Just occasionally on the cybercrime front some of the observations and research can herald good news or at least raise a wry smile. It would appear if we adjoin a few recent news items together, with some supplementary fresh intelligence, we appear to be seeing the outbreak of a civil war between core elements of the Russian cyber criminal fraternity over the last couple of months.
To begin with all should read a great article by Dancho Danchev “Help! Someone Hijacked my 100k+ Zeus Botnet!” http://ddanchev.blogspot.com/2009/02/help-someone-hijacked-my-100k-zeus.html here Dancho shows an extract from a Russian hacker’s forum where a bot-herder is appealing for help to further secure the ad
ministration panel on his Zeus botnet C&C (command and control), after the hacker had his 100,000 zombie PC based botnet hijacked by other cyber criminals. Ironically we should note, it is not only legitimate software that needs regular upgrades. Ongoing vulnerabilities on crimeware exploitation kits and botnet control software require that cyber criminals have to be wary of using outdated software as well.
The inestimable Brian Krebs of the Washington Post in two related articles “When Cyber Criminals Eat Their Own” http://voices.washingtonpost.com/securityfix/2009/01/does_profit_trump_nationalism.html and “From (& To) Russia, With Love” http://voices.washingtonpost.com/securityfix/2009/03/from_to_russia_with_love.html
further demonstrates that although many cyber criminals wisely avoid infecting or stealing from their own hence refusing to pay affiliates for Russian or CIS traffic, e.g. cybercrime affiliate sites such as "installscash.com". Also shown earlier on Internet Evolution with the earlier version of the Conficker worm not infecting any PC using a Ukrainian keyboard, however this is changing with for example the country most infected with the Zeus keylogger malware is now Russia, http://www.internetevolution.com/author.asp?section_id=717&doc_id=172406& . In Brian’s second article he describes how 45 recent major and hitherto unreported major DDOS (Direct Denial of Service) attacks were against Russian targets and even some Russian government agencies and banks are now deeply compromised.
So the intriguing question who is hijacking / attacking who and why? Well a few theories here:
(a) The FSB Cyber Warriors – a few whispers have been heard that indicate some of this is the work of the infamous semi-nationalized cybercrime group(s) provided with immunity by Russian intelligence i.e. FSB or in this case FAPSI. Although mostly utilized for external cyberwar activities such as Estonia and Georgia, and Western governmental hacks, but now being increasingly utilized for maintaining internal cyber order and to protect governmental communications.
(b) CIA or Chinese Cyber Warriors - A couple of hopeful suggestions heard from the “tin-foil hat” quarter that External intelligence forces in conjunction with hired white hat vigilantes have finally caught up with opposition cyber criminal technology. Unfortunately wishful thinking, but there have been many rumors for some time within Chinese hacking circles, that the time has come for some revenge action, due to consistent and erroneous blame being put against the Chinese government for some recent hacks of Western defense centers, and Russian cybercriminal use of core Chinese Internet servers.
(c) Organized crime in-fighting – From some recent IRC and other communication sources, it does appear this is the most likely. As certain gangs such as Tambov its derivatives and others, have garnered significant governmental influence and of course money from organized cybercrime, other gangs have been marginalized, and losing out. For those non-Russian readers interested in this area do read “Darkness at Dawn” By David Satter, where he shows Russia as a country impoverished and controlled at every level by organized crime.
Whatever theory you choose as most likely, perhaps we have to raise the flag of Internet neutrality, to help safeguard the rights of the cybercrime independents and smaller organized crime gangs? Hence: “So guys, we are here as the community to help you fight for your rights against the increasingly state sponsored cybercrime machine, and whatever you do, upgrade your crimeware before you too get hijacked”
|< Prev||Next >|
Recent Articles by Jart Armin :
World Hosts Report - March 2013HostExploit is pleased to present the March 2013 World Hosts Report, in collaboration...
White Paper: The New gTLDs – Security by DesignCyberDefcon has released a new white paper, The New gTLDs – Security...
Familiar Hosts & Open ResolversHostExploit is pleased to present the Q3 2012 World Hosts Report, in collaboration...