Cyber News

Attacking cybercrime through infrastructure, not individuals

If someone has been mugged, there's a mugger to catch. If a car is stolen, there'll be a thief to find. If a bank is robbed, there will be a robber to track down.

And cybercrime?

Not so much. With online crime it is much harder for the police to pursue a single perp. This has provoked a change in the way hi-tech crimes are tackled.

Now it is about infrastructure, not individuals.

"It's all part of a realisation among info-security workers and law enforcement that traditional ways of doing investigations have not been working," said Steve Santorelli from Team Cymru, a non-profit group that monitors the net seeking botnets and other criminal resources.

"The more traditional 'identify the bad guys, arrest them and lock them up' has been falling short," he said.

Server shutdown

Bureaucracy is part of the reason for this, said veteran computer security expert Chester Wisniewski from Sophos. Cross-continental co-operation between police forces has improved in recent years, he said, but the procedures required to mount international operations remain formidable.

Typically, he said, official requests for help between forces are done via a diplomatic agreement known as a Mutual Legal Assistance Treaty.

"The MALT process can take a year among friendly nations," he said. "So between nations that do not have the best relationship it might never happen."

MLATs are also not designed to handle the volumes of cases revealed by work to combat cross-border cybercrime. Instead, he said, it is meant for a few high profile cases.

Police forces have found other ways to collaborate internationally and this has prompted a change in tactics. Now, instead of going after the criminals they go after the servers and compromised computers used to carry out the crimes.

"You need to increase the cost of them doing business," said Mr Santorelli. Taking away servers, cutting off access to the armies of compromised PCs all makes it more troubling, and costly, for criminals to operate.

One large-scale effort to get at the criminal infrastructure is Europe's Advanced Cyber Defense Center (AC-DC).

Funded by the European Commission, this has led to the creation of call centers in nine European nations. These get information about infected machines from ISPs who tell customers to contact the call center to get help to clean up their compromised machines.

Removing machines from botnets is essential for a couple of reasons, said Peter Meyer, coordinator of the Center.

"If you just catch one guy and do not shut down the infrastructure then the next day there will be someone that takes it over," he said. "It's really important to shut down the command and control systems."

In addition, he said, removing that infrastructure forces criminals to recruit more machines thus soaking up their time and resources.

It's a big job, he said, because up to 5% of the computers on domestic ISPs are believed to be part of a criminal botnet.

As well as cleaning up machines, the initiative is also trying to help police forces.

"Law enforcement is really interested in getting a better picture because they are often not well-funded and we have data," he said. "The fight against cybercrime is not something one individual can win."

Knocked offline

The change in tactics has led to a flurry of raids. In early April, the FBI, Europol and the UK's National Crime Agency took action against the Beebone botnet. The forces seized web domains used by the botnet's owners to control the distributed system of infected machines. Knocking these out meant control of the botnet was taken away from its operators. It was one of a rash of raids carried out in 2014 and early 2015.

In mid-2014 a huge operation was mounted against the botnet Game-over Zeus that, by itself, was responsible for infecting millions of computers every year. It was also one of the main routes by which the notorious cryptolocker bug was spread. This malicious program encrypted data and demanded a ransom of 400 US dollars or euros within a short time limit or the scrambled data would be deleted.

The gang behind cryptolocker is believed to have made about $3m (£2m) via the ransom-ware. Seizing its infrastructure helped security experts decode cryptolocker and get at the keys it used to lock data away.

The operations against Beebone and Game-over Zeus took lots of time, planning and international co-operation. At other times, security firms have moved more quickly simply because the scale of the criminal activity demands it.

A case in point was the action that Cisco's Talos security team and Level 3 took against a cybercrime group known as SSH Psychos.

"The attacks they were carrying out were just so blatant and aggressive," said Craig Williams, technical head of the Talos team.

The Psychos were scanning the entire internet looking for Linux servers running the secure SSH protocol. Used properly it lets a server's owner log in securely to that machine even though they may be a long way away from it.

At its peak, the SSH Psycho scanning consumed more than one-third of all net traffic intended for servers capable of handling it.

On every server, the attack tried 300,000 common passwords in succession to see if any worked.

Some did and very quickly the Psychos had compromised about 1,000 machines.

Usually such attacks are much more stealthy, said Mr Williams, adding: "These guys didn't care they were being noticed."

In response, Level 3 and Cisco changed the way data from the attack was handled by net hardware they controlled. They essentially poured it into a virtual dustbin. This ended the scanning and stopped the password attacks. It got more even effective when some other large ISPs joined in.

How a sinkhole cuts off cyber crime

With a sinkhole, law enforcement attempts to cut the link between cyber-criminals and the computers they compromise.

Instead of hijacked PCs reporting in to the hi-tech criminals the data is diverted so it never reaches them. Instead it is analysed to help security firms tackle infections and make the business of cybercrime more expensive.

The Psychos responded and mounted an attack from elsewhere on the net. This too was poured into the trash can.

The tactic seems to have worked as the Psychos have not come back.

Not yet.

"I suspect they will move again," said Mr Williams. "And we can block them again."

Dale Drew from Level 3 said he hoped this action was the start of a broader effort by the security community to take on cyber-thieves.

"The security community spends a significant amount of time just observing when really we need to take action," he said. "We've got a real opportunity here to be more fluid and responsive than the bad guys."

Top 10 Hacker Movies you must see if you haven’t already!

10. Demon Seed (1977)

an organic super-computer — is being fed the sum of all human knowledge, from Chinese to cancer research. Rather unfortunately, the super-computer reaches sentience, and hacks into its creator’s computer- automated house where it develops an unhealthy interest in the scientist’s wife. What happens next is entirely beyond simple hacking, but this movie teaches you to worry about a future where computers can think and act for themselves.

9. Existenz (1999)

David Cronenberg’s 1999 sci-fi flick takes a characteristically messy, organic approach to hacking. eXistenZ is set in a computer game where people connect to using biological computers. Cue the usual Croenebergian sprays of body fluid and squelchy bits plus some cool innovations, like a gun (made out of biological components) that shoots teeth.

8. The Net (1995)

In The Net, Sandra Bullock plays Angela Bennett, a software engineer who has her identity stolen after a holiday gone wrong. It doesn’t help that she works from home and doesn’t have many friends — a peril we’re sure many hackers can empathise with. She’s chased across cyberspace by an evil group called the Praetorians — there’s a classical reference for you — and has to use her computer to defend herself. Gutsy stuff.

7. Sneakers (1992)

Robert Redford’s Marty Bishop leads a group of computer whiz kids who specialise in cryptography and computer security. After stealing a mysterious black box from some mysterious bad guys — who say they’re government agents, so Bishop’s conscience can be clear — he finds out the box is able to decode any encryption system in the world. Predictably, the bad guys are keen to get their hands on it. Cue intrigue.

6. Swordfish (2001)

Convicted hacker Stanley Jobson — Hugh Jackman at his finest — has the task of stealing $9.5 billion of government funds forgotten about after the aborted Operation Swordfish, and he’s being egged along by the ultra-suave Gabriel Shear (John Travolta, clearly playing himself). We don’t need to say much about Swordfish, apart from the fact that there’s a scene involving hacking on a computer with seven screens. Seven screens. You can’t get much more hacker-tastic than that.

5. WarGames (1983)

Budding hacker David finds a backdoor entrance into a giant military supercomputer mainframe and starts messing around. Nothing could go wrong, right? David plays against the computer in a game involving an — entirely theoretical, or so it seems — nuclear war between America and Russia. WarGames celebrates hacking — we think it’s required reading for any computer security enthusiast.

4. Takedown (2000)

Kevin David Mitnick is at present working as an american computer security consultant. This movie is about his life and how a hacker turned down into country computer security counselor. Just to add more into the surprise, when Kevin was arrested for his cyber-crime, he was in the list of most wanted cyber criminal.

3. Hackers (1995)

11-year-old Dade Murphy, otherwise known by his hacker alias ‘Zero Cool’, is arrested by the US Secret Service for writing a computer virus and banned from using a computer until his 18th birthday. When he hits 18 he’s back in action as ‘Crash Override’, and all hell breaks loose — the movie features a brilliant ten-minute sequence that spawned the unforgettable phrase “hack the Gibson”. Hackers, as the name suggests, is one of the best hacking movies out there. If you haven’t seen it, you’re missing out.

2. Tron(1982)

Years before the tepid Tron: Legacy, the original Tron was actually cool precisely because of its unintendedly naive originality. Times were better before Jeff Bridges played the biogital Dude whose son is thrown into a video game to fight for his life. Lightcycles, spinning discs and neon-lit worlds (shot on 70mm film) made this the iconic sci-fi classic it still is today.

1. The Matrix (1999)

The Matrix is a meta-hacking movie. The hackers, including Keanu Reeves’ Neo, live inside the world they’re hacking. The Matrix is a computer system that tricks humans into thinking they’re alive and well and enjoying their lives when they’re actually being fed on by machines in a dark, dystopian real world. With its punchy nu-metal-cum-heavy-metal soundtrack and leather-heavy costume department, The Matrix shows hackers as they’d love to be seen — ultra-cool and revolutionary.

0.Die Hard (2007)

When someone hacks into the computers at the FBI’s Cyber Crime Division; the Director decides to round up all the hackers who could have done this. When he’s told that because it’s the 4th of July most of their agents are not around so they might have trouble getting people to get the hackers. So he instructs them to get local PD’S to take care of it. And one of the cops they ask is John McClane who is tasked with bringing a hacker named Farrell to the FBI. But as soon as he gets there someone starts shooting at them. McClane manages to get them out but they’re still being pursued. And it’s just when McClane arrives in Washington that the whole system breaks down and chaos ensues.