If you want to buy a botnet, it’ll cost you somewhere in the
region of $700 (£433). If you just want to hire someone else’s for
an hour, though, it can cost as little as $2 (£1.20) — that’s long
enough to take down, say, a call centre, if that’s what you were in
the mood for. Maybe you’d like to spy on an ex — for $350 (£217)
you can purchase a trojan that lets you see all their incoming and
outgoing texts. Or maybe you’re just in the market for some good,
old-fashioned spamming — it’ll only cost you $10 (£6.19) for a
million emails. That’s the hourly minimum wage in the UK.
This is the current state of Russia’s underground market in
cybercrime — a vibrant community of ne’er-do-wells offering every
conceivable kind of method for compromising computer security. It’s
been profiled in security firm Trend Micro‘s report,
Russian Underground 101, and its findings are as
fascinating as they are alarming. It’s an insight into the workings
of an entirely hidden economy, but also one that’s pretty scary.
Some of these things are really, really cheap.
Rik Ferguson, Trend Micro’s director of security research and
communications, explains to Wired.co.uk that Russia’s cybercrime
market is “very much a well-established market”. He says: “It’s
very mature. It’s been in place for quite some time. There are
people offering niche services, and every niche is catered for.”
Russia is one of the major centres of cybercrime, alongside other
nations like China and Brazil (“the spiritual home of banking
malware”).
Russian Underground 101 details the range of
products on offer in this established market — Ferguson says that
they can be for targeting anyone “from consumers to small
businesses”. He points to ZeuS, a
hugely popular trojan that’s been around for at least six years. It
creates botnets that remotely store personal information gleaned
from users’ machines, and has been discovered within the networks
of large organisations like Bank of America, Nasa and Amazon. In
2011, the source code for ZeuS was released into the wild — now,
Ferguson says, “it’s become a criminal open source project”.
Versions of ZeuS go for between $200 (£124) to $500 (£309).
Cybercriminal techniques go in and out of fashion like
everything else — in that sense, ZeuS is a bit unusual in its
longevity. That’s in large part because viruses and trojans can be
adapted to take advantage of things in the news to make their fake
error messages or spam emails seem more legitimate. For example,
fake sites, and fake ads for antivirus software, aren’t as popular
as they once were because people are just more computer literate
these days. Exploits which take advantage of gaps in browser
security to install code hidden in the background of a webpage have
also become less common as those holes are patched up — but
programs which embed within web browsers still pose a threat, as
the recent
hullabaloo over a weakness in Java demonstrates.
Ferguson points to so-called “ransomware” as an example of a
more recent trend, where the computer is locked down and the hard
drive encrypted. All the user sees on the screen is that tells them
that their local law enforcement authority (so, in the UK, often
the Metropolitan Police) has detected something like child
pornography or pirated software on their PC, and if they want to
unlock it they’ll have to send money to a certain bank account. No
payment, no getting your hard drive back.
Amazingly, if you pay that “fine”, then you will actually get
your information back, says Ferguson. “But you’ve labelled yourself
as an easy mark, and there’s no telling if they haven’t left behind
a backdoor which will let them come back and try again,” he says.
Child pornography and pirated software have been in the news a lot
over the past few years, for obvious reasons, and that kind of
thing directly influences the thinking of hackers and
programmers.
Taking the time to adapt these tools to recent trends can be
very lucrative. DNSChanger, a
popular trojan from 2007 to 2011, would infect a machine and change
its DNS settings. When the user went to a webpage with ads on it,
that traffic would give affiliate revenue to the scammers. One
prominent DNSChanger ring (Rove Digital)
was busted in Estonia in 2011 — the FBI had been tracking them for
six years, and during that time it was estimated that they’d earned
around $14 million (£8.7 million) from this little trick. It also
meant that the FBI was left with some critical web infrastructure
on its hands — those infected machines (which included machines at
major organisations) could only access the web through those Rove
Digital servers. Months were spent trying to get people to
check their computers for infection and ensuring that when
those Estonian servers were shut off, it didn’t take down, say, a
bank.
The most recent trends in cybercrime, though, are
very much focused on mobile — particularly Android, Ferguson
explains: “We’ve seen so far 175,000 malicious threats for Android,
and we expect that to be a quarter of a million by next year. Those
threats come from malicious apps — if you want to stay safe, stick
to official channels like Google Play, don’t just download from any
site. Similarly, there aren’t any malicious iOS apps in the wild,
on the App Store, but that only applies to iPhones aren’t
jailbroken — downloading from other places puts your phone at
risk.”
These threats aren’t going away, either. In fact, according to
Ferguson, “prices are going down” across the Russian underground:
“Let’s not pretend that these people aren’t taking advantage of
technology just like normal businesses — improvements in
technology are getting faster, and there are things like cloud
services which they also use. The bad guys are using technologies
to drive down costs in the same way businesses are.”
Ferguson cites the
recent case of someone claiming to have bought the personal
information of 1.1 million Facebook users for only $5 (£3.19) as
further evidence of the growing problem of online information
leaking into the hands of these cybercrime communities. Hackers and
other cybercriminals make it their job to analyse security measures
and find ways around them, because that information is where the
value lies.
While hackers and other cyber criminals can save by buying in
bulk, the cost to the individual (or the business) that falls
victim to one of these techniques is potentially much higher. So,
be vigilant, OK?
Here’s some of what you can buy on the Russian
underground…
Basic crypter (for inserting rogue code into a benign
file): $10-$30 (£6.19-£19)
SOCKS bot (to get around firewalls): $100 (£62)
Hiring a DDoS attack: $30-$70 (£19-£43) for a day, $1,200
(£742) for a month
Email spam: $10 (£6.19) per one million emails
Expensive email spam (using a customer database):
$50-$500 (£31-£310) per one million emails
SMS spam: $3-$150 (£1.86-£93) per 100-100,000
messages
Bots for a botnet: $200 (£124) for 2,000 bots
DDoS botnet: $700 (£433)
ZeuS source code: $200-$500 (£124-£310)
Windows rootkit (for installing malicious drivers): $292
(£180)
Hacking a Facebook or Twitter account: $130 (£80)
Hacking a Gmail account: $162 (£100)
Hacking a corporate mailbox: $500 (£310)
Scans of legitimate passports: $5 (£3.10) each
Winlocker ransomware: $10-20 (£6.19-£12.37)
Unintelligent exploit bundle: $25 (£15)
Intelligent exploit bundle: $10-$3,000
(£6.19-£1,857)
Traffic: $7-$15 (£4.33-£9.29) per 1,000 visitors for the
most valuable traffic (from the US and EU)
Article source: http://www.wired.co.uk/news/archive/2012-11/02/russian-cybercrime
