Slashdot Mirror
The Life of a Cybercrime Investigator
An anonymous reader writes "Steve Santorelli gets computing experts and law enforcers to cooperate in a global fight against organized Internet crime. This article talks about the role of law enforcement in identifying and battling online threats as they change and evolve. Quoting: 'The common wisdom about hacking and cybercrime is, in Santorelli's view, severely out of date. He says cybercriminals aren’t lone wolves; they are financed and directed by international criminal syndicates. ... Organized crime also has vast resources derived from its traditional operations to finance the hiring of quality hackers around the world. There is even evidence that some syndicates are investing in research and development, looking to create proprietary, next-generation hacking tools, Santorelli says.'"
This is why the problem isn't Windows. These people will do whatever is necessary to make profit. Linux would be just as well targeted if it had the same market share and amount of stupid people. Windows as an OS is secure, especially Windows 7, but there's nothing you can do about user stupidity unless you close down the whole OS. And is that something we really want to happen, locked "consoles" for everyone?
Much of the hacking now is government-sponsored too. China, Israel, the U.S., and Russia have all been allegedly involved in this for some time (probably a lot of others too). Stuxnet, theft of Google source code, you name it. Seems like everyone is in the cybercrime (or cyberwarfare if you want to stick a more polite euphemism on it) business these days.
SJW: Someone who has run out of real oppression, and has to fake it.
I've thought a couple times about quitting engineering and going into Computer security, but not really sure how profitable that move would be.
FREE magazine : http://clarkesworldmagazine.com/prior/
Sounds like HBGary...
You mean the trinity of evil when you speak of organized 'net crime? Or that big time criminal outfit, the US DOJ? Confused by propagandistic articles? We all should be by this time. When the banksters are finally executed, then and only then should people speak of the lower echelon of ethnic crime.
"The Life of a Cybercrime Investigator"
1. Be born.
2. Investigate cybercrime.
3. Die.
4. ???
5. PROFIT!
Anyone that uses the root "cyber" should not be taken seriously.
Including this useless fucking site.
Let's see now....Micro$oft's ADVAPI.DLL, and their sellout of the kernel to the Chinese Totalitarian Capitalist State? You nailed it of course, elrous0, and with the Pentagon's giving access to phony anonymizers to certain neocon PACs, it's all Wall Street motiviated, 'natch.
I personally observed at least six or seven countries' military domains looking at one of my sites in the late 90s which focused on then unrealised methods of remote operating system fingerprinting (many of which were ICMP-based, and not implemented publicly until years later). As well as many parts of the US military, there was (South, obviously) Korea, Japan, and Germany I believe. Of course, back then they were happy to browse from a .mil.* IP, these days none of them would do that. Australia used to have a lot of network warfare information up on the DSTO website, there's less these days, however they are still a good source for the multi-military JWID events (Joint Warfare Interoperability Demonstrations), a regular compatibility-of-command-and-control event that involves many western militaries. The trend I have seen thus far is for government/military to co-opt hackers through establishing corporate fronts, usually led by an otherwise-reputable hacker who is on the take or convinced to 'help the country' with nationalism. They also pay hackers with basic community cred as informants, and send them to security-related events all around the world in the hopes of acquiring actionable intelligence. We all need to be very careful who we give information to. Furthermore, the increasingly commercial development of some areas of our industry (open source intelligence gathering / computational linguistics / passive traffic analysis + surveillance / video surveillance systems) are strongly contributing to the further degradation of society in to a 1984-like situation. The best thing we can do as people is to avoid the allure of money and refuse to work in these areas, whilst publicly pointing the ethical finger at those that do.
And is that something we really want to happen, locked "consoles" for everyone?
It's already here and it's called iOS iPad, iTouch, and iPhone.
Do they have a pi license?
Although all of the powerful crackers know others, some of them truly are lone wolves. For instance, The Jester (th3j35t3r ) with his Xerxes botnet. He doesn't claim any affiliation AFAIK and is self-proclaimed former military hacker. I always wondered if they give him a pass because he helps with other things, like taking down Islamic-jihad websites which he's know to do. No man is an island after all and he definitely has connections. But still he seems to be the "lone wolf" acting with impunity at times.
And that's just one of many that have never claimed a group affiliation and seem to be driven more by underground fame and rage than money or crime.
Tiger Blooded Bi-Winning Machine
Santorelli has devoted his career to identifying, tracking and apprehending cybercriminals in a new cyber-environment in which police chases are clocked at light speed and villains drive on a global superhighway congested with 1.8 billion law-abiding commuters.
LMAO! XD
"When information is power, privacy is freedom" - Jah-Wren Ryel
.... and hope that these organizations don't band together, start sharing innovations and start developing 'next level threats' as I'd call them. With those resources and people behind them, evil people could do bad things to the internet. Gah, lets hope not. Lets hope.
Why do you think they're called Banksters?
Yours On Wall Street,
Philboyd Studge
A good while back, while we were still on dialup, actually. Being a small software shop who delivered results and of course our bills over the 'net, we did a ton of email traffic. At the time it was a windows shop as well (by customer demand). We "captured" many viruses in emails, didn't catch them -- we were all pros and knew better. Since we had all the best tools money could buy, we looked pretty closely at these "captured" (eg, not caught) viruses. At first, they were obviously not the work of very skilled or well financed people. Many still had debug symbols in the code, and things like Devstudio and reverse compilation showed they were usually done with a "free" C compiler, not GCC, but Borland.
Most were pretty crummy code, at least by our standards, though there were a few interesting tricks, like pushing data on the stack and then doing a return to get a goto to happen, often into a system function.
All of a sudden, things got better or worse, depending on your POV. The stuff we were capturing suddenly changed, a lot - it was well written, well obfuscated, and tricky stuff -- we even got a cool idea or two from it, and the new stuff was much smaller and made better use of the system API to do nearly all the work -- none of the obviously malicious code was in the virus itself, just system calls with destructive parameters. This would have been around the 2006 timeframe.
It was obvious that someone had started putting money into the game, or for whatever reason the quality of the crackers had suddenly gotten a heck of a lot better, which usually implies the former. Real talent.
To the fanboi who said "it's not windows", sorry pal. Might have been true once, for bot farms and so on, that need volume. Today's cracking is financially based, and much more targeted. And most machines that deal with tons of money aren't running windows -- after being burned a few times, you think the financial business has any loyalty to the guys in redmond? Or anyone at all, for that matter? Linux is just plain more difficult to crack, and more proactive about patching when possible vuln's are discovered. Anyone who looks at the flow of updates to Ubuntu and how many of them "fix a possible security bug" knows this. Many bugs that would have been zero-day exploits are fixed before anyone has put an exploit out for them at all, just by doing some fairly obvious code analysis, looking for ways to overflow allocations and such.
Could be windows guys do that some too, but since they long-delay even well known holes, and you can't see what is in those closed source, uncommented updates, (sometimes there's a KB entry, but not always and always little detail) how could you prove that? I don't think you can.
Why guess when you can know? Measure!
they are financed and directed by international criminal syndicates
This is the part I don't understand, or maybe its a troll indicator.
So.... I've seen all the movies. You wanna buy $100K worth of coke in Columbia to sell in the USA for $500K. But you don't have $100K. So you get a very special loan, with some very special terms, etc, from some dude in Columbia. Thats financing by an international criminal syndicate.
How exactly does an international criminal syndicate finance hacking? How much money has to be fronted to get a .torrent of visual basic or whatever, on a $300 emachines desktop, in moms basement, hopping on your neighbors wifi?
Psst, hey "Don VLM", I gotta business transaction for youse, Barry the Enforcer needs a new mouse from officemax for that special job, you know, for that guy that we was talking about? Yeah well that mouse costs money, like two dollars and ninety nine cents. I was wondering if you coulds front me the dough till next week, when we get our protection money from that kids lemonade stand. Yeah yeah, the usual 100% interest per week plus a cut of the action OK OK, "Don VLM". I know I gotta get you yourse three bucks next week or I'll end up waking up in bed next to a one of them decapitated "headless" servers. Yeah Yeah Capishe?
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
They're not financing workstations in basements--they're paying for real coding talent, for information, and for new exploits (or new uses of old exploits). If you know what game development teams look like, you've got an idea of what more and more criminal enterprise teams look like, except that, instead of a semi-competant boss who is looking out for the company's bottom line, you have a trusted semi-competant boss whose only mission is to pass the deliverables on to the syndicate. Slacking off, or throwing some code for a traditional employer might, at worst, find you looking for another job. Doing the same for your evil overlords might net you a bit more trouble (don't mess with dudes with guns).
I use irony whenever I can, but my shirts are still wrinkled...
The fact that there's been a move from the idealistic and casual hackers to organized crime has been sounded by wise security folks for years and years and years. The writing seemed to be on the wall pretty clearly since about 2004, and I was warning IT auditors and bank examiners about it from the mid-2000s onward.
It should be no surprise to anyone in the IT field, but I can see how there might be a big disparity between contemporary IT thought and the knowledge held by law enforcement units around the country (and, perhaps, around the world). Sure, not all of them are that far behind, but only those who have been engaged in the fight really have any feel for what is going on, so many of the smaller police departments and rural units probably have limited exposure, and even fewer resources for dealing with IT threats.
I use irony whenever I can, but my shirts are still wrinkled...
Probably the largest amount of criminal activity comes fro women on dating sites trying to scam men into sending money to enable travel to the man. If the government gets serious millions of American women could get severe prison sentences for that game. In law it is not so difficult to offer proof that a woman has promised to travel to live with 75 different men all over the world on the same day and taken money from many of them.
This is an issue like stealing bicycles. Bicycle thefts total far more than bank robbery losses and more deaths result from bicycle thefts than bank robberies as well. Yet a bank robber can easily get 20 years for a first offence and a bicycle thief will rarely be put in prison. We have it backwards.
Organized crime also has vast resources derived from its traditional operations to finance the hiring of quality hackers around the world.
How do I get in on that?
"Somebody has to do something. It's just incredibly pathetic it has to be us."
--- Jerry Garcia
Look, I know who they are, the bad guys. Haven't you noticed in every hollywood movie that features a hacker, they use totally different hacking tools than what we see normally? Those Matrix like, futuristic hacking scenes allow a mediocre hacker to crack DoD mainframes in like 15 seconds with a gun pointing to his head! Un-Be-lieable! Oh, and don't forget that they all use Macs. I don't have any proof that is related, but Steve Jobs is on some big freaking Studio's board.
They're buying people's time, who are often in turn buying other people's time. It's cheaper and faster to do things like buy time on a botnet or buy a zero-day exploit for your malware than to come up with these things yourself.
Just because the information doesn't get tweeted and dissected in main tech-media, it doesn't mean that there aren't real mafia-like crime syndicates around.
There are real criminals, with real organization, who collect 'protection money' just like you've seen in mafia documentaries and movies.
You do not have a choice but to pay up and be quiet. If you had an online business, say a betting site, which generates considerable amount of money on hourly basis and you would find yourself DDOS'd with the option to pay up a 'ransom' of some tens of thousands of dollars or lose reputation and revenue, what would you do?
You can not stop it and nobody has jurisdiction to end it. You pay up, and you keep your mouth shut or else.
While these stories do not surface often, it does not mean that it doesn't happen.
Posting AC for obvious reasons.
This is an issue like stealing bicycles. Bicycle thefts total far more than bank robbery losses and more deaths result from bicycle thefts than bank robberies as well. Yet a bank robber can easily get 20 years for a first offence and a bicycle thief will rarely be put in prison. We have it backwards.
bicycle thieves rarely use shotguns to execute their crimes...
HA! I just wasted some of your bandwidth with a frivolous sig!
". The best thing we can do as people is to avoid the allure of money"
Good luck with that
is all I bloody read. what a waste of time posting this was.
I hope no one out there dun goofed!
:q!
they are financed and directed by international criminal syndicates
Psst, hey "Don VLM", I gotta business transaction for youse, Barry the Enforcer needs a new mouse from officemax for that special job, you know, for that guy that we was talking about?
Running bot-masters? Registering thousands of domains in an algorithmic fashion? Running a market exchange for CC number? Constantly recruiting new money-mules? Shifting accounts on different geographies? Protecting all the above not only from authorities but against competing syndicates as well?
Are you talking about Columbia, South Carolina? Or Colombia, South America. Because you seem to imply one while spelling the other.
If you don't take the money someone else will... It isn't about that really though. The problem isn't that someone wants our information. It is about us not having secure systems and the tools to fight this encroachment. I went to a movie tonight and the machines didn't take $$$. Only credit cards as far as I could tell. They didn't have a physical person manning a booth except after you got your ticket. Heck- even that appeared to be unmanned. Maybe I could have just walked in and sat down for all I know. The problem is not being able to control tracking or the ability to have anonymity. It is the fact we don't have the tools to do so. We have credit cards and no form of widely accepted anonymous currency on the net. We have outlawed it due to concerns over money laundering by the way.
I seriously doubt anybody would bother committing murder over computer code. Something just tells me the cost of that code doesn't warrant it. It just attracts too much attention. For what? Revenge? No. They can just as easily get another coder. On the other hand if a syndicate lends money or drugs to someone that actually is a loss to the organisation. They can't recoup it. They have to ensure others don't attempt to do it. With a coder? What have they really got to lend? They don't lend anything. They just buy.
In other words, the government seeks to turn hackers into informants aka stooges?
What isn't know is how the government gets them to do that, without paying then any money. Threats? Help us or gitmo? Why would any hacker want "community cred" as an informant? And why would a hacker risk their lives for free? Patriotism?
That being said, these hackers would be informing or working for the mafias and others if not the government because the mob runs a protection racket just as the government does. But what you describe seems to be a protection racket, where the government offers hackers protection in exchange for information, and who knows what would happen to the hackers who don't receive protection.
You're right that the exchange of physical goods carries a more obvious risk, but there's also risk in losing one's IP. In the case of a crime syndicate, that IP includes knowledge of operations, the technologies used (including attack vectors), and perhaps even server locations/service providers--all information that would be valuable to competing syndicates or law enforcement agencies. I doubt any crime syndicate that's hiring coders is simply going to let them run free with something as simple as a non-compete agreement.
I use irony whenever I can, but my shirts are still wrinkled...
You think that programmers at Microsoft get paid a salary because of the cost of their workstations? No, they're being paid for the time they spend programming. They're being paid because they know how to write code better than the average person. Same thing going on with these "criminal syndicates". They're paying programmers to write viruses.