Computers, networks and theft.Computers have become an integral part of our lives. Every day more and more users and organizations use them to store data which is a type of property. Although most people take great care of their physical property, this is often not the case where virtual property is concerned. The majority of users are still oblivious to the fact that someone somewhere may be interested in what they are doing. They still believe that there is nothing on their computers that is of value to cybercriminals and that they are invulnerable in·vul·ner·a·ble adj. 1. Immune to attack; impregnable. 2. Impossible to damage, injure, or wound. [French invulnérable, from Old French, from Latin to malware. This article takes a look at the issue from the other side i.e. from the cyber (1) From "cybernetics," it is a prefix attached to everyday words to add a computer, electronic or online connotation. The term is similar to "virtual," but the latter is used more frequently. See virtual. criminals' point of view. Cybercrime cybercrime also known as computer crime Any use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy. has evolved considerably over the past few years with new technologies being created and applied. As a result, cybercrime is no longer committed by individual amateurs; it's become a lucrative business run by highly organized groups. It's been variously estimated that during 2005 cyber criminals made from tens to hundreds of billions of dollars, a sum that far exceeds the revenue of the entire antivirus industry. Of course, not all this money was "earned" by attacking users and organizations, but such attacks account for a significant proportion of cyber criminals' income. In this two part report, the first part will examine attacks on users and the second part will discuss attacks on organizations. This first part includes an analysis of what kind of virtual property is attractive to cyber criminals and what methods are used to obtain user data. Theft What is Stolen So what kind of virtual property is of interest to a cyber thief? A study of malicious programs conducted by Kaspersky Lab Kaspersky Lab is a computer security company, co-founded by Natalia Kaspersky and Eugene Kaspersky in 1997, offering antivirus, anti-spyware, anti-spam, and anti-intrusion products. virus analysts shows that four types of virtual property are most often stolen. It should be stressed that cyber scammers do not limit themselves to stealing the information listed below. Information most frequently stolen from users includes: * data needed to access a range of financial services The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. (online banking, card services The software support for PC Cards. PC Card applications talk to Card Services. See PC Card. , e-money), online auction sites such as eBay, etc.; * Instant messaging Exchanging text messages in real time between two or more people logged into a particular instant messaging (IM) service. Instant messaging is more interactive than e-mail because messages are sent immediately, whereas e-mail messages can be queued up in a mail server for seconds or (IM) and website passwords * Passwords to mailboxes linked to ICQ ("I Seek You") A conferencing program for the Internet from Mirabilis, Tel Aviv, Israel (www.icq.com). It provides interactive chat, e-mail and file transfer and can alert you when someone on your predefined list has also come online. accounts, as well as all email addresses See Internet address. found on the computer; * Passwords to online games, the most popular of which are Legend of Mir, Gamania, Lineage and World of Warcraft “WoW” redirects here. For other uses, see Wow.  Editing of this page by unregistered or newly registered users is currently disabled due to vandalism. .
If you store any of the information above on your machine, then your data is of interest to cybercriminals. We'll take a look at why such data is stolen and what happens to it once it has been stolen later in this article (Dealing in Stolen Goods). The following section provides an overview of how the information is stolen. How it's Stolen In most cases, cyber criminals use dedicated malicious programs or social engineering methods to steal data. A combination of the two methods may be used for increased effectiveness. Let's start by taking a look at malicious programs which are designed to spy on users' actions (e.g. to record all keys pressed by the user) or to search for certain data in user files or the system registry. The data collected by such malicious programs is eventually sent to the author or user of the malicious program, who can then, of course, do what s/he wants with the information. Kaspersky Lab classifies such programs as Trojan-Spy or Trojan-PSW. The graph above shows the increase in the number of modifications in this category. Spy programs arrive on victim machines in a number of ways: when the user visits a malicious website, via email, via online chat, via message boards, via instant messaging programs etc. In most cases, social engineering methods are used in addition to malicious programs so that users behave as cyber criminals want them to. One example is one of the variants of Trojan-PSW.Win32.LdPinch, a common Trojan that steals passwords to instant messaging applications, mailboxes, FTP FTP in full file transfer protocol Internet protocol that allows a computer to send files to or receive files from another computer. Like many Internet resources, FTP works by means of a client-server architecture; the user runs client software to connect to resources and other information. After making its way onto the computer, the malicious program sends messages such as: "Take a look at this <link to malicious program> Great stuff :-) Most recipients click on the link and launch the Trojan. This is due to the fact that most people trust messages sent by ICQ, and don't doubt that the link was sent by a friend. And this is how the Trojan spreads - after infecting your friend's computer, the Trojan will send itself on to all addresses in your friend's contact list, and at the same time will be delivering stolen data to its author. One particular cause for concern is that nowadays even inexperienced virus writers can write such programs and use them in combination with social engineering methods. Below is an example: a program written by someone who is not very proficient in English--Trojan-Spy.Win32.Agent.ih. When launched, the Trojan causes the dialogue window shown below to be displayed. The user is asked to pay just $1 for Internet services - a classic case of social engineering: * The user is given no time to consider the matter; payment must be made the day the user sees the message * The user is asked to pay a very small sum (in this case $1). This significantly increases the number of people who will pay. Few people will make the effort to try and get additional information if they are only asked for one dollar; * Deception is used to motivate the user to pay: in this case, the user is told that Internet access See how to access the Internet. will be cut off unless payment is made; * In order to minimize suspicion, the message appears to come from the ISP's administrators. The user is expected to think that it is the administrators which have written a program via which payment can be made in order to save users time and effort. Additionally, it would be logical for the ISP (1) See in-system programmable. (2) (Internet Service Provider) An organization that provides access to the Internet. Connection to the user is provided via dial-up, ISDN, cable, DSL and T1/T3 lines. to know the user's email address. The first thing that the program does is leave the user with no choice but to enter his/ her credit card data. As no other option is available, an obedient user will click on "Pay credit card". The dialog box A movable window that is displayed on screen in response to the user selecting a menu option. It provides the current status and available options for a particular feature in the program. will then be displayed: Of course, even when the user fills in all the fields and clicks on "Pay 1$" no money will be deducted. Instead, the credit card information is sent via email to the cybercriminals. Social engineering methods are also often used independently of malicious programs, especially in phishing attacks (i.e. attacks targeting customers of banks that offer online banking services). Users receive emails supposedly sent by the bank. Such messages state that the customer's account has been blocked (this is, of course, untrue) and that the customer should follow the link in the message and enter his/ her account details in order to unblock un·block tr.v. un·blocked, un·block·ing, un·blocks To remove or clear an obstruction from: unblock a road; unblock an artery. the account. The link is specially designed to look exactly like the Internet address There are two kinds of addresses that are widely used on the Internet. One is a person's e-mail address, and the other is the address of a Web site, which is known as a URL. Following is an explanation of Internet e-mail addresses only. For more on URLs, see URL and Internet domain name. of the bank's website. In reality, the link leads to a cyber criminal's website. If account details are entered, the cyber criminal will then have access to the account. Similar messages are also sent on behalf of various other organizations and bodies such as support services support services Psychology Non-health care-related ancillary services–eg, transportation, financial aid, support groups, homemaker services, respite services, and other services , social services social services Noun, pl welfare services provided by local authorities or a state agency for people with particular social needs social services npl → servicios mpl sociales etc. However, cyber criminals aren't only interested in credit card information. They are also interested in the email addresses which victim machines contain. How are these addresses stolen? Here, a crucial role is played by malicious programs which Kaspersky Lab classifies as SpamTools. These programs scan victim machines for email addresses, and the addresses harvested can be instantly filtered according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. predefined criteria, e.g. the program can be configured to ignore addresses which clearly belong to antivirus companies. The harvested addresses are then sent to the author/ user of the malicious program. There are other ways of planting Trojans on user computers, some of which are extremely brazen bra·zen adj. 1. Marked by flagrant and insolent audacity. See Synonyms at shameless. 2. Having a loud, usually harsh, resonant sound: "sudden brazen clashes of the soldiers' band" . There are cases where cyber criminals offered to pay website owners for loading malicious programs onto the machines of users who visited their websites. One example of this is the iframeDOLLARS.biz website: it offered webmasters a "partner program" that involved putting exploits on their websites so that malicious programs would be downloaded to the machines of those who viewed the sites. (Of course, this was done without the users' knowledge). These "partners" were offered $61 per 1,000 infections. Dealing in Stolen Goods Unquestionably un·ques·tion·a·ble adj. Beyond question or doubt. See Synonyms at authentic. un·ques  tion·a·bil , the main motivation for stealing data is the desire
to make money. Ultimately, all the information stolen is either sold or
directly used to access accounts and get funds in this way. But who
needs credit card data and email addresses?
The actual data theft is only the first step. Following this, cyber criminals either need to withdraw money from the account, or sell the information received. If an attack yields details which are used to access an online banking system or an e-payment system, the money can be obtained in a variety of ways: via a chain of electronic exchange offices that change one e-currency (i.e. money from one payment system) into another, using similar services offered by other cybercriminals, or buying goods in online stores. In many cases, legalizing or laundering the stolen money is the most dangerous stage of the whole affair for the cyber criminals, as they will be required to provide some sort of identifying information e.g. a delivery address for goods, an account number etc. To address this problem, cyber criminals use individuals who are called "money mules A money mule is a person who transfers money and reships high value goods that have been fraudulently obtained in one country, usually via the internet, to another country, usually where the perpetrator of the fraud lives. The term money mule is formed by analogy with drug mules. ", or "drops" in Russian cyber criminal jargon. "Drops" are used for routine work in order to avoid exposure, e.g. for receiving money or goods. The and are now implementing online versions of real-world scams. As a rule, such schemes attract buyers or customers by offering goods at prices which are much lower than those offered legitimate vendors. Figure 4 shows a fragment of the web page of one such Russian e-store: The prices are impossibly low. Such low prices should arouse user suspicion, and make them think twice about buying things from such a website. In order to get around this problem, cyber criminals may give the following justifications: * the sale of confiscated con·fis·cate tr.v. con·fis·cat·ed, con·fis·cat·ing, con·fis·cates 1. To seize (private property) for the public treasury. 2. To seize by or as if by authority. See Synonyms at appropriate. adj. items; * the sale of goods purchased with stolen credit cards; * the sale of goods which were purchased on credit using fake names. Such explanations are, of course, extremely questionable. However, many people choose to believe them: they think it's all right to sell goods cheaply if the vendor didn't have to pay for them. When ordering, customers are asked to make a down payment or sometimes even prepay the full price. Naturally, once payment has been made, there will be no response from the cyber criminals' phone numbers or email addresses. And of course, the purchaser won't get his/ her money back. This scheme can be adapted for different locations. For example, in Russia goods purchased online are commonly delivered by courier. In this case cybercriminals may require an advance payment to cover delivery, explaining that couriers are often sent to addresses where no goods have been ordered, but the e-store owners still have to pay the courier. The cyber criminals then receive the delivery charge, while the customer receives nothing. Bogus online stores are not the only trap for users. Nearly all criminal schemes which occur in the real world are reflected in equivalent scams in the cyber world. One more example of criminal online schemes is a "project" which offers users the opportunity to invest their money at a very attractive rate--so attractive that it is hard to resist. Figure 5 shows part of one of such "investment" website: Of course, there's no need to comment on the interest rate offered. In spite of the ludicrous nature of such schemes, there are people who trust such "projects", invest, and lose their money. The list is endless: new bogus e-money exchange websites, new online financial pyramids Financial pyramid A risk structure that spreads investor's risks across low-, medium-, and high-risk vehicles. The bulk of the assets are in safe, low-risk investments that provide a predictable return (base of the pyramid). (similar to real-world pyramid scams), spam which describes special secret electronic wallets See digital wallet. that double or triple the amounts received and other similar schemes are surfacing all the time. As mentioned above, all these scams are designed to play on people's desire to get something for nothing. Extortion extortion, in law, unlawful demanding or receiving by an officer, in his official capacity, of any property or money not legally due to him. Examples include requesting and accepting fees in excess of those allowed to him by statute or arresting a person and, with In 2006 a dangerous trend became clear: cyber extortion is evolving rapidly in Russia and other CIS countries There are two lists concerning CIS countries:
n. The ability to operate a computer and to understand the language used in working with a specific system or systems. computer literate adj. users would be able to revert the modifications on their own, or re-install the operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. , thereby getting rid of the malicious program. However, most other families of malicious programs designed with extortion in mind are not so easy to get rid of, and the question "to pay or not to pay" was more often than not answered in the affirmative. Krotten was distributed via online chat and on message boards in the guise of a sensational program that provides free VoIP, free Internet access, free access to cellular networks etc. On January 25, 2006 Trojan.Win32.Krotten was followed by the first modification of Virus.Win32.GpCode. This malicious program was mass mailed and encrypted data files stored on the hard drive in such a way that the user could not decrypt To convert secretly coded data (encrypted data) back into its original form. Contrast with encrypt. See plaintext and cryptography. them. Consequently, the user would have to pay for the data to be decrypted. Folders with encrypted data contained a readme.txt file See ASCII file. with the following content: Some files are coded by RSA (1) (Rural Service Area) See MSA. (2) (Rivest-Shamir-Adleman) A highly secure cryptography method by RSA Security, Inc., Bedford, MA (www.rsa.com), a division of EMC Corporation since 2006. It uses a two-part key. method. To buy decoder A hardware device or software that converts coded data back into its original form. See decode and MPEG decoder. mail: xxxxxxx@yandex.ru with subject: RSA 5 68251593176899861 In spite of the information that encryption was performed using an RSA algorithm, the author of the program had actually used standard symmetrical encryption. This made restoring data easier. In the course of just 6 months, GpCode evolved considerably, using different, more complex encryption algorithms A formula used to turn ordinary data, or "plaintext," into a secret code known as "ciphertext." Each algorithm uses a string of bits known as a "key" to perform the calculations. The larger the key (the more bits), the greater the number of potential patterns can be created, thus making . Different variants of the program demanded different sums for decrypting data: the price varied from $30 to $70. These programs were only the beginning. The number of families of programs designed for extortion increased during the year (Daideneg, Schoolboys, Cryzip, MayArchive and others appeared), and the programs also increased their geographical reach. By the middle of the year, such malicious programs had been detected in Great Britain Great Britain, officially United Kingdom of Great Britain and Northern Ireland, constitutional monarchy (2005 est. pop. 60,441,000), 94,226 sq mi (244,044 sq km), on the British Isles, off W Europe. The country is often referred to simply as Britain. , Germany and other countries. However, other methods of extortion continued to be used as extensively as before. One example of this was the attack on Alex Tew, 21, a British student who created a website where he sold advertising space in the form of squares a few pixels across. Tew managed to make $1 million in four months with this unusual idea. Cybercriminals demanded that the successful student pay them a large amount of money, and threatened to organize a DDoS attack on his website if payment was not made. Three days after receiving the threat the student's website underwent a DDoS attack. To his credit, he refused to pay. But why is extortion and blackmail Ask a Lawyer Question Country: United States of America State: California Hi, Recently I was threatened by someone telling me they would plantilligal substances in my car then call the police... so popular among cybercriminals? The answer is simple: such crimes are facilitated by the victims themselves, who are ready to yield to any demands in order to have their lost or damaged data restored. How to Avoid Falling Victim to Cybercriminals The reader may get the impression that this article aims to scare users, and conclude that only an antivirus program Software that searches for known viruses. Also known as a "virus scanner." As new viruses are discovered by the antivirus vendor, their binary patterns are added to a signature database that is downloaded periodically to the user's antivirus program via the Web. can save their data. In actual fact, there is no antivirus solution that will help Internet users Internet user n → internauta m/f Internet user Internet n → internaute m/f who don't take elementary precautions. Below is a list of recommendations to help you avoid being easy prey for cyber criminals: * Before making any payment or entering any personal data, find out what other users think of the relevant website. However, do not trust comments left on that site, as they may have been written by a cybercriminal See cybercrook. . It's best to get the opinions of people you know personally. * Avoid giving any details of your bank cards over the Internet. If you need to make a payment over the Internet, get a separate card or e-money account and transfer the necessary amount to the card or account just before making a purchase. * If an online store, investment fund or other organization has a website on a third-level domain, especially one provided by a free hosting service, this should arouse suspicion. A self-respecting organization will always find the small sum needed to register a second-level domain In the Domain Name System (DNS) hierarchy, a second-level domain (SLD) is a domain that is directly below a top-level domain (TLD). For example, in wikipedia.org, wikipedia is the second-level domain of the .org TLD. . * Check where and when the domain used by the online shop was registered, where the shop itself is located, and whether the addresses and telephone numbers provided are genuine. A simple telephone call can solve several problems at once by confirming or dispelling your doubts. If the domain name was registered a month ago and you are told that the company has been in the market for several years, this warrants more detailed investigation. * Do not pay money up front, even for courier delivery. Pay for all services only once you have received the goods. If you are told that people often order goods to be delivered to wrong addresses, meaning that couriers can't deliver them, don't believe this. It's better to err on the side of caution and choose a different store than risk being swindled. * Never reply to mailings made by banks, investment funds Noun 1. investment funds - money that is invested with an expectation of profit investment assets - anything of material value or usefulness that is owned by a person or company and other financial organizations: such organizations never make mass mailings. If in doubt, use the telephone to check whether mail really does come from the alleged sender. But don't use the telephone number given in the message: if the message was sent by cybercriminals, the number given will also belong to them. Conclusion This first part of our article gives an overview of the most common ways to steal virtual property from Internet users. If you don't secure your property, nobody else will. As the saying goes, forewarned is forearmed, and hopefully the information provided here has been useful. www.kaspersky.com Yury Mashevsky, Virus Analyst, Kaspersky Lab |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion