Everyday, more and more tales and news stories about cybercrime and its' victims surface. As companies take more and more initiative to secure their servers and their clients it seems clear that enough still hasn't been done.
Not only that, but hackers seem to be getting better and better in exploiting the internet's vulnerabilities. In the wake of the Target store breach of customer metadata, one reporter from NPR decided to see how easy it was to commit these kind of attacks.
The reporter, Aarti Shahani, visited with former secret service agent Tom Pageler, who was part of the hidden community where cybercrime thrived. He showed her, step by step, how to carry out, and then turn a profit from committing a cyber attack, all at the comfort of a Starbucks drinking cappuccino.
First, he takes her to an underground tor network, which boasts complete anonymity while browsing. From there he took her to a website akin to Ebay, where users buy and sell stolen data. He explained to her that today happened to be a supersale on credit cards, meaning a large breach occurred recently. The prices of buying stolen data and credit cards depended on the banks' securities and the best return on fraud. Options were practically limitless.
Pageler also explained that specialized experience in the computer science field wasn't even needed to carry out cyber attacks. In fact, for a few hundred dollars you could buy all the components of your very own criminal kit. For 79$ USD you could buy a list of 10,000 emails which can be customized by a number of criteria. Spend 48$ USD more and the list of emails would be "cleaned," making sure they all worked. Then for 50$ USD you can buy keylogging malware, which once infected on a machine logs each and every keystroke. Lastly, a botnet, a vast network of computers under control of a botmaster, was needed to carefully conduct the attacks. Costs of a botnet went for as low as 16$ USD.
Botnets are an important part of a cyber criminals repertoire. They can consist of millions of computers, even our own, making it very hard to trace where the attack actually comes from. Once the botnet is setup, they send out mass amounts of emails whereupon on average five to ten percent infect themselves with malware. The malware, in the case of a keylogger program, searches for any kind of string that could be used as passwords and account info. From there bank accounts can be emptied and the money sent to overseas accounts or data can be in turn sold back onto websites like Pageler visited.
Incentives to join these type of underground communities would be high if the general public knew the statistics. Millions if not billions of dollars are stolen, all practically without risk of prosecution. For a small start up fee of a few hundred dollars, you can potentially be making hundreds of thousands of dollars through these avenues.
I am quite surprised and alarmed by the ease of committing cybercrimes. I always heard of these hidden communities that work towards these goals, but to hear it from someone who frequents them makes it seem all the more unbelievable. Vast amounts of our data is already compromised. I've received malicious emails before, does that mean I am part of some list handed around each time someone pays 79$? It almost is scary to think of the access to the world's businesses some of these people must have. It also makes me think how easy it would be to do something like this and potentially make more money than I would in most careers. Honestly, it almost makes me want to do it! What holds me in check however, is the realization that these deals are at the expense of somebody else. I suppose that is what capitalism boils down to anyway in this country, but this way of doing it seems wrong to me. I'm beginning to develop an interest in these stories, and with security becoming more and more relevant in the technology sector today, I can see myself battling these cyber criminals one day.
Related Article: Risk Is Low And Business Is Booming In The Malware Market
No comments:
Post a Comment