Ken Dunham, you could say, spends his life peeking at the bowels of the Internet.
As director of the Rapid Response Team at VeriSign-owned iDefense, of Dulles, Va., Dunham and his team of malware hunters infiltrate black hat hacker forums, chat rooms and newsgroups, posing as online criminals to gather intelligence on the dramatic rise in rootkits, Trojans and botnets.
Based on all the evidence gathered over the last two years, Dunham is convinced that groups of well-organized mobsters have taken control of a global billion-dollar crime network powered by skillful hackers and money mules targeting known software security weaknesses.
“Theres a well-developed criminal underground market thats connected to the mafia in Russia and Web gangs and loosely affiliated mob groups around the world. Theyre all involved in this explosion of phishing and online crime activity,” Dunham said in an interview with eWEEK.
Just two years after the Secret Service claimed a major success with “Operation Firewall,” an undercover investigation that led to the arrest of 28 suspects accused of identity theft, computer fraud, credit card fraud and money laundering, security researchers say the mobsters are back, with a level of sophistication and brazenness that is “frightening and surreal.”
“They never really went away,” Dunham said. “They scurried away for a few months and tightened their security controls. It became harder to get on their lists and into their chat rooms.”
Not these days. A law enforcement official familiar with several ongoing investigations showed eWEEK screenshots of active Web sites hawking credit card numbers, Social Security numbers, PayPal and eBay credentials, and bank login data by the bulk.
“Theyre very public about all this, especially on the Russian sites. Its almost comical how open and barefaced they are,” said the official, who requested anonymity because of the sensitive nature of the ongoing probe.
Black hat hackers have set up e-commerce sites offering private exploits capable of evading anti-virus scanners. An e-mail advertisement intercepted by researchers contained an offer to infect computers for use in botnets at $25 per 10,000 hijacked PCs.
Skilled hackers in Eastern Europe, Asia and Latin America are selling zero-day exploits on Internet forums where moderators even test the validity of the code against anti-virus software.
“I saw one case where an undetectable Trojan was offered for sale and the buyers were debating whether it was worth the price. They were doing competitive testing to ensure it actually worked as advertised,” said Jim Melnick, a member of Dunhams team.
“We even have proof of actual job listings on Russian-language sites offering lucrative pay for coders who can create exploits and launch denial-of-service attacks. Weve seen evidence of skilled hackers stealing corporate data on behalf of competitors. This isnt just about credit card and bank information. It has all the elements on traditional mafia-type crime,” Melnick said.
Roger Thompson, a computer security pioneer who created the first Australian anti-virus company in the late 1980s, is convinced the secretive Russian mafia is masterminding the use of sophisticated rootkits in botnet-seeding Trojans.
“They are paying to recruit bright young hackers and using teenage kids around the world to move money around. Theyre into everything: spyware installations, denial-of-service shakedowns, you name it. Its the traditional mafia finding it easy to make money on the Internet,” said Thompson, who now runs Exploit Prevention Labs, in Atlanta.
