Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Mob's IT Department

Posted by Soulskill on from the bet-there's-a-certification-for-that dept.

An anonymous reader writes: An article at Bloomberg relates the story of two IT professionals who reluctantly teamed up with an organized criminal network in building a sophisticated drug smuggling operation. "[The criminals were] clever, recruiting Van De Moere and Maertens the way a spymaster develops a double agent. By the time they understood what they were involved in, they were already implicated." The pair were threatened, and afraid to go to the police. They were asked to help with deploying malware and building "pwnies" — small computers capable of intercepting network traffic that could be disguised as power strips and routers. In 2012, authorities lucked into some evidence that led them to investigate the operation. "Technicians found a bunch of surveillance devices on [the network of large shipping company MSC]. There were two pwnies and a number of Wi-Fi keyloggers—small devices installed in USB ports of computers to record keystrokes—that the hackers were using as backups to the pwnies. MSC hired a private investigator, who called PricewaterhouseCoopers' digital forensics team, which learned that computer hackers were intercepting network traffic to steal PIN codes and hijack MSC's containers."

23 of 104 comments (clear)

  1. MITM or unencrypted by DigiShaman · · Score: 4, Interesting

    "hackers were intercepting network traffic to steal PIN codes and hijack MSC's containers"

    So this was a MITM capture, or the PIN data was flying through unencrypted.

    --
    Life is not for the lazy.
    1. Re:MITM or unencrypted by guruevi · · Score: 5, Interesting

      Most likely they assumed, as most companies these days erroneously do, that their entire internal network is 'secure' and thus does not need encryption. Besides these dedicated devices, most corporate networks don't protect much against visiting and malware infested laptops. Even if they are aware of the chance of someone bringing a virus from home, they rather turn to device 'access controls' and trusting the device to self-report over securing the internal systems.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    2. Re:MITM or unencrypted by JackieBrown · · Score: 2

      My last job (KCI) was like that. All supervisors had admin access and could connect to any network (secured or not) we wanted. It was amazing what my peers decided to install on their company issued laptops.

      I still remember one day, HR sent out an email to all 4000 employees with everyones SS#, salary, and address (the person attached the wrong file - they meant to send out a flyer for the company picnic.) IT department's solution to keep that file from getting out was to block gmail and yahoo mail. Since everyone had full read write access to the usb ports, this was not much a solution.

      Now, at my new job, I get to experience the joys of a locked down laptop that requires an RSA secrurid to log into the network, web is locked down, and no read/write access on the usb ports.

    3. Re:MITM or unencrypted by DigiShaman · · Score: 5, Insightful

      Now, at my new job, I get to experience the joys of a locked down laptop that requires an RSA secrurid to log into the network, web is locked down, and no read/write access on the usb ports.

      Just as an FYI, if a company is going to restrict local I/O resources to and from a computer, then using a computer is the wrong tool; they should be using thin-clients to a terminal server of some sort.

      --
      Life is not for the lazy.
    4. Re:MITM or unencrypted by Penguinisto · · Score: 2

      This, right here.

      VDI is a very good solution for it, or Citrix, or VCAC, or... For high-security data, there should be only a very small handful of reasons why someone has a full-blown workstation on their desk these days, let alone a laptop. Sadly, at least one of those reasons is "because the CxO needs one, that's why!"

      --
      Quo usque tandem abutere, Nimbus, patientia nostra?
  2. "pwnies" sound familiar... by chispito · · Score: 4, Informative

    "Pwnies" are probably PWN Plugs from Pwnie Express. The original models were basically Sheeva Plugs, a raspberry-pi esque computer inside a wall wart form factor.

    It would be interesting to see if these guys received products or training from Pwnie Express, a well known infosec vendor.

    --
    The Daddy casts sleep on the Baby. The Baby resists!
  3. OMG pwnies! by Anonymous Coward · · Score: 5, Funny

    It should have been: "OMG!!!! pwnies!!!"

  4. more important question... by freeze128 · · Score: 4, Interesting

    How much does the mob pay an IT worker? It might be better than legit companies.

    1. Re:more important question... by Thiez · · Score: 5, Funny

      I heard they'll make you an offer you can't refuse.

    2. Re:more important question... by Qzukk · · Score: 3, Funny

      You get your choice of payment in silver or lead.

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
    3. Re:more important question... by Shakrai · · Score: 5, Interesting

      These two were making €12,000 and €20,000 per month, before their involvement with the criminal element. One of them was seeking start up capital for a business venture and allowed himself to get roped in that way. If you give them the benefit of the doubt the best you can say about them is they were naive. In the worst reading they were greedy and willfully complicit. I suspect reality falls between those two extremes.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    4. Re:more important question... by swb · · Score: 4, Interesting

      I've worked as an SMB consultant and almost every SMB owner I've run into is some kind creepy, shifty guy who is coming as close as he can to "the line" and often crossing it. At a minimum it's every conceivable tax dodge imaginable -- luxury company car as a daily commuter, no-show family members on the payroll, tons of business-paid home technology for personal use, and so on. Who knows what it is at maximum. Probably outright tax fraud, siphoning cash, cheating employees, whatever.

      You could make a believable narrative that has two small-time entrepreneurs looking for investors and/or work are just *used* to the kind of slimeballs that are out there and don't really ask too many questions. Call it conditioned ignorance.

      I don't know how cost of living translates, but I do think their incomes, especially the guy with a regular job (IIRC) would make them be a little more selective. That part I find kind of fishy.

      But it's also not hard to see once they saw they were dealing with guys with guns that going along with it but with willful incompetence wouldn't have seemed like a totally unreasonable strategy. What are your choices? Run away and look over your shoulder for years?

    5. Re:more important question... by Shakrai · · Score: 2

      I don't know how cost of living translates

      €144,000 annually is comfortable living by any metric.

      What are your choices? Run away and look over your shoulder for years?

      Getting deeper into bed with them is not a sensible decision either. It may be necessary in the short term but what's the exit strategy? The most sensible decision would be to avoid putting yourself in the position where you have to make that choice. Failing that, I would personally take my chances with the authorities. Caving to blackmail is never a winning move in the long term.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
  5. They are trying to get off... by bobbied · · Score: 3, Interesting

    Once you realize what you are doing and for who you are doing it, you contact the authorities. These guys continued to cooperate, continued to engage and despite their attempts to soften their story, are responsible for their actions. Intimidation is not an excuse, it's perhaps a reason, but it doesn't absolve you of the moral and ethical obligation to turn yourself in.

    My guess is that they are trying to get some sympathy by cooking up this "We tried to resist, without getting killed" defense. At the very least, you use all that IT knowledge and start reaching out to authorities. Heck, walk into a police station and turn your self in, offer to be an informant, explain to them what's going on and tell them you need help getting out. I'm sure any number of customs officials would have jumped at the chance to help them out for the information they obviously had. I'm also sure that any prosecutor would have loved to let them plea bargain (or just plain offered immunity) as well.

    No, despite the intimidation they claim, I'm not inclined to believe they where powerless to help themselves, nor am I inclined to think they should be given lighter sentences for what they participated in. The jails are full of people who claim they where wrongly incarcerated. Some claim to be innocent, some claim the sentence was wrong, some claim they couldn't help it, but nearly all of them are just lying. These guys are in the same boat.

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    1. Re:They are trying to get off... by NatasRevol · · Score: 4, Insightful

      You've never imagined having a gun to your kids' head, have you?

      life > illegality

      --
      There are two types of people in the world: Those who crave closure
    2. Re:They are trying to get off... by bmajik · · Score: 4, Insightful

      Have you ever lived anywhere where there was a significant mob presence?

      I haven't, and for good reason.

      Your plan is a really great plan if you assume that the mob has absolutely no penetration whatsoever into the local police department.

      I don't know why you'd assume such a stupid thing, though.

      So here is how your suggestion really goes.

      You walk into the local PD. On your way there, some kid recognized your face. He has instructions that say that if he sees a guy who looks like you walking into the police station, he calls a number and gets a bonus.

      When you come home, something is different. Either your family is already dead, or, there's a note that makes it clear that your family is vulnerable and that you've fucked up - but there is still a chance to not get your family killed. Who knows what the knob is set at for the "first contact" - but there's a clear indication that you don't want to continue talking to the police.

      Now, if someone inside that building is actually connected - and usually, somebody is - maybe they're the person who interviewed you. Maybe they're the person who looks at the signin/signout sheet at the station. Maybe they are somebody who files paperwork or types things up for other people.

      Zillions of little people are needed to make the machine of government operate, and the mob targets precisely those people to be their eyes and ears. It uses combinations of carrots and sticks to keep them cooperating with mob goals, without letting them get too familiar with what those goals are or who is executing them.

      Point is, if the mob has any power in your city, that includes eyes and ears within, or effectively within, the police department.

      Part of the mob's effectiveness is that it destroys trust in the normal functioning institutinos of society. You never know for sure who is and isn't. It effectively isolate frightened individuals from the facets of society that might help or protect them. It always makes it seem like it's 1 person against the entire mob - it paints that same picture to lots of separate people.

      --
      My opinions are my own, and do not necessarily represent those of my employer.
    3. Re:They are trying to get off... by Shakrai · · Score: 2

      You've never imagined having a gun to your kids' head, have you?

      Read TFA. Specifically these paragraphs:

      To his surprise, Adibelli agreed. “If you wanted out, why didn’t you let us know?” he said. Maertens was too scared to bring up the beating and the kidnapping and death threats. “Obviously, you know we’re not in a legal business,” Adibelli added. “So if you talk to anyone, we know where you and your family live.”

      Adibelli brought Van De Moere down next and asked him if he wanted out, too. Van De Moere said yes.

      There was only one condition of the release: Van De Moere had to give Okul an intensive training session on Linux, the operating system on which Metasploit, the hacking software, is based. A few weeks later, according to police and interviews, he did so over one weekend at a Holiday Inn in Ghent. In November, Van De Moere returned two antennas and had a couple of beers with Okul. That was the last either man would see of the Turks.

      Something doesn't jive here. The type of people that are willing to actually hold a gun to your head are not the type of people that are willing to let you walk away simply by giving your notice. I don't doubt that there was some level of intimidation at play but there were apparently limits to how far the bad guys were willing to go. Which begs the question of why these two didn't go to the authorities after they "got out." Perhaps they didn't wish to part with the €25,000 in cash they had previously received?

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    4. Re:They are trying to get off... by PopeRatzo · · Score: 5, Interesting

      Have you ever lived anywhere where there was a significant mob presence?

      No, I live in Chicago.

      Seriously though, growing up on Taylor Street in Chicago's Little Italy neighborhood, we all knew who the mob guys were, and many of them were part of our extended families. I used to go fetch cigars for the old men who sat in front of the social club drinking espresso and they'd give me dollar bills and sage life advice. The barber and the tailor at Taylor and Loomis were both bookies.

      Part of the mob's effectiveness is that it destroys trust in the normal functioning institutinos of society.

      Actually, in the case of the Chicago mob, they didn't destroy trust in those institutions, they replaced trust in those institutions for people who were blocked from having access to them. Today, if you want to get a bet down, you just have to go online or buy a lottery scratch-off ticket. Back then, you had to go see the barber. If you needed a loan, you saw the loan shark (who actually charged less interest than today's payday loan joints). If you needed the pothole in your street fixed, you went to talk to the precinct captain (who could be found putting down a bet with the barber or drinking espresso at the social club).

      So see, the mob didn't destroy trust in normal functioning institutions of society, it created trust in people where the institutions of society didn't function properly.

      Today, those old mob guys are almost all dead, and their kids went to med school or law school and are living out in the suburbs or on the North Side. All the mob's wealth has been laundered through the "normal functioning institutions of society" and their kids and grandkids are paragons of those functioning institutions. The mob here has always been the way immigrant populations assimilate. Do you think the fortunes of any of the great families in the US were built very differently? From Rockefeller to Kennedy to Romney, the fortunes are always built on something a little sleazy.

      This all may be different where you are. This story happens to be about "the mob" in Belgium, which I can't even imagine. Maybe they control the black market waffles or something.

      --
      You are welcome on my lawn.
    5. Re:They are trying to get off... by PPH · · Score: 4, Insightful

      You walk into the local PD.

      Walk. How 20th Century.

      You establish some anonymous communications with FBI/CBP/etc. (or your nation's equivalent) at their HQ. Not the local police department on the Texas-Mexico border. The latter have mostly been pwned by the drug lords. So you exchange public keys with the FBI and establish yourself as an unwilling insider. You set up a deal for immunity and a contact name and pass phrase that you can drop when the DEA storms the facility and hauls everyone out (including yourself) in handcuffs when the gang is busted. Until then, nobody needs to know who you are. If talk inside the gang turns toward looking for a snitch, you can always go silent if it looks like your law enforcement contact might have been dirty. And at this point, nobody will know who you are IRL.

      If there is a leak in HQ and you or your family end up dead, you can arrange a 'dead man switch' on a server that forwards all your correspondence to the New York Times, Guardian, Wikileaks, and anyone else willing to print an expose on corrupt law enforcement in bed with the mob.

      --
      Have gnu, will travel.
    6. Re: They are trying to get off... by bobbied · · Score: 2

      People act like what they see in the made for TV crime drama's are true life... These two fools, if their story is actually based in real life, where idiots, both in what they managed to actually do and how they are trying to claim innocence because they where coerced into it.

      IMHO, there story is too fishy. Either they had ample opportunity to get out and choose to stay and collect the money, or they are angling for a book and movie/book deal and none of this actually happened.

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    7. Re:They are trying to get off... by PPH · · Score: 2, Interesting

      skip the police go to the feds

      Go to the feds carefully. And anonymously.

      We had a guy who 'went to the feds' with a bunch of damning evidence on a corrupt outfit in my town. The feds he went to were already pwned by the company (see: regulatory capture). They just said, "Not interested." The they called the company up and told them who had snatched the documents so they could go to the police and have him charged with theft.

      This guy should have set up an anonymous connection and not surfaced until he saw the feds marching executives off to the Crowbar Hilton.

      --
      Have gnu, will travel.
    8. Re:They are trying to get off... by Anonymous Coward · · Score: 3, Informative

      Dude, that's the second time. There is no "h" in "were". "Were" as in "they were walking around." "Where" as in "Where are you?" And for good measure, let's contract "we are" to make "we're" as in "We're going to learn English today."

    9. Re:They are trying to get off... by Anonymous Coward · · Score: 2, Funny

      I salute sir, for your valiant attempts to fix the internet.