Two new hacker paradigms.
Both very interesting, and amazing.
One is a thru the cracks hacker making good money.
The other is a old method updated, with new serious potential.
hiding the potential of a major crippling strike.
Based in St. Petersburg, Russia.
The people behind the Koobface gang are known.
But there have been no arrests in Russia.
Large infrastructure, 500,000 fraudulent Google
blogger and Gmail accounts, and 20,000 Facebook accounts.
Our estimates put their take around $20 mil a year, and
we think thats accurate.
Not bad for victim-less crime.
The director of KG lets call him Ivan.
Ivan rules with an iron hand, and isn't adverse
to murder or a few broken legs.
His paradigm is to steal pennies,
its like going into your local bank
and stealing a nickel from your account.
Jeeze its hardly worth the effort to make
a phone call, my time is worth more than
a nickel. Hundreds of thousand accounts
They make use of their botnets in some
very interesting ways, click campaigns,
where they make 1/10 of cent for each
click their botnets make on some advertising
sites. Millions of clicks.
The frighting this is they could be pulling
down Billions from crime, but they might
loose their heads then. Our paradigm
intel indicates they are paying bribes
in the millions now.
But by only taking a nickel instead of
thousands of dollars, they avoid creating
victims who would file complaints,
and hoped to avoid investigations into
Ivan has been unmasked, FBS knows
who he is and won't like it they aren't
getting their share.
The risk is "someone" leaning on him
pressuring him for the Billion dollar
take. He has the back doors to really
hurt his victims, maybe even cripple
the Canadian sector.
His restraint paradigm can't be relied
on, he could turn Greedy any time.
We have BSU's probing for weaknesses.
The Second Dangerous paradigm is
the new/old BGP hijack.
You might have read about it,
This exploit was know about 12 yrs ago.
And described this to intelligence agencies and to the National Security Council, in detail.
The TTL adjustment was new.
Nearly 15 percent of the world's Internet traffic, including that of many U.S. government and military sites, was briefly redirected through computer servers in China in April, according to a congressional commission report due out this week.
It is not clear whether the incident was deliberate, but the capability could enable severe malicious activities including the diversion of data and the interception of supposedly secure encrypted Internet traffic, the U.S.-China Economic and Security Review Commission states in a report to Congress.
...18-minute-long April 8 redirection, including those for the Senate, all four military services, the office of the secretary of defense, the National Aeronautics and Space Administration, the Department of Commerce, the National Oceanic and Atmospheric Administration "and many others," as well as commercial websites including those of Dell, Yahoo, Microsoft and IBM.
The important Military and Government data was encrypted to NSA standards.
It was an 18 min snatch, Was it a test? was that 18 min period on April 8 significant ?
Looks to approximate WWW traffic for a previous Cyber break in 2007.
Stealing over 12 terabytes from State Dept, DOD, Dept of Commerce, Dept of Energy, NSA , Google and 34 other big Corps were also hacked. China was the suspect then also.
Vice president of threat research at McAfee: Alperovitch: “This is one of the biggest — if not the biggest hijacks — we have ever seen.” And it could happen again, anywhere and anytime. It’s just the way the Internet works, he explained. “What happened to the traffic while it was in China? No one knows.”
The telephone giants of the world work on a system based on trust, he explained. Machine-to-machine interfaces send out messages to the Internet informing other service providers that they are the fastest and most efficient way for data packets to travel. For 18 minutes April 8, China Telecom Corp. told many ISPs of the world that its routes were the best paths to send traffic.
An interesting point: China Telecom could manage to absorb this large amount of data and send it back out again without anyone noticing a disruption in service. In previous incidents, the data would have reached a dead end, and users would not have been able to connect.
This points to a very resilient China system or somebody planed it.
It could also mean 18 min of data was maximum amount of data they could absorb.
The TTL adjustment was new.
The rest is old very OLD.
BGP4 was always capable of directing traffic that is what it was designed to do.
Path-prepending is a technique that's equally well known.
This is no easy to attack this as you need to be trusted by your upstream ISPs. Since those ISPs have neither the interest nor the need
to trust their customers to announce only their own BGP information many ISPs filter what customers can announce to them.
Large ISPs are in a position to do it as they are trusted but have even less motivation in performing BGP hijacking. A successful BGP hijack by a large ISP would result in peers publicly mocking them and front page headlines that would not be good for business.
Attracting a substantial amount of traffic and sending it out again is going to get noticed. Both on your bandwidth usage with the potential for a self inflicted fill the pipe ddos and by people watching traffic patterns/announcements in BGP.
Here is one of the early bgp hijacks it was an accident but in 1997 this accident caused major outages and traffic to be redirected when as7007 hijacked a large portion of the internet.
A good collection of BGP security papers is available here:
It appears this is fixable,
but the other element is was it intentional?
And to what end?
Going to China makes it problematic.
The ability of China to absorb that volume
of traffic speaks to their capability or
to their intentional espionage.
US and China need to work this out.
Neither is going to attack the other.
With the advent of Globalization and the amount of
US Bonds China holds, a heavy cyber attack by China
on USA would bleed them to death.
One of the huge benefits to Globalization is
the understanding you don't kill your best
Nor do you involve yourself in an attack
that would significantly drop the value of your
investment portfolio, US bonds.
So China may have a huge cyber threat/
weapon but its a big stick they can't use.
Now espionage is a different animal.
Its equivalent to listening in on
a spouses phone.
On the other hand its quid pro quo,
If US launched a crippling cyber attack
on China it would be killing its biggest
lender, and would cripple the US economy.
USA and China are bed fellows,
very nervous bed fellows,
but bed follows never the less.Wedded in Economic Globalization.
Divorce for either resulting in economic
Tactical Internet Systems analyst.