|
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] Following the Money
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
Tracking cybercriminals often involves reverse engineering malicious code from infected computers, which allows investigators to figure out the server bots report to, and who issues commands via that server. It's never a simple process because those servers could be overseas, or criminals could use methods to disguise themselves.
But since most cybercrime is financially motivated, following the money is a popular way to track down perpetrators, says Ramyar Tabatabaian, supervisory special agent at the FBI's Los Angeles office. Bank-account-stealing Trojans, for example, sit dormant on a computer until a specific activity awakens them, such as a user visiting a bank's Web site. The Trojan piggybacks on that session, captures passwords and other confidential information and sends it to a central server. The stolen credentials are used to drain money out of accounts, and the money is sometimes funneled to people recruited to temporarily accept money into their bank accounts before wiring it overseas.
"That's always our first stop," Tabatabaian says of the hired help, whom security intelligence firm iDefense calls "money mules."
Money mules launder money for criminals who profit from stolen credit cards or other financial accounts, and are trying to evade law enforcement, says Ken Dunham, iDefense rapid response director. Typically, the job is advertised on a seemingly legitimate Web site or as "private financial receiver," "shipping manager," or "money transfer ...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
agent." The young, naïve, or desperate tend to fall for the scheme, he says.
The mules, usually recruited in the U.S., U.K. and Australia, receive direct-deposit payments to their personal accounts that are in the same country as the victim. They withdraw the cash, keep a percentage and send the rest via wire transfer to an overseas account.
Dunham says there isn't much public information available about these money-mule operations, but he cites a case in Australia where more than 60 people were arrested last year for allegedly laundering money to accounts in Russia as part of a global phishing operation.
Once money goes overseas, the FBI works with foreign law enforcement to track down suspects, and has had success in Russia, Romania and elsewhere. The agency has 53 offices overseas that act as liaisons to foreign law enforcement.
--MARCIA SAVAGE
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]
"What hackers are realizing is that there are so many ways to get information out of an enterprise. As people get wise to them, hackers are adapting," says Richard Bejtlich, a former captain for the Air Force CERT team and founder of consultancy TaoSecurity. He cautions businesses to focus on egress filtering as a means to monitor packets that leave your network. "Pay attention to what is leaving your company," Bejtlich says.
Hackers are also attacking defensive technologies, specifically antivirus and antispyware, rendering them inoperable or blind to the presence of malware. They're also toying with custom-packing algorithms to foil reverse-engineering attempts by researchers, Skoudis says. Some researchers report having to wade through two dozen different custom-packing algorithms before they're able to determine the intentions behind a piece of malicious code. Precious time is lost while enterprise exposure to exploits grows.
Some malware is sensitive to what debuggers are running on a system and will shut down. Other code is sensitive to whether it's running on a virtual machine and--in another attempt to frustrate researchers--will behave differently or shut down.
It's not all about bits and bytes for hackers. As derided as reformed hacker Kevin Mitnick often is in security circles, his work on social engineering has probably never been more relevant. Attacks are more targeted than ever with hackers zeroing in on handpicked companies, divisions within corporations, even specific people.
"There's a greater level of intelligence-gathering in place," says Al Huger, senior director of engineering for Symantec Security Response. "It's not just port-scanning activity. Hackers are spending more time on newsgroups, finding employees who post, finding out their interests. It's very canny and successful."
Huger relayed an anecdote about a bank's security officer who was phished by a hacker posing as a customer whose account was broken into after visiting a malicious site. The hacker e-mailed the malicious URL in question, which the security officer followed. The site exploited an unpublished browser flaw, and the bank was backdoored. For six months, the hacker stole VPN and database passwords. "As far as we know, this was a binary attack," Huger says. "It has never been seen anywhere else, and it was targeted at that one person."
"Small cells of hackers are doing this for big business," says Eric Cole, network security expert, author of Hackers Beware and coauthor of Network Security Bible. "This information and data sells for a lot of money. Hackers focus their energy and reconnaissance on pharmaceuticals, financial institutions and government agencies. The competition will pay a lot of money for that. It sounds like Hollywood stuff, but I see this happening. It amazes me more people are not aware of it."
|
 |
|
