Waging war on gangsters who stalk the internet

IrishTimes.com ^ | Friday, August 21, 2009 | CIARA O’BRIEN

[justa-hairyape]

Hackers are becoming more organised as a new pool of talent coming from eastern European countries – Russia in particular – becomes available, writes CIARA O’BRIEN

A number of attacks involving Russian hackers has hit the headlines in recent weeks. The most recent was the charging of Albert Gonzalez, a former US government informant who has already been jailed in connection with hacking cases. He is accused of stealing 130 million credit and debit card numbers. Two unnamed Russian co-conspirators were also charged in relation to the theft, said to the biggest case of identity theft seen yet.

Mr Harbison, a director and IT forensic specialist in Grant Thornton’s forensic and investigation services, said Russia has a formidable reputation in the hacking field. “Gonzales wasn’t so much of a hacker himself, he was the manager of hackers. He organised specialised teams. He was the kingpin of a group, and you are going to see more of that,” he said.

“On earlier hacks, he used Latvians, Ukrainians, Belarussians and Chinese. He was a very good recruiter of specialists.”

“There is a risk that countries that have political grudges against others and may have lesser standards of ethics in governance may decide cyber warfare is a preferable means of damaging your enemies than physical warfare,” said Cian Blackwell, partner in business risk services at Grant and Thornton. “It’s certainly cheaper and easier to do without it being traced to you.”

[justa-hairyape]

Interesting additional information on Gonzalez out of Ireland. Apparently besides being an informant for the US goverment he was also a specialist at recruiting Eastern European, Chinese and Russian hackers.

Speaking of CyberWar. This ones been hot and cold for years. Going hot again.

ARMENIA: WAVE OF HACKER ATTACKS BLAMED ON AZERBAIJAN, TURKEY

[angkor]

I’ve long grown weary of Wired mag and its snarky Web 2.0 trendiness, but they are actually doing some good coverage of the Gonzales crimewave.

Aug 20:
http://www.wired.com/threatlevel/2009/08/gonzalez-evidence/

Aug 17:
http://www.wired.com/threatlevel/2009/08/tjx-hacker-charged-with-heartland/

June 18:
http://www.wired.com/threatlevel/2009/06/watt/

[justa-hairyape]

Thought we could not post anything from Wired. Even links ?

[angkor]

Dunno, is that so?

[DieHard the Hunter]

> I’ve long grown weary of Wired mag and its snarky Web 2.0 trendiness,

I’ve got a box of old WiReD magazines, complete from 1.02 thru 4.x or something. I ran out of patience with them shortly after WiReD “discovered” the web. They’re all in very good nick, one day I’m going to sell them or donate them to a library or something.

“Back in the day” they were pretty K3wL.

“Snarky” is a great way to describe their current demeanor. I’ve had an Internet account of some description or another for longer than most of their contributors have been alive. “Snarky” doesn’t go down well with me.

[justa-hairyape]

These publishers have asked us not to allow any material at all to be posted to FR:

* wired.com

Does that mean links also ? Looks like very good articles. Have not read two of them yet. Thanks.

[angkor]

I also have a history with Wired that precedes even their first issue. And like you, my Internet use goes goes back to the 80’s.

But over the years I’ve gotten totally disgusted with the whole California tech-trendy “ain’t we cool” attitude and honestly Wired is such a distillation of that, it’s actually repellent and insufferable these days. I haven’t bought a copy in years.

[justa-hairyape]

Thanks for those links. Was reading the wired article about Stephen Watt who created the sniffing program called blabla. Decided to see if blabla was in one of the files I found on my hacked server in Slovakia. Been hesitant to look at those files. Did not find blabla in the main file called G a M e O v E r. But did find the following.

Excerpts follows - DO NOT go to the website below. These guys is serious.

C100 SHELL CREATED BY CAPTAIN CRUNCH SECURITY TEAM
WWW.CCTEAM.RU
C100 SHELL - REVAMPED (X2300) MODIFIED BY LOCUS7S
UNDERGROUND NETWORK
--[::hack_hosthacker@yahoo.com::]
Modified by Shadow & Preddy

End excerpts

A Russian written utility available only to VIP members of the LOCUS7S. Looks like its been around since Feb 14 2007. Anyone know anything about this ? Was basically called GaMeOvEr - Project WAIT.

[STONEWALLS]

O.K. so how do I defend myself from these thieves?....quit using my credit card and go back to cash and checks for everything?....I’ve really gotten used to the convenience of the credit card...I do a lot with it because Cabela’s gives me bonus points even though I pay my bill in full every month....how are you folks handling the threat?

[The Sons of Liberty]

Waging war on gangsters who stalk the internet

Gangsters?, Internet?

Does this include 0bama and his gang of thugs that collect names of those opposed to their dictatorship?

[justa-hairyape]

When they attacked my server, they probably did not realize that the guy who administered the php program was also the number one user of the program by far. They ended up stealing my BofA account info and tried to post an $1,800 check for a company called Lockbox. There is a Lockbox Marketing company in Denver where last week they arrested a couple of Russian immigrants and implicated 700 other Russians on Student Visas. But what I am hoping is that since I was the number one user, I was the first they attacked through my server.

What I would recommend is only using online banking when you have too. Much better to stop by an ATM to just check your balance. According to research I just did on the web, this was a Remote File Inclusion attack RFI. I only have a basic non-educated grasp of php script code, but I know html very well (just too busy to learn php script). There was some html code at the end of the hacked file that looks like they were opening up collapsed tables. What you will see is what I saw on my paypal login window. After logging into paypal, the next screen had a form or table in the middle that was asking for a bank ATM card number and pin. The English sentence right above the data boxes was not phrased properly. That was the clue and they did not compromise my paypal, but they probably got my SSN. They were good. Dam good. Fooled me so much I actually called paypal and was going to complain that they had sentence so poorly written. But I figured out while I was on the phone on hold, that must be a hacker.

This C100 Modified Shell had some New Modifications that are actually listed in the file.

[justa-hairyape]

Concerning sliding credit cards in stores, that was a different type of attack. Some kind of inclusion attack that compromised lots of credit card swipes. The industry needs to improve its security to keep cc cards safe. If its an ATM card, just get cash out and pay that way. Cash is no problem. With a cc card the credit card companies will protect you from any fraud and reverse the charges after you file a fraud complaint with them.

[justa-hairyape]

Obama seems to be more of a physical in your face type of gangster. These Russian hacking gangsters use virtual deception and guile.

[justa-hairyape]

Correction - The Credit Card swipe fraud that just occurred and made the news for attempting to steal the most cc numbers ever, was a SQL-injection attack. Nothing to do with me. My RFI experience was just an attack on and through my low volume server where I was also the main user.