Cybercrime goes commercial

Written by Mark Johnson on Monday November 26, 2012

How some websites are using a combination of crowd sourcing, Cloud services and Internet marketing techniques to sell illegal system access and other criminal cyber services online.

Gone are the days when ideologically motivated hackers, wearing ponytails and sandals, tapped away in lonely isolation, surrounded by glowing LEDs and empty pizza boxes.  Welcome instead to the world of the organised and commercially savvy Internet crime syndicate.

In October 2012, the Krebs on Security online Blog reported that an increasing number of services offered by the cybercrime underground allow criminals to purchase access to hacked computers at specific organizations. The Blog claimed that for just a few dollars, these services offer them the ability to buy their way into the servers of Fortune 500 networks.

The service the Blog examined for this post, Dedicatexpress.com, was reportedly renting access to nearly 17,000 computers worldwide, although almost 300,000 compromised systems were said to have passed through the service since its inception in early 2010.  Pitching its wares with the slogan, “The whole world in one service,” Dedicatexpress.com is described by Krebs as advertising hacked RDP servers on several cybercrime forums. The site has since been taken down.

Does that sound illegal? Of course it is, writes Mark Hachman of Slashdot.  He speculates that the site has been moved to another server or service.

Mark Ward, technology correspondent at BBC News, suggests  that many sites are selling access to corporate networks for only a few pounds and he adds that network access is just one of a wide range of cybercrime services now available on the underground economy.  Ward reports that criminals are gathering the details of vulnerable servers from the online community, effectively ‘crowd sourcing’ their database of vulnerable IP addresses which they then sell on.

The BBC quoted a report by security firm Trend Micro which suggested that Russia was at the centre of a networked criminal economy in which ‘any and every cybercrime service is on sale’.  The rates being charged for the various services, including everything from hacking corporate mailboxes to sending junk texts, were detailed in the Trend Micro report.

ICA can confirm that a number of cyber attack or other crimes can be readily facilitated by access to compromised systems which serve to conceal the true identities of those behind each scheme.  Depending on the details of the compromised system, these can include:

• Denial of Service (DoS) attacks against specific corporate or governmental systems
• BotNet creation and exploitation for SPAM, Phishing or distributed denial of service (DDoS)
• MalNet operations
• SPAM funnelling
• Data theft from the compromised server itself, or from innocent users of the device
• Site hijacking and blackmail
• Brand and reputational harm to the legitimate owners of the device
• The running of banned or restricted services such as gambling, some forms or pornography and various fraud scams

ICA’s own research indicates that these challenges are growing, although traditional cyber security risks remain very relevant.  Rather than seeing a shift towards new methodologies, we see an overall expansion in the range of risks and vulnerabilities as the Internet expands and becomes ever more complex and ever more critical to our corporate and social existence.

Mark Johnson is the Chairman of The Risk Management Group and ICA’s faculty lead for Cyber Security.