[Dshield] MyDoom-A/B and Organized Crime

Jon R. Kibler Jon.Kibler at aset.com
Mon Feb 9 20:08:15 GMT 2004


John Hardin wrote:
> 
> On Sun, 2004-02-08 at 06:40, Erwin Van de Velde wrote:
> 
> > I don't think organized crime is involved as the worm doesn't do that much
> > damage...
> 
> What profit motive exists for OC to damage systems vs. stealthily take
> control of them? If damage were a part of the worm it would be an
> indicator *against* OC involvement, unless it were also a precisely
> targeted attack (e.g. take out a business that competes with one they
> control).
> 
I agree 110% with John. OC is clearly involved in such activities. It looks like something the Russian Mob is really getting deeply involved with. From our experience, almost all spam sent today via criminal means (hijacked computers) is sent with criminal intent (theft, fraud, etc.).
<SNIP>

> > I also do not know why someone would pay much for a virus as MyDoom, as no one
> > has any gain of it.
> 
> I would say there is considerable gain for most anyone in having remote
> control of a few million Internet-connected computers.

There is some hacker in Poland that claims to "own" a half-million hijacked system and will lease them to anyone for any purpose. (I posted a link regarding this a few months ago.)

OC is openly advertising for programmers with security expertise (how to crack windows, etc.) and knowledge of virus writing for 6-figure jobs in Costa Rica, the Bahamas, Antigua, etc. They are clearly paying big $$ for viruses that they can use to exploit systems.

I should also add, that since the first of the year, we have been seeing about 2 or 3 new spam organizations per week begin operations offshore -- all thanks to the new US Anti-Spam laws. (Congress never learns... they caused the same thing to happen with Internet gambling.) Before the first of they year, there was maybe 1 or 2 new N.A.-based offshore spam organizations per year!

> 
> > I think that organized crime would use hackers and virus writers for two
> > purposes: hacking into one specific system and taking down the internet.
> 
> How would taking down the Internet profit them? Give me a reasonable
> scenario and I will agree.
> 
> There is no centralized body anybody could blackmail with <voice
> effect="SPECTRE Number 1"> "...We demand $100 million in flawless
> diamonds or the Internet goes *poof*". </voice>
> 
> However, taking certain specific entities off the net could work for
> targeted blackmail, for example, DDoS'ing Ameritrade or E*Trade might be
> worth a few $million. To do that sort of thing you'd probably need a lot
> of Internet connected systems under your control...

There have been many documented cases in Europe of OC DDOS-ing a major company and then demanding protection money to prevent that from happening again -- high-tech "insurance racket." (I posted a link on this a few months back.)

> 
> > That are two actions by which they have a gain: getting information or
> > altering data and demonstrating there powers (think of 9/11 on the
> > internet).
> 
> OC != terrorists. They have no political motivation. In fact, I would
> expect they rather try to *avoid* the limelight, where terrorists seek
> it out.
> 
> OC is, essentially, a business, interested in profit, but without the
> ethics or desire to remain within the law that keeps other, legitimate
> businesses from doing exactly the same thing.
> 

There have been several cases in our local area where someone had their computer hacked, financial information discovered, and bank and retirement accounts emptied. (Plus, you have no legal recourse or protection against such thefts in most jurisdictions.) Clearly OC -- and in most cases, traceable to the Russian mob.

In addition to spamming, OC regularly hijacks computers, installs web servers, and sets up pay-for-access web sites on these hijacked systems.

Anyone who has a computer connected to the Internet via broadband and thinks they are "safe" is only fooling themselves.

--
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the list mailing list