Crime gangs unite to launch online attacks

Security specialists and law enforcement agencies will discuss how to tackle the rising tide of computer crime at today’s...

Security specialists and law enforcement agencies will discuss how to tackle the rising tide of computer crime at today’s National Hi-Tech Crime Unit conference

Crime syndicates across the world are banding together in informal alliances to hack into credit card databases, steal on-line banking details and extort businesses by threatening denial of service attacks, a senior detective will reveal today.

The National Hi-Tech Crime Unit has uncovered networks of criminals using internet relay chat services to co-ordinate attacks on businesses and home banking consumers, said Mick Deats, the unit’s acting head.

The internet has allowed the development of loosely organised networks of money laundering specialists, computer hackers and fences for stolen credit cards.

"It is tough to work out who is in charge and what effect you will have when you deal with them. It is much more difficult toinvestigate than the traditional organised crime structures," Deats said.

Investigations by the Hi-Tech Crime Unit into Russian groups responsible for denial of service attacks against online betting sites last year have shed new light on the way criminal hacking groups work.

Five people have been arrested so far following collaborative investigations by the Hi-Tech Crime Unit, Russian police, the FBI and private sector security specialists.

The investigations have revealed loose collaborative criminal networks, including groups selling the network services of tens of thousands of hacked PCs, known as bot networks, to other criminal groups to launch denial of service attacks.

"We have learned a great deal from our operations in Russia. We knew there were loose networks, but we did not understand the nature of the groups and how they related," said Deats.

The Hi-Tech Crime Unit, working with overseas law enforcement groups, has infiltrated the groups by tracking their activities on the internet and tracing the movements of laundered funds.

"International cooperation has moved on in leaps and bounds. You have to work really quickly because digital evidence is volatile. You cannot use the normal mutual legal assistance channels," said Deats.

Undercover chatroom work captures e-criminal

Investigative work by a US computer forensic specialist helped lead the National Hi-Tech Crime Unit and the FBI to a Russian gang responsible for launching denial of service attacks against online betting sites in a multimillion-pound extortion attempt last year.

Barrett Lyon, a specialist in preventing denial of service attacks, posed for months as a computer criminal to infiltrate a Russian crime syndicate which had brought down online gambling and retail sites.

His work helped detectives at the National Hi-Tech Crime Unit secure the arrest of a 21-year-old Russian mechanical engineering student Ivan Maksakov last year.

The investigation unravelled one of the most high-profile internet crime syndicates and set the scene for four further arrests, it emerged last week.

Lyon, now chief technology officer at Prolexic, which specialises in defending firms against denial of service attacks, used specially developed software to trace and monitor "bot nets" of hacked PCs used for the attacks.

"We located the bot nets because our systems took the attacks on behalf of customers. With all the information we gathered, we posed as bot nets ourselves," he said.

A breakthrough came when Lyon and his colleagues found details of the chat channel used by the gang hidden in bot net software downloaded from an infected machine. It emerged the gang was using internet relay chat to talk to each other and to control up to 80,000 bot nets.

"We were on the chatrooms where they were controlling the bots from, watching them talking about who they were going to attack next," he said.

Lyon posed as a hacker and, over the next few months, earned the trust of the criminals and built up a profile of them.

The gang remained out of reach until Maksakov made the mistake of logging into an internet chat session in March 2004 using his own IP address. Lyon traced Maksakov’s address and phone number in Russia and sent off an urgent e-mail to the Hi-Tech Crime Unit.

"Ivan was the name that was given to us via exe during ICQ chat. His last name, address and phone number are now known."

Cybercriminal caught in the chatroom

Some of the chatroom evidence collected for the case: 

>My name is Ivan
>I'm from Russia 
>For me it was easy. Just send a big ddos [denial of service attack]... then send an e-mail saying you are down if you want to be up again you have to pay 
>I got $5000 or $10,000 depending how big the site is 
>Then sometimes I get hired as a security expert to secure sites and leave holes so that other people can do the same thing and I get some of what they make hehehe.

Read more on IT risk management