==================================================================
|
By GRAHAM KATES/THE CRIME REPORT CBS NEWS August 11, 2015,
5:55 AM
How
authorities infiltrate
On July 15, law enforcement authorities from 20 countries
arrested more than two dozen suspects allegedly associated with Darkode, an online forum for
malicious hacking.
For agencies tasked with cracking down on the Internet's
underworld, it was a rare victory, according to experts.
The Darkode bust, they said, shows
that you don't have to scour the deep web -- a part of the Internet that isn't
indexed by search engines -- to find illegal products. The Internet is home to
hundreds of illicit markets, where products ranging from hacking tools and
codes to guns and drugs can be purchased with relative anonymity. Nevertheless,
infiltrating and busting illicit markets in cyberspace remains extremely
difficult for investigators.
The best markets can't be found with a simple Google search,
but the first step is to find the ones that can, according to Tom Holt, a
professor at Michigan State University who researches illicit data markets.
"There are multiple tiers, and the lower tier ones are
different in what's offered," he said. "You'll see marketing for
credit card information and basic DDoS (Distributed Denial of Service), but in those more secure
ones you'll find more sophisticated, brand new products."
Researchers and investigators often start by looking in
basic hacking forums for links and references to the more secure markets -- a
few actually actively advertise on the less-secure sites -- but once those
markets are found, it can be tricky getting inside.
Invitation-Only Markets
Many illicit online markets are invitation-only, which means
a current member has to vouch for a new member. The best way to earn enough
trust to get recommended is to purchase something illegal on a basic market,
said Holt. Researchers representing universities aren't allowed to pursue that
option, but government informants have been known to.
"Paying for a service is helpful, because it
demonstrates a willingness to really engage in the market, you can't be trusted
to invest in a community if you're not going to invest in its products,"
Holt said.
But just buying a product or service isn't enough.
Investigators and researchers trying to avoid unwanted
attention also have to learn the lingo.
During an October 2014 seminar at the annual conference of
the International Association of Chiefs of Police in Orlando, John Szydlik, a
special agent with the Secret Service, gave tips on fitting in when interacting
on an illegal market.
Szydlik told a room of roughly three dozen police officials
that while arresting a suspect accused of data crimes, he asked how to make it
so no one on a dark forum will think he's a cop.
"All you gotta do is refer to everybody as 'bro' and
you'll be OK," Szydlik said the suspect told him.
"Bro" certainly gets thrown around a lot, but Szydlik
noted that agents also need to know how to use proxies and drop emails -- and
be conversationally familiar with sophisticated money-laundering techniques and
a host of other tools that malicious hackers use to obscure their crimes.
Still, talking a good game can only get you so far, said
Chase Cunningham, the threat intelligence lead for FireHost, a secure cloud
service.
Alternative Identities
Cybercriminals are aware that researchers and investigators
are constantly seeking access to their forums and markets, and can be
particularly paranoid. To gain trust and access, Cunningham said he has put
years into building alternative online identities that have reputations on dark
markets.
"You need to have people vouch for you, but they're not
going to vouch for Chase Cunningham, so I've spent quite a bit of time building
these entities that will get me in," he said.
A lot of work goes into gaining access without actually
running afoul of the law, Cunningham said.
"Social media accounts and everything else have to sync
up," Cunningham said. "You have to construct that whole entity so it
all looks legit; you're trying to get knowledge without doing anything
illegal."
This is the point that separates researchers from
investigators. While an FBI informant can purchase malware or other products as
part of an undercover investigation, people like Holt and Cunningham can only
go so far, they both said.
But an undercover case can take years to develop as dark
markets expand in number and scope, researchers said.
Cunningham said a few markets rapidly filled the vacuum left
behind by Darkode, as many of that market's most active participants switched
their locations.
He named one market on the verge of taking off: exploit.in
"It's at least as good as Darkode," Cunningham
said.
Exploit.in is a forum and market where, like on Darkode,
malicious hacks, guns and other products can be bought and sold. And then
there's the elephant in the dark room: the primarily language used on
Exploit.in is Russian.
Darkode, an English-language site, may have been a powerful
player in the illicit cybereconomy, but those with experience say the best
markets conduct business in Russian.
Researchers working with Holt at Michigan State University
and East Carolina University analyzed 1,899 threads used as forums for black
market data dealers.
The study,
which was funded in part by the federal National Institute of Justice, found
that the most reliable dealers -- and expensive credit card dumps -- are on
Russian-language threads, while English-language markets are crowded with
customers complaining about ripoffs.
Even Europol and the Justice Department were careful to
couch their celebratory press releases about the Darkode bust with the caveat
that it was "prolific" and "sophisticated" for an
English-language forum.
It's a point echoed by Szydlik, the Secret Service agent,
and Holt.
"Sophisticated" Russians
"The Russian-language markets are better, more
sophisticated," said Holt, whose research team included Russian-speaking
analysts. He noted that certain countries in Eastern Europe, including Russia,
Ukraine and Romania, have become hubs for cybercrime, in part because hackers
in the U.S. and in Western Europe are pursued by a more determined, better
funded, set of law enforcement.
Even on Russian markets, when financial information is sold,
it tends to be American. That's partly because of the United States' strong
financial standing, and partly because American firms have yet to implement the
more secure cards used throughout Europe that employ "chip and pin" technology -- a system
that makes it harder for hackers to make use of stolen credit card information.
"If you've got the United States as your cash cow, why
would you spend your time trying to find your way around chip and pins?"
Szydlik said.
But while Russian is the language of the darkest corners of
the Internet, English markets still remain a challenge for law enforcement.
Just two weeks after Darkode shuttered, a new site bearing its name popped up
in the Deep Web.
Multiple outlets reported in late July that Darkode.cc -- a site
that can be reached using the Tor anonymous router -- launched with the
following message from a reputed administrator who uses the name,
"Sp3cial1st."
"Most of the staff is intact, along with senior
members," Sp3cial1st reportedly wrote. "It appears the raids focused
on newly added individuals or people that have been retired from the scene for
years."
"The forum will be ... invite only, and members we can
confirm are still active will be given an invite."
The site is now harder to find and harder to access than
ever before.
| ||
===========================================================
|
https://www.youtube.com/watch?v=HTgYHHKs0Zw&__scoop_post=bcaa0440-2548-11e5-c1bd-90b11c3d2b20&__scoop_topic=2455618
==============================================
**Important note** - contact our company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:
www.tabularosa.net
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications.
Lastly, I
am the founder and president of Tabula
Rosa Systems, a company that provides “best of breed” products for network,
security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT
product information for virtually anyone.
==============================================
No comments:
Post a Comment