How to hack guide

Cyber criminals are not after the notoriety anymore, they are business men or women just like in the “real” world and networking is helping them become stronger. The internet is increasingly becoming a lucrative platform for illegal business ventures. Raimund Genes, CTO of anti-malware at Trend Micro has an explanation of how these ventures could be set up.

The preparation

A successful business venture usually starts with finding malware that is difficult to detect. Rootkits would serve this purpose quite conveniently. They are programmes designed to take fundamental control over a computer – without the owner’s authorisation. The next step would be to identify the best transport mechanism for the malware to reach someone’s computer. A botnet, that sends spam before particular occasions to get higher traction (e.g. before Valentine’s Day or Easter) can serve as the source.

The collaboration

Following a classic case of partnership forming, cyber criminals then co-work with other groups of hackers to trade malicious code, deploy sweatshops where people crack captcha[1] codes or work with internet experts to find high profile pages into which to integrate malicious code.

The scenario could be to pay a hacker to target specific sites with a certain malware selected beforehand. Examples where this already happened is the attack on the Monster website and/or stolen TK Maxx data.

Show me the money

After the headstone is laid, the cyber criminal would then set up a command and control centre where phished credit card detail collection can take place. The last step is to find and select money mules that can take the money to other countries within the cyber-crime network. After the tracks of the cyber criminals and their money are covered, the only thing left is for the criminals to count the profits made.

“This is a completely standard cyber criminal commercial business”, says Raimund Genes, CTO at Trend Micro. “The spammers even have their own trade associations. Ready-made tools for creating phishing e-mails, such as fake requests for bank details, are fairly easy to buy on the underground market, with many independent vendors trading them.”