Slashdot Mirror
Meet Paunch: the Accused Author of the BlackHole Exploit Kit
tsu doh nimh writes "In early October, news leaked out of Russia that authorities there had arrested and charged the malware kingpin known as 'Paunch,' the alleged creator and distributor of the Blackhole exploit kit. Today, Russian police and computer security experts released additional details about this individual, revealing a much more vivid picture of the cybercrime underworld today. According to pictures of the guy published by Brian Krebs, if the Russian authorities are correct then his nickname is quite appropriate. Paunch allegedly made $50,000 a month selling his exploit kit, and worked with another guy to buy zero-day browser exploits. As of October 2013, the pair had budgeted $450,000 to purchase zero-days. From the story: 'The MVD estimates that Paunch and his gang earned more than 70 million rubles, or roughly USD $2.3 million. But this estimate is misleading because Blackhole was used as a means to perpetrate a vast array of cybercrimes. I would argue that Blackhole was perhaps the most important driving force behind an explosion of cyber fraud over the past three years. A majority of Paunchâ(TM)s customers were using the kit to grow botnets powered by Zeus and Citadel, banking Trojans that are typically used in cyberheists targeting consumers and small businesses.'"
his only fault was that he didn't incorporate in France and didn't have NSA as a client.
see, if you have offices and suits and your customers wear suits then the business is legit.
world was created 5 seconds before this post as it is.
You mean Eric Estrada was a malware kingpin?
I don't believe it!
A bullet may have your name on it, but artillery is addressed to " Whom It May concern"
Surely the kit would be "bought" once then distributed freely. It's not as if they're going to go to the BSA and whine about copyright infringement, is it?
Although nobody said cybercriminals were clever, I suppose. To be smart is to win while playing by the rules; to win by cheating just means you lack scruples, and anyone can do that.
APK is a well-known Slashdot nutter, and the regulars are more-or-less used to him by now.
Goes to show what amoral shitstains these people are. He's made only a couple of million profit, by causing several orders of magnitude of damage in the process. A bit like those arseholes who steal copper cables off the train network, flog them for a few quid, but disrupt the commutes of thousands of people and rack up huge repair bills. In the animal kingdom, such entities are known as "parasites".
Some questions have to be asked about why it took the Russian Interior Ministry so long to track Paunch and his crew down. Given Putin's "power vertical" and his penchant for interfering in the Russian judiciary and wielding it as a weapon against his perceived enemies, you have to wonder what it was all in aid of -- and what Paunch did to get himself arrested. Maybe the bribes weren't big enough?
if the Russian authorities are correct then his nickname is quite appropriate
He's probably a bad guy, so let's make fat jokes about his photo in the summary. There's absolutely no chance we're humiliating someone innocent, right?
Crime arises when "legit" jobs are not as easy to get as simplistic optimism might suggest. While it's a frequent perception that it's dead easy for any little group of computer-savvy hard workers to spin up a few million dollars in business out of their garage, the truth is disguised by a lot of selection bias --- you hear the success stories, but rarely hear about all the folks who lost their garage (and home) in the process, and are now making $13/hr at a tech support desk. My guess is that the actual on-the-ground conditions made it much harder for J. Random Hackerguy and Co. to just start pulling in a couple million dollars for their skills; and once you've got to $50k/mo., one might be disinclined to abandon a working scheme.
I would argue that Blackhole was perhaps the most important driving force behind an explosion of cyber fraud over the past three years.
I would disagree and cite NSA's PRISM and FOXACID as a far more important driving force. Even if you disagree about the classification of their action as criminal violations of the US Constitution, consider that they purchase a large volume of zero-day exploits to fuel their "cyber" weapons. This makes selling zero-day exploits on the black market very profitable even if you ended all civilian perpetrated "cyber" assaults.
And when you hack a man, you're a criminal,
Hack many, and you're a terrorist,
Hack 'em all, you're a Government!
My apologizes to Megadeth.
I think your ignoring how some of these people get into this criminal line of work. Suppose you had been doing honest work as developer, or maybe even something like a pen tester. Suppose one day you discover a really reliable vulnerability you can exploit in some really really widely used software, maybe the SMB service on Windows or something. It works just about everywhere and gets privileged access.
Now you got choices:
Tell the vendor - who may be happy to hear from you so they can quickly and quietly patch it. They may even pay you a small bounty. The may also do nothing. They could potentially even try and prosecute you. I can tell you I WOULD NEVER CHOOSE THIS OPTION, little possibility for reward lots of potential for pain.
Publish it in the legitimate white had security world -- Probably the best choice. You'll be getting your name out there which can really help you. You might even be able to make some money off it directly by talking about it at the various *cons.. The vendor or project will be forced to fix the vulnerability which is good because that actually makes everyone safe. If you publish in the proper venue at least people who care enough to follow this stuff will be able to take some mitigation steps until a proper fix is available.
Sell it -- risky sure, but might not be all that difficult these days. Could be lots quick money. Awful hard to say no to a quick $50K shot in the arm. You certainly risk jail and could lose everything, but that calculation then depends on your current situation. If you have a good job and are living comfortable with some savings you'd probably be crazy to try it. On the other hand if you're sitting there wondering how your paying the rent this month and contemplating ramen noodles for dinner again; taking your chances on something like that might be pretty appealing.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
You could use Wine. But I guess part of the tool's functionality is to manually cache the IP addresses hosts you access most, at the top of the file, so that the operating system's resolver doesn't have to do so much work.
A hosts file is a method of blacklisting hostnames of servers with which you desire not to communicate, such as malware-infested servers and the servers that host social recommendation ("like") widgets that track you and slow down page loads.
Methinks we may need a general mechanism for identifying nutters that's hard to spoof, so that the folks who used to spend their days flaming innocent passers-by on usenet can't just migrate here.
This is probably an instance of a byzantine fault-tolerance problem, as solved by Barbara Liskov. As a bad example, consider displaying one of those little bi-coloured pills one uses for friends and foes, with the numbers voting shown in each side. ONLY if N people vote him "id10t" and N is at least one greater than 3 times the the people who vote him legit, mind you! Generally displaying reputation or friend/foes icons would just lead to flaming about reputations and scores.
--dave
davecb@spamcop.net
Half the time, I wonder if that's really apk, or just a troll(s) with some apk inspired copypasta.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
The big problem with selling zero day exploits is, they are only effective if they remain secret and of course the seller of the exploit is a threat to the secrecy of that exploit. Already sold it once, what stops them from selling again and again and again. So when it comes to buying those exploits organised crime is likely to consider it worthwhile to ensure the silence of the seller and save themselves some money instead. When it comes to buying exploits the more likely source is leaks in intelligence services, you know those douche bag agencies that keep security vulnerabilities secret so that they can exploit them and those leaving their own countries and citizens vulnerable (real fucking bright). If you are corrupt enough to do that, then you are most certainly corrupt enough to sell them to organised crime (a repeat source you would pay and wouldn't silence).
Chaos - everything, everywhere, everywhen
Though I guess a Russian prison is a pretty severe punishment as-is.
What entry do I put in my hosts file to block apk's spam?
You have confused 'run and hide' with 'don't give a shit'.
Jesus was all right but his disciples were thick and ordinary. -John Lennon