A new post from security blogger Brian Krebs has focused attention on a growing trend in the cybercrime underground: cooperation. It’s not like regular organized crime, in which physically localized gangs can dominate a local underworld, but a crowd-based system of skills-sharing that could end up being far, far more dangerous.
The post focuses on the now-defunct Enigma hacking forum, which served as a good example of the sorts of activities Krebs warns about. The forum allowed would-be attackers to post some specific detail of the attack they want to complete — say, they need to get through the security on a particular brand and model of router. If the forum’s user base had someone with the required skills, access, or connections, then an ad-hoc cybercrime team can be created.
Each sub-step in an overall data breach can thus be assembled a la carte, spanning national borders and socio-economic barriers. With the impersonal, distributed nature of these forums, a hacker in China might buy his way through a barrier by enlisting the services of a Spanish teenager, who is herself using a piece of software purchased from an American off of servers run out of South America.
This not only makes cyber crime incredibly hard to track both before and after the fact, but it also means that a much higher proportion of would-be attackers have access to the full spectrum of personnel necessary to safely complete an operation. This means that more “ops” are likely to actually begin, and more of those that do begin and likely to succeed.
Most alarmingly, one of the core skillets being sought by pure hackers is more classical intelligence gathering, the ability to collect personal information about someone either in person or over the web. One hacker can enlist the services of another to dig into a target’s life and come back with bait needed to turn a transparent phishing attack into a devious spear-phishing attack. It’s the difference between getting an email from a Nigerian prince, and seemingly from your cousin Sally — someone who is already supposed to be emailing you right around that time, anyway. Spear-phishing has been the original point of ingress in some of the biggest hacks ever, and these sorts of criminal networks make them far easier to complete.
This world of clandestine activity is worthwhile for anyone who works in the shadows — criminal or otherwise. Krebs recounts the story of an Enigma user commonly referred to as The Samurai, who users had colloquially agreed was probably a Chinese government agent. The Samurai was interested in buying any and all large dumps of stolen information — any information — and he would pay immediately without haggling over prices. In the criminal underworld, that means he’s almost certainly making purchases with somebody else’s money — like, for instance, that of the People’s Republic.
Nobody, not even those who sold such information to The Samurai, know for sure who or where he is, which is of course the point. These markets offer a way for “state actors” to easily outsource their clandestine attacks on a country to that country’s own criminal elements, insulating themselves from danger. A different hacker forum, called The Gentleman’s Club, had a post about an attack on Ashley Madison three weeks before the AM hack hit the papers — is it related, or a pure coincidence?
Nobody knows. But as high-profile data breaches dominate the news with greater and greater frequency, the question will be pressing. Can we really stop hackers, if they ever fully embrace the power of well-funded crowd-sourcing?
Once again, nobody really knows for sure.
Wonderful article posted at http://www.extremetech.com/internet/214873-get-ready-for-organized-cybercrime