Sophisticated attacks on banks, handhelds increasing
BY: Bill Gertz
Cyber crime originating from Russia and Eastern Europe is increasing in both scale and sophistication, according to a senior Italian police investigator.
“The way cyber crime has changed criminality is the biggest challenge for us. It is a huge challenge to face this criminal phenomenon,” said Paolo Sartori, who works with Interpol in Romania against cyber crime in Russia and Eastern Europe.
Cyber crime is even changing the nature of traditional organized crime groups who are using hackers to make fast, relatively easy money.
Sartori, speaking at a cyber security conference in Lugano, Switzerland, outlined the nature of Russian cyber crime activities that are increasingly focusing on the use of malicious software in handheld devices, as well as through cyber extortion and theft of credit card numbers. The two-day conference was hosted by Franklin University Switzerland and KNC consulting.
Authorities also are concerned about the ability of terrorist groups to conduct cyber attacks.
“We are very concerned about attacks against military and civilian infrastructures, denial of service, recruitment, propaganda, training, financing, and operational logistics support to terrorist groups and extremist movements,” Sartori said.
However, cyber crime is exploding as computer and software engineers turn to crime in Eastern Europe, Russia, and many of the former Soviet states where legitimate jobs are scarce and law enforcement and legal systems are ill-equipped to address the problem.
Sartori said six of the top 10 countries that experienced the most Internet fraud were located in Eastern Europe and the former Soviet Union.
Two new schemes for cyber criminals are cyber extortion and mobile bank account application hacking.
“Cyber extortion is one of the fields they are very, very active,” Sartori said.
In cyber extortion, hackers remotely take over a company computer network and then offer to release the control for a fee that is often less that it would cost the company to have the problem repaired.
“Many firms choose to comply with the demand rather than taking the risk of losing customers,” Sartori said.
Another indicator of the growth of cyber crime is the fact that software Trojans that can break into computer networks have decreased in cost from around $250 several years ago to as little as $50 today.
“This means that many, many criminals are now appearing in the criminal field,” Sartori said.
Cyber criminals also seek to protect their reputations for selling quality stolen products. For example, one group was selling stolen Platinum and Gold MasterCards for $35 each.
Russian hackers also have been successful in breaking into ATM cash machines and having them issue money.
On mobile applications, “originating from Russia we saw a significant increase in the number of mobile applications designed to steal money from bank accounts,” Sartori said. “And the majority of the attacks on bank accounts focused on the Android smart phone.”
Cyber criminals from Eastern Europe also are active in hacking Bitcoin, an untraceable crypto currency used online.
Several recent investigations succeeded in taking down a Ukrainian cyber crime ring that targeted U.S. banks in Puerto Rico and Oman. Stolen data from bank clients was used to clone credit cards.
Another operation busted a Romanian hacker group that carried out more than 34,000 fraudulent bank withdrawals between February and December 2013. A third case involved hackers from Latvia, Romania, and Russia who created a virus the affected over a million computers.
Criminal hackers also are hiring themselves out. The cost to hire a criminal hacker is between $100 and $300 for cyber attacks on business computers. The hackers for hire avoid breaking into government and military computers because it is too dangerous and the profitability is lower.
Sartori said Russian banks and financial institutions that two or three years ago were very difficult to work with investigators in the west appear to be trying to be more open with authorities. Reported losses for Russian banks from cyber attacks reached $68 million, he said, noting that cyber attacks on Russian banks total more than 300,000 operations.
In Russia, authorities estimate about 20,000 people are engaged in cyber crime activities, mainly involving bank fraud, along with cyber extortion schemes, and fake pharmaceutical email scams.
The Russian hackers also are hiring English speakers to sound more credible and to improve communications.
One of the reasons for the rise in cyber crime is the low rate of prosecution and punishment. For example, in Ukraine, of the 400 people arrested for Internet and bank fraud, only eight were convicted.
The region also has a large pool of people with very advanced information technology skills. Cyber criminals “are very well prepared and very well motivated,” Sartori said, noting that some arrests involved catching hackers at universities who were on the way to take exams.
In Russia, the lack of legitimate high-tech jobs is another cause for increased cyber crime rates.
“In Russia and other former Soviet Union and Eastern European economies, top university graduates are reportedly paid by organized crimes up to 10 times more than from legitimate jobs,” he said.
One hacker confessed that hacking remains one of the few good jobs left in Russia.
Additionally, another problem contributing to cyber crime is that hacking is culturally accepted in the east. “It’s not considered a crime in the countries. It’s regarded as just another job,” Sartori said. “There is not a culture to consider these guys as criminals, as robbers, as killers. They are considered professionals as others.”
Police charged with tracking and halting the cyber crime group face difficulties from the small and flexible structure of the crime groups, which can often be as small as five people, operating from different European countries.
“They are organizing very efficient global teams and supply chain management,” Sartori said. “They are very well adapted to global strategies and global collaboration between different groups.”
The wide range of crime activities from the region include email spam, child pornography, fraud and phishing, cyber extortion, disclosure of personal and confidential data, compromise of resources and web defacements, compromise network systems and websites, denial of service, and unlawful e-commerce and services.
Cyber criminals collaborate with counterfeit product makers in China and Asia, as well as in Russia and former Soviet republics.
The use of malware through infected Internet Protocol addresses and URLs is another tool for cyber criminals.
The use of anonymization tools, like Tor, and encryption are making it difficult for authorities to counter the problem.
The combination of operating from several different countries and having a flexible organization makes it “very hard for us to focus on where they are working because they have their headquarters in one country but other people are working in another country. So this is one of the problems that we have,” the Interpol investigator said.
Within cyber crime groups, members are assigned specialized roles, such as creating malware, cracking into networks, handling security credentials, and laundering the proceeds of the crimes.
Like traditional crime groups, cyber criminals conduct predatory operations then leave, often without leaving traces of their activities.
Proceeds from the criminal activities also are not invested in locations where the crimes were committed.
Sartori said authorities in Europe are seeking to increase the specialization of their investigators charged with counter cyber crime and setting up international joint teams.
Last month a Russian man pleaded guilty to cyber crime charges involving attacks on payment processors, retailers, and financial institutions that netted over 160 million stolen credit card numbers.
The hacker, Vladimir Drinkman, admitted to the global hacking activities to U.S. authorities.
The Justice Department said the Drinkman case was the largest hacking case prosecuted in the United States. His crimes cost an estimated loss of $300 million to people and companies.
“Our close cooperation with our international partners makes it more likely every day that we will find and bring to justice cyber criminals who attack America — wherever in the world they may be,” said Assistant Attorney General Leslie Caldwell. “I am confident that this type of international cooperation that led to this result will be the new normal.”
Two other men in the case are being sought by authorities, and a third, Dmitriy Smilianets, has been in federal custody since 2012.