Security specialists and law enforcement agencies will
discuss how to tackle the rising tide of computer crime at today’s
National Hi-Tech Crime Unit conference
Crime syndicates across the world are banding together in
informal alliances to hack into credit card databases, steal
on-line banking details and extort businesses by threatening denial
of service attacks, a senior detective will reveal today.
The National Hi-Tech Crime Unit has uncovered networks of
criminals using internet relay chat services to co-ordinate attacks
on businesses and home banking consumers, said Mick Deats, the
unit’s acting head.
The internet has allowed the development of loosely organised
networks of money laundering specialists, computer hackers and
fences for stolen credit cards.
"It is tough to work out who is in charge and what effect you
will have when you deal with them. It is much more difficult
toinvestigate than the traditional organised crime structures,"
Deats said.
Investigations by the Hi-Tech Crime Unit into Russian groups
responsible for denial of service attacks against online betting
sites last year have shed new light on the way criminal hacking
groups work.
Five people have been arrested so far following collaborative
investigations by the Hi-Tech Crime Unit, Russian police, the FBI
and private sector security specialists.
The investigations have revealed loose collaborative criminal
networks, including groups selling the network services of tens of
thousands of hacked PCs, known as bot networks, to other criminal
groups to launch denial of service attacks.
"We have learned a great deal from our operations in Russia. We
knew there were loose networks, but we did not understand the
nature of the groups and how they related," said Deats.
The Hi-Tech Crime Unit, working with overseas law enforcement
groups, has infiltrated the groups by tracking their activities on
the internet and tracing the movements of laundered funds.
"International cooperation has moved on in leaps and bounds. You
have to work really quickly because digital evidence is volatile.
You cannot use the normal mutual legal assistance channels," said
Deats.
Undercover chatroom work captures
e-criminal
Investigative work by a US computer forensic specialist helped
lead the National Hi-Tech Crime Unit and the FBI to a Russian gang
responsible for launching denial of service attacks against online
betting sites in a multimillion-pound extortion attempt last
year.
Barrett Lyon, a specialist in preventing denial of service
attacks, posed for months as a computer criminal to infiltrate a
Russian crime syndicate which had brought down online gambling and
retail sites.
His work helped detectives at the National Hi-Tech Crime Unit
secure the arrest of a 21-year-old Russian mechanical engineering
student Ivan Maksakov last year.
The investigation unravelled one of the most high-profile
internet crime syndicates and set the scene for four further
arrests, it emerged last week.
Lyon, now chief technology officer at Prolexic, which
specialises in defending firms against denial of service attacks,
used specially developed software to trace and monitor "bot nets"
of hacked PCs used for the attacks.
"We located the bot nets because our systems took the attacks on
behalf of customers. With all the information we gathered, we posed
as bot nets ourselves," he said.
A breakthrough came when Lyon and his colleagues found details
of the chat channel used by the gang hidden in bot net software
downloaded from an infected machine. It emerged the gang was using
internet relay chat to talk to each other and to control up to
80,000 bot nets.
"We were on the chatrooms where they were controlling the bots
from, watching them talking about who they were going to attack
next," he said.
Lyon posed as a hacker and, over the next few months, earned the
trust of the criminals and built up a profile of them.
The gang remained out of reach until Maksakov made the mistake
of logging into an internet chat session in March 2004 using his
own IP address. Lyon traced Maksakov’s address and phone number in
Russia and sent off an urgent e-mail to the Hi-Tech Crime Unit.
"Ivan was the name that was given to us via exe during ICQ chat.
His last name, address and phone number are now known."
Cybercriminal caught in the chatroom
Some of the chatroom evidence collected for the case:
>My name is Ivan
>I'm from Russia
>For me it was easy. Just send a big ddos [denial of service
attack]... then send an e-mail saying you are down if you want to
be up again you have to pay
>I got $5000 or $10,000 depending how big the site is
>Then sometimes I get hired as a security expert to secure sites
and leave holes so that other people can do the same thing and I
get some of what they make hehehe.