|
|
|
RSA: The Elusive Structure of the Cyber-criminal Economy
By: Brian Prince
2009-04-23
Article Rating: / 6
There are 0 user comments on this Network Security & Hardware story.
At the RSA Conference in San Francisco, security researchers outlined the underground economy for cyber-crooks. The black market for stolen data is thriving in an increasingly sophisticated and compartmentalized landscape.As it turns out, stealing credentials is actually the easy part of cyber-theft. The hard part is using them to pilfer bank accounts.
Fortunately for phishers, they have no shortage of help in that regard. This ecosystem of hackers, malware writers and money mules was on full display at this weeks RSA Conference, where researchers described an increasingly compartmentalized hacker underground where thieves can buy subscriptions to online fraud services.
As soon as you pay for the subscription, your Trojan will start being distributed, you will have access to all these machines, [and] you will have access to all of the credentialsbank credentials and credit cardsthat are being collected by the Trojan you are distributing. But you dont have to do anything, explained Uri Rivner, head of new technologies for RSA Consumer Solutions in EMCs RSA security division.
Subscriptions can cost $300 a month, he said. Renting out networks of compromised computers can cost as little as $23 for 1,000 bots, Rivner said. However, that price wont buy an attacker a monopoly.
If you have a Trojan and you want this computer to be infected with your Trojan, you want only your Trojan to be on this computer because you dont want to compete with the other fraudsters on the same resource, he told eWEEK. So if you want an exclusive, it costs you much more because they cant sell your computer to other bad guys.
In his session, titled "How to Become a Successful Online Fraudster," Rivner painted a picture of an increasingly compartmentalized hacker underground. On one end are "harvester fraudsters" who steal information. On the other end are what Rivner calls the "cash-out fraudsters," who are in charge of recruiting and managing money mules who accept stolen funds into their accounts before transferring it as part of money laundering schemes. Sometimes, the mules dont know that they are part of an illegal operation and are lured by promises of part-time work. Keeping mules is much harder than recruiting them, Rivner said, because as soon as the money is tracked to them, they come under the scrutiny of banks.
When it comes to malware, attackers can purchase Trojans such as Limbo and Zeus for their schemes. High-end Trojans like the infamous however Sinowal are not on the open market.
The prevalence of stolen data has actually at times led to a commodization of certain information, such as credit cards. In a report last year, security vendor Finjan reported that the price of credit card and bank account numbers once valued at a $100 each or more had dropped to as little as $10 to $20 apiece. While vendors at this years RSA show spoke often of the importance of interoperability and cross-vendor cooperation, attackers are beating that drum as well.
Theyre definitely working together a lot more than they might have in years past, said Joe Stewart, director of malware research at SecureWorks. Its a whole economy. So much of it is turnkey nowget your own botnet.
|
|
�������xks8(y\5�9;N1Eڎ4%[rey-%LU*$)KR̞�ϗΟ8t�M�J%�Ė�ht7�F��?{{~$rhiOH1�%3�TI}"I�~x�h#(7`Z)_rdx�BԲ|W�R�#YĮtj�5����{#|6�%?w *s�R{��wɔiPW�ل^ߗ͙6Q/?1
�Lbh�q٤XC#�: rWü#~hzN<�)�Ǣu)p#sP @|2c�ַ8>v@?�V�9AÙML}!
{:|DJK$�!1QbD/wгƏ{/�PQ~�jX�Z��Y~�4�
"�X'�[v�b�BP�#"F��τ]ͻ�`$aPr&Nww#205b )�V�,"&�3ýȱ�:s��x08JeJ-jfL�o�Vs7-âZPb�٥v'Y̮g��f�VҘ�g�E)�"t'lni_�Wם~�ڧ'ם�wfٚY�J��d�T�Y1�LUYsYڟ:>gg�:�Q��ڟm3H/k��lxmķaf; d�P[w8LwZ|()_�~jN�d�[W�O.:$'MT[�{A���x훨-4Kۗ9K
}1x�yp-? ,�_�� f��k��7
JFo 3NE ;��@9�]fC�t�-Mf�#d��h��&ͻz��h-
@ho�*K�j�Lru&@Sk~�$M�5ņ]�)!edF-�ĿI�K
_VPB�5)\Dh+�ԌTwPH7#DD� v2#~�B(��pHq��> z%�E1\S4�ipq��]7Du..*s5-wnx�Tw9qn�>^[ջS7߷aUb}ƺƻ���EhYf7-$��ꨦV+�2,ՎKbP)��b�(7Z`Lm�,��5,L�tͭ ï`6 i��vڌzh3�Ϩagfۉ9~��4$�ࠡM��/6G˥qn�>5 @�
L��^0i�|�V83�5Cuӹݰ�=��W�ԇ9[ϩ`�I��E�6�&6��P6}l2��w�9;-L&w&�0`D+л#i`y1�&���բ� !Tgxhs��-w= }
�o ���iL�L<�ģ\>Ԇ.q<ɜ+)
��%P cRR,HH�t�"AђF��*�4� �gs�X"C"''Aw�w$]KI+\fD8�nO�u$]8�g��ڹLX.QY,p[/ �͙JRdYU Q="`&�Qea*0pRx5Vn/jc٦By^�Y$.O�Y��JA=���E^?u�w2M��ұǞ�}�2`�!�1 7R�'>�~Xz�/���M݄�Is¦uS�+WUPÃ"`"+42[�m�̞�w(Vf;\X䞅ʁZ¿Jʳ"�#��P3�>ťp(m�tf�й+>q^v.iC@ӬXK�uooZ�I��ۥa]hk%�\<��7�Bj^¢ym<2�D֑X`9HM^0+e�zd(�e6LF%���jCF�96s?(\T4)Ȕe�8jA�aV*<>kp�X"@�@�7w
�R&a+\ڨ`OS�i9��Ezڽu@nZcw@>`3�ǟG�RlC28c"(6E�TXfRJMQWL�-F ���f`�ǂ �K ؈ޣȁUraX3ŅbiQ?k/){eS�\Hq6Ϯm �V�Uu�>8`C�L�mRǦE}B5ߴ��ӞWH>Z3^ClX)��1I 6�D�ȸau-`by��;gS�]WָqH8CL)i����@:*#�ç�T�c"D�ki_�����.{sz�>S?؉ ܕV�����R53gdZlrKx8�J�rEm�l{��J)SLZ�06AaѥO副^�txO�F�M@X��3$�/Pk
0!/�Pb)& SVb\FL�s�X��~1EP-I�G��z-X]>L, ��~?DNS}O=.C+DÜU^f�x�.$jXUcrxɡV�\=.)j�8+|%ZA~~Qe��t4R�:9tc~y890N_o�>4z�xp87���`3�|x+푹ߙ#[W`ea�SƘ=H�`�S� �+R?͑<]I0�K1SlcSxt$�b*��ZAU�[�+[3]>�F����]h���C\4�<�}o�S�4�pf
mWq>[J�ZJwg 唟`�Zp[zGs�8-"��,re=QeTVQqi?r;d跸2]
Q�|`̌��؇^gm/JzX+*5"�KAG�^320"#�;�wF�!bVS_C.q�=:(T\�7gmE{H^ac7U�[@o�F)�-�ӫe�4
"#ΤMnU)XW>��N�A7--."JL7Ϧ<�s�;D< Ur=_-ϼ�;BN�7x^ox��PE�m/POﺢDX0�d&�T~�#\yY�Rfl|g^a+w]>�Se>c'ßa�ƚAFp52A]��D wl>s7ѹtNsl �E?9dN u3��U�sf>���LV|%`�?��ML��Uh-[J_�kA~�f:X)c=+ͦ'0R TQԀO>�O3(~�}$DC9ku�A�aRTX�]\HMX�JP/YT^v`i&x9Ll5�Ll�'P`�R(S&"L]8�Tf<^��ΈۋC9537~@�f@�-�P5^IW�:.k��y*6�a2I4D*kni���a
�F*͐[YQa'\$X+JJYt�>80xn�D N��WQqT2N GYdI.��|akJZ]�fs��0q�fq^3.��319owޟ���{>{q O4
8&u.[�1Uɇ-moc0.[-2�m&A)��h�㮍o>{%��b{l:k�m}6�#4�-o�d�hhIo0u�n}R|I}ڻ]SzsٖX�+ �7�E�BV�ç<�uxi)q��o2�Y�G3pXc?$]w�^C��һn9`LBX5c5ɅHgZK⪲�=C٠k<
xy~ïn-�,d"0�KL($��0�±��H��R
~tDӿh~Nku�؋^s �m ���
,)�(+RJ)"4FYO |�Zu3���_f|�Rt<~Ur;Pעo)MJ!}J_cNf4��~ ɮP=8,lrh%縵vR.��0?x�Ծ6��j?&i^�;�Í7��6��"TS�8LMàv)fTD�،)~�[ħ{�,�/䎱����R�1GT�$�0m2결t]$�<1ON)tJȓ$�E�=�)�I"8IUF4A2�uIH?�Md�4XPW
Pق��'59ܻ8�^]߹m|d<�q=ͷ�v"ϓ{~�\[5("�Ә ucA�I��eNx>HАݙ�-p溟8#M�LwF�FC\f/$v/; ?--8cP�X�Sω%٘&B�EW�5ln$r�YpJe_.SǔW>��@ƽ�b]0d&'zvA�Js[gȞ�x~K7�bR�R?�C�?�|}&
�~W*];PI9w뻿~=Ҳ(�r_&ZDNqw5Q {qI%.x}�?.J`\T�y^�Av��`�#B�"fFc�8EE[o\f�mef7cA!{� Rb'�O�;ƛƑ��i���l&s�$�;grЇ
1? l�;�o�Vp�N
Ϧv_ O��%�FJM�c-ێ��!e_�к õcV:���/!ʫIVܱ�S,*ߞ�1;o+N{kE�|;̔-u�\ kMU_s
1� |kM%�%&p$~��M{fr+��(?���ܻ'Vx�e86[b[05| LcKG#�'s�fdM%3R*�DI=/z�b�N/^uɏ�]8O<õK�`�08`�xK"�RT{�e³F}�G�bⱕdxi4豊N?7^�W`y�ӉI!.}�xbkӿ=ZKv|�3>b�8�
<ޘ��~,>p
_Uto<5Nx/K/*I�&t�>�㽄��W�r���[Lx�'�ȂG��p�q�[`yʐ��`�0uS8ҷq构e9'��-DL�te�te\
s/
�b& uC�]@-��rF;>6|p4u�b")Rl}� �ގ�eFy�SYngUYT0�h�~
d�b�wҔh�<{i"S$J]y�G@�7J!Ɛ^Ar�j*q��nbR*��g7\9I� HuDvL}2�h�
<�:Fv~��}Y��MkO\�#$L�qZNZ:
W��l,:�q��-��/_G[�5�ƆeY`@剭��^1�O"戉w�V)"o�r&ge,�*EPo+G)
׳n]w˚�?~���L4w j?pܗ�fKab��4]{|��pX�`�6�"�B^H�>{ȑL Z�į@;t}�WR7`d(R{<7>ꋳ5幹0)Cu|>FR!'}3!{���T.�J@x�$��-����m1ۋ+$ճx.]� [3l�+PL�4h$ѐD3_�1j@/}t%\KG8غ5?Ѻ_J0i.�}6C�
��b��� Y�x>ߒسmE^q�"}�q�O{oGV-T%-^\�0z
3%�P9;�#^woF0�,�2mȭ�x^6�TBQRrIŹ fa�O"Rvmc$�H�^pH�08$C���Hocv$Azةa �ӻ�I@_03~!�yI'�Me@#;�*D2�T ̥3�M[&^�xK`fI]�Kz5a�<�$�$� vI'9awV3_ɾ�Bj=Jg�X!߽߽߽߽߽qmR~k5�
�95�b0O:��7G,`B�G�`���"h�a�F��+ҧ�$S�xK]C�a�R-Q*.˥>&w�Fr�� ��(x&!,
#�Ǝ/Ss]@1P�&V+A͂ ؿ�XRzx��kGG=}[*gS�j|5O2c1C��[×`�0x�%Q̯���o]7P!C7+_ߘYHS�&ƫyKL?И6"�L8�=B�6��a`�6;mc�H�:/|�R�h�5ǭ7͒N�X��q�qوvR&�$ �� /E{=qwZ$Sw{c7^ߛ&8"mn.̒7`H�����!>V7�\د4J,3aAr,|��BsXZf3aP˷U|7?uo`yS-?e{k�3q"�#w^/���+lyث_/�kf jU.��Do;�o�/5Osc�6��hMP!J*kf50��R_tymF$%�?۾�c+@m� �U->Nŋj{OsA*췱gyΜ;mV)j;1�selj�`l~�J���ZR�5yV$��3"*ΘhVd9P2]aD�Ko�\dh1RW�~"~�g �*�'y{Ld��b,nww".J�������~6տ4,\�<��\πTnUw=jh�DJۤJd�m^XOhwW;ڻ�hZ+)0�ӆUϒ ��Z囬]s§�{|[��\�q':Rg�rY-�kTۚg=��K5ÒǠ?%Hq-�>v"A9bm31�vN��0�m��˖C0Uzp}
ړ+f��NvqO��XC�@W�ݥD}+i!G�, l6�P�W�Dڭ6-Sݽ"%&hP�jߙcG _vRm{ι=�}/z{a̒�.��Yq(Մlk[s!ۅ]�a�
Rt
3�}$皭٦ve�t KuSi�?R)!l%:*
<7"гaܳVܞVk�Dž#Q�r#ֿ�$|͈Vs�%
ti*T~�ɃB�!1
\�TcЭ�B)˪M;InP}wY?e=`
�'�34/x߽[!ʃZ+=Nl~'�&C*�2�;m�K�(B't�Mx;�7W0�O�I�}dX8T��D~�N�d�>�M��x\Lґ!7��m;Ai��\Ixc#�k ��`:do��
�VIz# ,@��Eꊍ\D��Q��oB�p4|8CsA.7`оU #�yљ6 ��ޜ�<3qw�̖~=�E`Qx�S}j�}& 'l�I<�RJ'_@1�J� Q7 CAt(.�(�� o�I�[P�,(�!��T)%D7U�I8�F���-eƒp`"(S[��]ă0}Lo�fqP/nF 33�f;.
l9�:W��1�&F��}�2�[7g��ΥiCV<& .ycI�� �^yN4xX\ !�ݯ6�ݩ2���{x�C�bwT�IhR
tX(9CȮ�K�ƊRN/|i'Чx7,4+2Vq�L�z%rEeW0`A='92fg44\�K�Ŵ�$͈u0!XF39]&9nIIs5.Iw��_QvB|ڻ|ֹl_]w.��܄G_�meR0mw�5efvʜPδ�eL4�"G}ɂw�]%�}Q�X\�mԙ�_?>b�D(/pY
Q��JNa`W?z
uW�r�:�j:ٙ%o&&:42;%���uR��\&7�b�Q߾h�Hﲝk&5+ۼ�v(��22ʯz}i�8Qރ^F9r`}y�hjgB3Y�}�3�?/?�Vie�~�?ӹ(�;����埡���fF7c|nF���͠o�͠O��]n�^f�(?A2ʻP(�K����z_z�
*?3�g�g�7?�?�}OP)�)~2w�7Y7�{�d�wɹN2!(ofY
�No\�8'�\$_��YWAa uyQ~��R�~v�X^eйR5
Я!��w2~2A\Zu
CFWT=k */dm4Zk8VӮnq_l(Σ�_xi� �+I<"x��ǹW4<< X)rnm=|6��bZ�z5⣭A{-ЧF��Fo"9�ţ*aѡ�']n$mnD8�_V;/a�o�Akx.,wj9sC@y=y
�ra��?fu|qf+6�c*Tw�-Ûbœj@@rvol1L�fRjx��sg'4WB&*�Up6�n:8Y0:q��M�hu߰ r:'쭰F����|m)b,3�u�'sE5�>1<(��ޕ̤O\<���^&z}+0H$=Cf�K�q�݉DAGR(�~Q�~Ղ[#rF33��1&.&b3@tgQl)VxRBZZ9=v��ļ�Kl�n ӧR۞,���`'/2^�;'���π��8>eC[gI2T~{F=*P�=eZPO;=�n"�,ݤd/+2b%�vl=�HYUҎZ?B���^!#R.ܐO�ߦ "_S a�niy㲁e":�`3
h�9�v�sYT:+�DEPޙikx�Ǔ�i�UhHl;�=@S�O~j^O(Coݒ��\�k<>a�iЀΧ^p穎T��U|�Al>cx �i�lޢƄJu!A]�=_�v{[>/'R`s¥"UXJM���X,8.� k4⿵�Qh~0��r"#�<[_ڵlAt�[�] E
�h�eӕx�" 7]!Kb� Cc]R>L�n2?Jb�@�Jr�� >D7#Ttw
�%`GY�U`+r��-E6<=܈x?ƽfb@JY˳��sLN5�$*lr=V*.uf��6��v�QmQ-নN�?X70(|W|gy-®"�vyX�@cb3,$Il}MX�<ٰ���^|&Ǹ[�0tcz�^=W-I>2��e�pCikZK�0Dq]�
�XǢȖWqTR:!�;
/����k`4bOP��1,F,�o�ԛ'T�S*�4.v>ϝ?^9?r�Ϣq9uGgc"aZ!%ӫrX�ul�#�"|f`*�H%hw2b5�9#ʧ=I�~p��v1,#6x�N�|]t1^��b!gˁtv.>�Jzfk�`�g~vX�vQ��JeVju.'+e={`7v r9̳���`b�hPjQWԊZM�Gv���b$-�U.P�vᷮ�g۲M�)
d.%r�R�K+EiQm&'
Cfane߄;l| �n%96L]_�[�
P��:,��
|
Network Security & Hardware 
