Some people believe people behind Cyber Crime are disgruntled teenage hackers looking to cause chaos for fun. In some cases that may be however the majority of Cyber Crime is performed by well-funded organized criminals. Yes, I’m talking about the godfather like people who robbed banks and distributed narcotics on the street corner prior to the computer age. Organized crime realized it’s faster to automate an attack against millions of virtual targets rather than physically deal with criminal activity. Who is really behind Cyber Crime and how do they operate? Lets take at look at a case study of popups to understand the Cyber Crime organization.
Cyber criminals behind popups can for the most part be looked at as two separate groups. The first group is the well-funded mafia. They develop fake Viagra as well as other illegal narcotics. The second group is the hackers. They identify ways to compromise systems and take advantage of people’s data. The Mafia utilizes hackers to push people to their products. They offer attractive compensation packages to hackers who can capture large audiences through automated attacks. Studies show organized crime may pay a hacker a portion of sales every week tax-free. A working vulnerability could compromise millions of systems in a short time which having a small percent of that number could quickly add up to large profits for all criminal parties.
A study by the Cisco IronPort tested this concept by ordering Viagra from a phony pharmacy. The team identified the phony pharmacy by clicking a popup from a botnet and ordered Viagra like a standard customer. They called a support line to test customer service, which was polite and extremely helpful. After a few days, a package showed up containing a Russian coupon magazine. Viagra was taped to a page inside the magazine. This is how the drugs were being smuggled passed customs. After testing, the IronPort team found the Viagra to be 110% legit including a logo stamped on each pill. The team received a follow up call asking about the quality of the product and if more was desired. The overall experience was receiving a better product than commercial stores at half the cost.
The IronPort team visited the mailing address of the phony pharmacy and found an abandoned building. When they reversed engineered the advertisement popup, they identified a botnet advertising for spamit.com. Research reveled spamit.com as a criminal entity paying hackers to advertise the phony pharmacy by any means. This picture shows a spamit payment system compensating for purchases led through spam. The image below was captured by the IronPort team while posing as a hacker looking to advertise through spamit.com.
Cyber Crime is an organized business and winning the war against security professionals. Cyber criminals have more funding and less restrictions than companies developing solutions to stop them. Cyber criminals have research and development laboratories that purchase and dissect the solutions we use to prevent them from breaching our systems. Cyber Crime pays a lot more than legit organizations, which means they have first class talent. Cyber Crime is automated and criminal activity is performed across boarders through Zombie systems hiding the creators. Who is attacking you? It’s not zero cool from the movie “hackers”, it’s the Corleone crime family from The Godfather.