginning to wonder if Google is deliberately promoting tools to kill Craigslist.

    1. Re:Made in USA versions sold by Google by Jherek+Carnelian · · Score: 3, Interesting

      This has been going on for months, despite press coverage. I'm beginning to wonder if Google is deliberately promoting tools to kill Craigslist.

      If I were Craigslist, I would rather see those tools easily available instead of pushed underground. Because it makes it easier to identify them and thus to create countermeasures.

      For example, instead of just shutting down the exploits and their distrubtion, I would study the tools and see if they have a recognizable 'fingerprint' when used. Then I would make the craigslist software look for such 'fingerprints' and treat the postings differently - for example instead of just blocking the post, I would set the threshold for other user's tagging it as spam to be very low, or even set a timer to delete the post after an hour or two.

      The end result being that the most common and easily available tools would be compromised in non-obvious ways, reducing the rate of escalation in the "arms race" of cracker/anti-cracker tools and simultaneously making abuse less effective for most (ab)users.

  9. Re:Holy Stereotypes! by Anonymous Coward · · Score: 4, Insightful

    The stereotype doesn't imply that the statement is wrong, but why was that statement made about Chinese and not English tools? According to the Spam origin data, English tools are a lot more likely then Chinese tools, so while in itself not wrong the decision to focus on one correct statement while omitting another correct statement speaks of bias and creates an incorrect impression to the casual reader (and if you know the data then you don't need news articles in the first place).

  10. Re:Holy Stereotypes! by palegray.net · · Score: 3, Interesting

    This data looks good until you consider the fact that a major profit center for certain Chinese nationals is the practice of compromising huge numbers of servers hosted outside China, for the purpose of sending SPAM that won't be stopped by GeoIP restrictions.

    Who's making assumptions now?

    --
    512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
  11. Re:Holy Stereotypes! by hclewk · · Score: 5, Insightful

    It is not a stereotype to say that many burglaries are committed by blacks, as this can easily be backed by data. It is stereotypical, however, to say, "All blacks commit burglaries", "Most blacks commit burglaries", or "He is black so he's probably committed burglary."

  12. Scamming Klingons is too dangerous by phorm · · Score: 3, Funny

    I'd imagine that Klingons would dish out some pretty massive punishment when scammers get caught, so you're unlikely to see many Klingons using these tools.

    Perhaps you'd be better to search in Ferenghi?

  13. Re:Typical Slashdotzz comment! by gujo-odori · · Score: 4, Interesting

    Your comment just proves how clueless you are about the spam situation in China.

    China is, and has been for several years, a bastion of "bulletproof" hosting. Since you're so clueless about spam, I probably have to explain bulletproof hosting. Bulletproof hosting is a contract with a hosting provider and/or ISP with IP space to burn that doesn't care what you do with that hosting/IP space so long as you pay your bills.

    China is also a haven of phishing sites, largely for the same reason and courtesy of a few rogue registrars operating in China.

    There's nothing racist about criticizing China for its conduct. What next? You'll be telling us it's racist to criticize Nigeria for being the source of most of the world's 419 spam?

    Silly me. I hadn't heard that scammers, spammers, and those who give them shelter constituted a race.

  14. Re:SANTA -- not really offtopic :) by commodoresloat · · Score: 3, Informative

    heheh... I don't recall the backstory behind this, but SATAN actually distributed for a while with a utility called "SANTA" that would change the name of the tool (and all references in the docs and so forth) from "Security Analysis Tool for Analyzing Networks" to something like "Security Analysis Network Tool for Administration" in order to get rid of the potentially disturbing acronym.