SlideShare a Scribd company logo

Dc214 sn orgcrime (1)

Download as PPT, PDF
K
Khushi Angle

This document discusses organized cybercrime groups and their tactics. It outlines several major players in organized cybercrime including former Soviet military, the Russian mafia, professional hackers, spammers, and traditional mafia groups. It then describes some of the common tools used like botnets, phishing, and targeted viruses. It provides examples of precision tactics carried out by these groups against individuals at hotels and offices. Finally, it includes an "Examples" section that lists pricing for exploits, infected computer lists, credit cards, and salaries of hackers working for cybercriminal groups.

1 of 29
Organized CybercrimeOrganized Cybercrime Simple NomadSimple Nomad nnomadomad mmobileobile rresearchesearch ccentreentre
“With just a few keystrokes, cybercriminals around the world can disrupt our economy.” - Ralph Basham, Director of the U.S. Secret Service at RSA 2005. “With just a few keystrokes, pundits can disrupt our freedoms.” - Daaih Liuh, NMRC, 2005 “With just a few keystrokes, I can turn those pundits off and watch porn instead.” – jrandom, NMRC, 2005
OutlineOutline • The Players • The Weapons • Precision Tactics • Examples
The PlayersThe Players
The PlayersThe Players • Former Soviet Military • Russian Mafia • Professional Hackers • Spammers • Traditional Mafia • Basic Cybercrime Organizations
Former Soviet Military • Military industrial complex in Soviet Russia was even more corrupt than their USA counterparts • With the collapse of communism, many upper military personnel in Russia had few skills that paid well – Good at money laundering – Good at moving goods across borders – Connections with international crime
Russian Mafia Sergei Mikhailov, head of the Moscow-based Solntsevskaya Organization, with 5000+ members worldwide. Starting with extortion, counterfeiting, drug trafficking, and blackmail, his own organization eventually graduated to arms dealing, money laundering, and infiltration of government and legitimate business. Mikhailov’s Solntsevskaya Organization owns banks, casinos, car dealerships, and even an airport. Solntsevskaya is believed to be behind many cyber-related online crime ventures.
Russian Mafia Dolgopruadnanskaya is the second-largest gang operating out of Russia. They are considered ruthless and also are believed to be behind numerous current cybercrime activities, in addition to numerous other standard criminal ventures. They are believed to be behind a rash of bank robberies conducted over the Internet in 2001 against banks using vulnerable Windows NT web servers.
Russian Mafia • Cybercrime elements are considered “divisions” – The actual hackers themselves are kept compartmentalized • Due to protection from a corrupt Russian government, most “big cases” do not net the big players, e.g. Operation Firewall • There are thousands of organized crime gangs operating out of Russia, although most are not involved in cybercrime. • When new hacking talent is needed, they will force hackers to work for them (or kill them and/or their families)
Professional Hackers • Paid per the job, usually flat rates • State-side hackers can earn up to $200K a year • The work is usually writing tools for others to use, developing/finding new exploits, and coding up malware • Occasionally they will do a black bag job, but these are rare, unless they are simply looking for “loot” on easy targets
Spammers • They earn millions per year selling their direct mail services • They are not picky and do not consider the person doing the selling is committing fraud, including the Russia Mafia • After years of jumping from ISP to ISP, it is much easier to lease “capacity” from hacker botnets or develop their own • They are the main employer of professional hackers
Traditional Mafia • They are currently leaving most of the “work” to others • Online ventures are sticking close to such things as pr0n, online gambling, etc • They are taking advantage of technology, using computers heavily, and using reliable encryption
Basic Cybercrime Organizations • Fluid and change members frequently • Will form and disband on a “per project” basis • Rife with amateurs, take a lot of risk considering the small payoffs • Although the most troublesome, they are considered the bottom feeders – Think criminal script kiddies – This is usually who the Feds get, not the big guys
The WeaponsThe Weapons
The WeaponsThe Weapons • Botnets – Average size is 5000 computers, some have been as large as 500,000 computers – New command and control software allows botnet capacity leasing of subsections of the botnet • Phishing – You guys *do* know what phishing is, right? • Targeted Viruses – Used to create quick one-time-use botnets – Also used when specifically targeting a single site or organization • The usual Internet attack tools – Metasploit, etc
Precision TacticsPrecision Tactics
Precision Tactics - HotelPrecision Tactics - Hotel • Hacking the PC in the hotel room – Can do remote – Will check into the same hotel as target if need be – Will resort to wiretaps, closed circuit video cameras, and other physical penetration attempts • Known times when the target is out of the room are especially dangerous – Speakers and trainers are especially vulnerable, since they have to be in their talks, other do not • Law enforcement regularly bugs hotel rooms at security conferences – Hotels (especially Vegas, Atlantic City) will comply to avoid LE looking at their computers • Organized crime outfits *do* attend conferences
Precision Tactics – Office • Posing as regular office personnel • Planting network-based or hardware-based sniffing devices • Conventional listening devices (bugs) are not uncommon
Precision Tactics – Infiltration • Will pose as script kiddies, and “gain skills” fairly quickly, rising in status in various IRC channels • Will join and form hacking groups • Will direct attacks for the group to perform, usually directing blame toward the kiddies rather than themselves • This is not a new technique – it is in use today by some governments, most notably French Intelligence
ExamplesExamples
Examples – Internet Black Market Pricing Guide • Exploit code for known flaw - $100-$500 if no exploit code exists – Price drops to $0 after exploit code is “public” • Exploit code for unknown flaw - $1000-$5000 – Buyers include iDefense, Russian Mafia, Chinese and French governments, etc • List of 5000 IP addresses of computers infected with spyware/trojan for remote control - $150-$500 • List of 1000 working credit card numbers - $500-$5000 – Price has increased since Operation Firewall • Annual salary of a top-end skilled black hat hacker working for spammers - $100K-$200K
Q & AQ & A
FinFin Images © 2005 NMRC www.nmrc.org

Recommended

Dc214 sn orgcrime
Dc214 sn orgcrimeDc214 sn orgcrime
Dc214 sn orgcrime
Deviprasad Goenka Management College of Media Studies
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Hardik Kakadiya
 
Cyber war or business as usual
Cyber war or business as usualCyber war or business as usual
Cyber war or business as usual
EnclaveSecurity
 
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Trend Micro
 
About cyber war
About cyber warAbout cyber war
About cyber war
eugenvaleriu
 
Sans Fire09 Pedro Bueno Rev1
Sans Fire09 Pedro Bueno Rev1Sans Fire09 Pedro Bueno Rev1
Sans Fire09 Pedro Bueno Rev1
pedrobueno
 
Jameel Nabbo Cyber Security conference
Jameel Nabbo Cyber Security conference Jameel Nabbo Cyber Security conference
Jameel Nabbo Cyber Security conference
Jameel Nabbo
 
How Much is My Information Worth on the Dark Web?
How Much is My Information Worth on the Dark Web?How Much is My Information Worth on the Dark Web?
How Much is My Information Worth on the Dark Web?
Mark Fisher
 

Recommended

Dc214 sn orgcrime
Dc214 sn orgcrimeDc214 sn orgcrime
Dc214 sn orgcrime
Deviprasad Goenka Management College of Media Studies
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Hardik Kakadiya
 
Cyber war or business as usual
Cyber war or business as usualCyber war or business as usual
Cyber war or business as usual
EnclaveSecurity
 
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Dark Web Impact on Hidden Services in the Tor-based Criminal Ecosystem Dr.
Trend Micro
 
About cyber war
About cyber warAbout cyber war
About cyber war
eugenvaleriu
 
Sans Fire09 Pedro Bueno Rev1
Sans Fire09 Pedro Bueno Rev1Sans Fire09 Pedro Bueno Rev1
Sans Fire09 Pedro Bueno Rev1
pedrobueno
 
Jameel Nabbo Cyber Security conference
Jameel Nabbo Cyber Security conference Jameel Nabbo Cyber Security conference
Jameel Nabbo Cyber Security conference
Jameel Nabbo
 
How Much is My Information Worth on the Dark Web?
How Much is My Information Worth on the Dark Web?How Much is My Information Worth on the Dark Web?
How Much is My Information Worth on the Dark Web?
Mark Fisher
 
I2P and the Dark Web
I2P and the Dark WebI2P and the Dark Web
I2P and the Dark Web
John Liu
 
kevin's powerpoint chapt 6
kevin's powerpoint chapt 6kevin's powerpoint chapt 6
kevin's powerpoint chapt 6
kkajairo
 
10 types of_hackers
10 types of_hackers10 types of_hackers
10 types of_hackers
Christian Sales
 
Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)
Marco Balduzzi
 
Dark Web and Threat Intelligence
Dark Web and Threat IntelligenceDark Web and Threat Intelligence
Dark Web and Threat Intelligence
Marlabs
 
The Darknet Emerges
The Darknet EmergesThe Darknet Emerges
The Darknet Emerges
Andrew Delamarter
 
Research in the deep web
Research in the deep webResearch in the deep web
Research in the deep web
Seth Porter, MA, MLIS
 
Guide to dark web
Guide to dark webGuide to dark web
Guide to dark web
Jspider - Noida
 
Deep Dark Web - How to get inside?
Deep Dark Web - How to get inside?Deep Dark Web - How to get inside?
Deep Dark Web - How to get inside?
Anshu Prateek
 
Hacking
HackingHacking
Hacking
kill4love
 
Deep web
Deep webDeep web
Deep web
V C
 
The Dark Net
The Dark NetThe Dark Net
The Dark Net
Manabu Kobayashi
 
Introduction To Dark Web
Introduction To Dark WebIntroduction To Dark Web
Introduction To Dark Web
Adityakumar Yadav
 
The Dark Web
The Dark WebThe Dark Web
The Dark Web
Suraj Jaundoo
 
Deep and Dark Web
Deep and Dark WebDeep and Dark Web
Deep and Dark Web
Md. Nazmus Shakib Robin
 
The Dark side of the Web
The Dark side of the WebThe Dark side of the Web
The Dark side of the Web
Paula Ripoll Cacho
 
Deepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchaDeepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar ancha
vinod kumar
 
Deepweb darknet mansukhani
Deepweb darknet mansukhaniDeepweb darknet mansukhani
Deepweb darknet mansukhani
Jack Mansukhani
 
Deep web
Deep webDeep web
Deep web
Chamod Thanthiriwaththage
 
The Deep and Dark Web
The Deep and Dark WebThe Deep and Dark Web
The Deep and Dark Web
Swecha | స్వేచ్ఛ
 
Hackers Cracker Network Intruder
Hackers Cracker Network IntruderHackers Cracker Network Intruder
Hackers Cracker Network Intruder
Erdo Deshiant Garnaby
 
How to become Hackers .
How to become Hackers .How to become Hackers .
How to become Hackers .
Greater Noida Institute Of Technology
 

More Related Content

What's hot

I2P and the Dark Web
I2P and the Dark WebI2P and the Dark Web
I2P and the Dark Web
John Liu
 
kevin's powerpoint chapt 6
kevin's powerpoint chapt 6kevin's powerpoint chapt 6
kevin's powerpoint chapt 6
kkajairo
 
10 types of_hackers
10 types of_hackers10 types of_hackers
10 types of_hackers
Christian Sales
 
Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)
Marco Balduzzi
 
Dark Web and Threat Intelligence
Dark Web and Threat IntelligenceDark Web and Threat Intelligence
Dark Web and Threat Intelligence
Marlabs
 
The Darknet Emerges
The Darknet EmergesThe Darknet Emerges
The Darknet Emerges
Andrew Delamarter
 
Research in the deep web
Research in the deep webResearch in the deep web
Research in the deep web
Seth Porter, MA, MLIS
 
Guide to dark web
Guide to dark webGuide to dark web
Guide to dark web
Jspider - Noida
 
Deep Dark Web - How to get inside?
Deep Dark Web - How to get inside?Deep Dark Web - How to get inside?
Deep Dark Web - How to get inside?
Anshu Prateek
 
Hacking
HackingHacking
Hacking
kill4love
 
Deep web
Deep webDeep web
Deep web
V C
 
The Dark Net
The Dark NetThe Dark Net
The Dark Net
Manabu Kobayashi
 
Introduction To Dark Web
Introduction To Dark WebIntroduction To Dark Web
Introduction To Dark Web
Adityakumar Yadav
 
The Dark Web
The Dark WebThe Dark Web
The Dark Web
Suraj Jaundoo
 
Deep and Dark Web
Deep and Dark WebDeep and Dark Web
Deep and Dark Web
Md. Nazmus Shakib Robin
 
The Dark side of the Web
The Dark side of the WebThe Dark side of the Web
The Dark side of the Web
Paula Ripoll Cacho
 
Deepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchaDeepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar ancha
vinod kumar
 
Deepweb darknet mansukhani
Deepweb darknet mansukhaniDeepweb darknet mansukhani
Deepweb darknet mansukhani
Jack Mansukhani
 
Deep web
Deep webDeep web
Deep web
Chamod Thanthiriwaththage
 
The Deep and Dark Web
The Deep and Dark WebThe Deep and Dark Web
The Deep and Dark Web
Swecha | స్వేచ్ఛ
 

What's hot (20)

I2P and the Dark Web
I2P and the Dark WebI2P and the Dark Web
I2P and the Dark Web
 
kevin's powerpoint chapt 6
kevin's powerpoint chapt 6kevin's powerpoint chapt 6
kevin's powerpoint chapt 6
 
10 types of_hackers
10 types of_hackers10 types of_hackers
10 types of_hackers
 
Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)
 
Dark Web and Threat Intelligence
Dark Web and Threat IntelligenceDark Web and Threat Intelligence
Dark Web and Threat Intelligence
 
The Darknet Emerges
The Darknet EmergesThe Darknet Emerges
The Darknet Emerges
 
Research in the deep web
Research in the deep webResearch in the deep web
Research in the deep web
 
Guide to dark web
Guide to dark webGuide to dark web
Guide to dark web
 
Deep Dark Web - How to get inside?
Deep Dark Web - How to get inside?Deep Dark Web - How to get inside?
Deep Dark Web - How to get inside?
 
Hacking
HackingHacking
Hacking
 
Deep web
Deep webDeep web
Deep web
 
The Dark Net
The Dark NetThe Dark Net
The Dark Net
 
Introduction To Dark Web
Introduction To Dark WebIntroduction To Dark Web
Introduction To Dark Web
 
The Dark Web
The Dark WebThe Dark Web
The Dark Web
 
Deep and Dark Web
Deep and Dark WebDeep and Dark Web
Deep and Dark Web
 
The Dark side of the Web
The Dark side of the WebThe Dark side of the Web
The Dark side of the Web
 
Deepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar anchaDeepweb and darkweb vinodkumar ancha
Deepweb and darkweb vinodkumar ancha
 
Deepweb darknet mansukhani
Deepweb darknet mansukhaniDeepweb darknet mansukhani
Deepweb darknet mansukhani
 
Deep web
Deep webDeep web
Deep web
 
The Deep and Dark Web
The Deep and Dark WebThe Deep and Dark Web
The Deep and Dark Web
 

Similar to Dc214 sn orgcrime (1)

Hackers Cracker Network Intruder
Hackers Cracker Network IntruderHackers Cracker Network Intruder
Hackers Cracker Network Intruder
Erdo Deshiant Garnaby
 
How to become Hackers .
How to become Hackers .How to become Hackers .
How to become Hackers .
Greater Noida Institute Of Technology
 
Hackers
HackersHackers
Hackers
Mohamed Boudchiche
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
Vibrant Event
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
Vibrant Event
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer SecurityEthical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
Vibrant Technologies & Computers
 
Computer Security
Computer SecurityComputer Security
Computer Security
Greater Noida Institute Of Technology
 
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysisnullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
n|u - The Open Security Community
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
b coatesworth
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation
sweetpeace1
 
What is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniquesWhat is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniques
Klaus Drosch
 
All about Hacking
All about HackingAll about Hacking
All about Hacking
Madhusudhan G
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012
inf8nity
 
م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...
م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...
م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...
Egyptian Engineers Association
 
CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?
RONIKMEHRA
 
Introduction to hackers
Introduction to hackersIntroduction to hackers
Introduction to hackers
Harsh Sharma
 
History and future cybercrime
History and future cybercrimeHistory and future cybercrime
History and future cybercrime
Online
 
hacking
hackinghacking
hacking
mayank1293
 
External threats-to-information-system
External threats-to-information-systemExternal threats-to-information-system
External threats-to-information-system
Souman Guha
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
Jose L. Quiñones-Borrero
 

Similar to Dc214 sn orgcrime (1) (20)

Hackers Cracker Network Intruder
Hackers Cracker Network IntruderHackers Cracker Network Intruder
Hackers Cracker Network Intruder
 
How to become Hackers .
How to become Hackers .How to become Hackers .
How to become Hackers .
 
Hackers
HackersHackers
Hackers
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer SecurityEthical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysisnullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation
 
What is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniquesWhat is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniques
 
All about Hacking
All about HackingAll about Hacking
All about Hacking
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012
 
م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...
م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...
م.50-مبادرة#تواصل_تطوير-م.أشرف صلاح الدين إبراهيم-كيف تبقى آمناً وتحمى معلوما...
 
CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?
 
Introduction to hackers
Introduction to hackersIntroduction to hackers
Introduction to hackers
 
History and future cybercrime
History and future cybercrimeHistory and future cybercrime
History and future cybercrime
 
hacking
hackinghacking
hacking
 
External threats-to-information-system
External threats-to-information-systemExternal threats-to-information-system
External threats-to-information-system
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
 

Dc214 sn orgcrime (1)

  • 1. Organized CybercrimeOrganized Cybercrime Simple NomadSimple Nomad nnomadomad mmobileobile rresearchesearch ccentreentre
  • 2. “With just a few keystrokes, cybercriminals around the world can disrupt our economy.” - Ralph Basham, Director of the U.S. Secret Service at RSA 2005. “With just a few keystrokes, pundits can disrupt our freedoms.” - Daaih Liuh, NMRC, 2005 “With just a few keystrokes, I can turn those pundits off and watch porn instead.” – jrandom, NMRC, 2005
  • 3. OutlineOutline • The Players • The Weapons • Precision Tactics • Examples
  • 5. The PlayersThe Players • Former Soviet Military • Russian Mafia • Professional Hackers • Spammers • Traditional Mafia • Basic Cybercrime Organizations
  • 6. Former Soviet Military • Military industrial complex in Soviet Russia was even more corrupt than their USA counterparts • With the collapse of communism, many upper military personnel in Russia had few skills that paid well – Good at money laundering – Good at moving goods across borders – Connections with international crime
  • 7. Russian Mafia Sergei Mikhailov, head of the Moscow-based Solntsevskaya Organization, with 5000+ members worldwide. Starting with extortion, counterfeiting, drug trafficking, and blackmail, his own organization eventually graduated to arms dealing, money laundering, and infiltration of government and legitimate business. Mikhailov’s Solntsevskaya Organization owns banks, casinos, car dealerships, and even an airport. Solntsevskaya is believed to be behind many cyber-related online crime ventures.
  • 8. Russian Mafia Dolgopruadnanskaya is the second-largest gang operating out of Russia. They are considered ruthless and also are believed to be behind numerous current cybercrime activities, in addition to numerous other standard criminal ventures. They are believed to be behind a rash of bank robberies conducted over the Internet in 2001 against banks using vulnerable Windows NT web servers.
  • 9. Russian Mafia • Cybercrime elements are considered “divisions” – The actual hackers themselves are kept compartmentalized • Due to protection from a corrupt Russian government, most “big cases” do not net the big players, e.g. Operation Firewall • There are thousands of organized crime gangs operating out of Russia, although most are not involved in cybercrime. • When new hacking talent is needed, they will force hackers to work for them (or kill them and/or their families)
  • 10. Professional Hackers • Paid per the job, usually flat rates • State-side hackers can earn up to $200K a year • The work is usually writing tools for others to use, developing/finding new exploits, and coding up malware • Occasionally they will do a black bag job, but these are rare, unless they are simply looking for “loot” on easy targets
  • 11. Spammers • They earn millions per year selling their direct mail services • They are not picky and do not consider the person doing the selling is committing fraud, including the Russia Mafia • After years of jumping from ISP to ISP, it is much easier to lease “capacity” from hacker botnets or develop their own • They are the main employer of professional hackers
  • 12. Traditional Mafia • They are currently leaving most of the “work” to others • Online ventures are sticking close to such things as pr0n, online gambling, etc • They are taking advantage of technology, using computers heavily, and using reliable encryption
  • 13. Basic Cybercrime Organizations • Fluid and change members frequently • Will form and disband on a “per project” basis • Rife with amateurs, take a lot of risk considering the small payoffs • Although the most troublesome, they are considered the bottom feeders – Think criminal script kiddies – This is usually who the Feds get, not the big guys
  • 15. The WeaponsThe Weapons • Botnets – Average size is 5000 computers, some have been as large as 500,000 computers – New command and control software allows botnet capacity leasing of subsections of the botnet • Phishing – You guys *do* know what phishing is, right? • Targeted Viruses – Used to create quick one-time-use botnets – Also used when specifically targeting a single site or organization • The usual Internet attack tools – Metasploit, etc
  • 17. Precision Tactics - HotelPrecision Tactics - Hotel • Hacking the PC in the hotel room – Can do remote – Will check into the same hotel as target if need be – Will resort to wiretaps, closed circuit video cameras, and other physical penetration attempts • Known times when the target is out of the room are especially dangerous – Speakers and trainers are especially vulnerable, since they have to be in their talks, other do not • Law enforcement regularly bugs hotel rooms at security conferences – Hotels (especially Vegas, Atlantic City) will comply to avoid LE looking at their computers • Organized crime outfits *do* attend conferences
  • 18. Precision Tactics – Office • Posing as regular office personnel • Planting network-based or hardware-based sniffing devices • Conventional listening devices (bugs) are not uncommon
  • 19. Precision Tactics – Infiltration • Will pose as script kiddies, and “gain skills” fairly quickly, rising in status in various IRC channels • Will join and form hacking groups • Will direct attacks for the group to perform, usually directing blame toward the kiddies rather than themselves • This is not a new technique – it is in use today by some governments, most notably French Intelligence
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27. Examples – Internet Black Market Pricing Guide • Exploit code for known flaw - $100-$500 if no exploit code exists – Price drops to $0 after exploit code is “public” • Exploit code for unknown flaw - $1000-$5000 – Buyers include iDefense, Russian Mafia, Chinese and French governments, etc • List of 5000 IP addresses of computers infected with spyware/trojan for remote control - $150-$500 • List of 1000 working credit card numbers - $500-$5000 – Price has increased since Operation Firewall • Annual salary of a top-end skilled black hat hacker working for spammers - $100K-$200K
  • 28. Q & AQ & A
  • 29. FinFin Images © 2005 NMRC www.nmrc.org