A by-passers dream come true and a hackers worse nightmare recently brought to light what may be the largest cyber-theft in history. Estimated to possibly be as much as $1 billion dollars, hackers in Russia combined their skills with the hubris of bankers to pull off the $1 Billion scheme.
Sergey Lozhkin, a Kapersky Lab expert, spoke recently with RT.com and shed some light on what some are calling the “Bonnie and Clyde” of cyber-crime.
The first step, as with many cyber-thefts, was to send out emails containing Malware to hundreds of banks in Russia, Japan, the Netherlands and the United States. Unsuspecting bank employees, thinking the email was legitimate, clicked on it sending the virus to work its way through the targeted bank’s computer network. Just the confirmed cases of hacking have cost targeted banks around $300 million, but there is probably more.
“The overall damage could be near $1 billion,” Lozhkin said. “Each of the banks could have lost an estimated $10 million.”
Bankers’ hubris and ego fooled them into thinking their IT security was adequate to keep cyber-thieves out, but the outdated digital sentry was more like the Welcome Wagon to the cyber-crooks than a digital border patrol.
The opening salvo — the email-embedded malware — was old-school and mundane and would have been caught by even the most basic digital security upgrade. Once the email did its job, everything went high-tech for the thieves. Sophisticated methods would let the hackers learn how a particular employee was working with the bank’s software. Then, through keylogging, srcreen captures and even controlling the bank’s computers webcams, other employees’ habits were monitored and learned.
Once the cyber-thieves had taken possession of the bank’s digital grid, the hacker may as well been sitting inside the bank itself. The hackers were even able to remotely control ATMs which were connected remotely, via Internet, to the bank.
At a pre-determined hour, an accomplice would station himself beside a targeted ATM and wait for the cash dispenser to start, well, dispensing cash. Something went wrong with the plan in Ukraine though. Other than gleeful passersby, there wasn’t anyone to gather the cash that was suddenly coming out of the ATM.
That’s when Kaspersky Lab got involved and the ATM that gave away apparently free money also gave away the scheme.
The appeal of high-reward, combined with low risk, has kept cyber-crooks working. The hopes for a big payday is the engine behind constantly evolving cyber-crime.”
If you could sneak $1 from the pocket of 50,000 people, they probably wouldn’t notice. Once they found the $1 missing, they probably would think they lost it or miscounted their change at Star lunch.
How about if you could sneak $1 from 50,000 pockets while busy on your laptop at the corner cafe. No confrontation. No risk of violence. Just $50,000 quickly taken from the pockets of unsuspecting people — cyber pickpocketing if you will. Which would make the better business plan; actual, hands on pickpocketing or cyber pickpocketing? If you’re following along so far, you have just discovered the draw of cyber crime.
Cyber crime has been around since before computers. Evolution has been the word of the day for cyber criminals and law enforcement agencies tasked with stopping them. It’s been a race of leap-frog. Cybercriminals develop a new crime and law enforcement develops the technology to beat it. Cybercriminals respond with technology to beat the cops and the cops respond.
What is the future of cybercrime like? Any predictions about technology have to be taken with a grain of salt. Ken Olsen, the creator of DEC (whom Bill Gates had idolized as a teenager), had been debunking the PC since 1977, when he expressed to a convention of the World Future Society, “There is no reason for any individual to have a computer in his home.”
When you go on Jeopardy, remember the year 1820. That was the year in which the first recorded cybercrime occurred.
Joseph-Marie Jacquard was a textile manufacturer in France and made the loom. The device allowed for the repetition of steps during the weaving of fabrics. The technology inspired fear among his employees since they felt their employment and livelihood were threatened. Late one night, several men snuck into Jacquard’s business and sabotaged the looms in an effort to discourage Jacquard from using it anymore.
Computers have come a long way and now everything from microwave ovens to refrigerators to nuclear power plants to cars, watches and more run on computers. Cybercrime has blossomed since Jacquard and the potential for more sinister implications is assured. Cybercrime has come to include many criminal activities that are older than Jacquard’s loom: theft, fraud, forgery, mischief and the computer age has also given birth to a broad range of crimes Jacquard never could have imagined: hacking, web defacement and cyber stalking among others.
In 2007, Websense predicted that organized crime would be joining forces with the global community of hackers to create a cybercrime economy for the purpose of buying, selling and trading cyber-attack toolkits. The top concern among IT security specialists today is no longer email carried viruses and worms. Today’s threats center around the ubiquitous use of the Internet and the speed at which millions and billions in currency are whisked around the globe.
The World Wide Web has continued to be the number one medium for identity theft, financial fraud and the web’s use — and attacks — will continue to grow rapidly both in terms of number of attacks as well as the sophistication of those attacks.
Despite the growth of cyber crime, a person cannot find a storefront for “Cybercrime Lmt.” In the dark corners of the Internet though, salesman are moving merchandise faster than late-night infomercials on American television.
E-crime is maturing and criminals are adapting conventional approaches that show their fundamental business sense. Many of the current trends of cyber criminals in their sales practices include supermarket-style pricing to outsourcing to portfolio managers, coders, miners washers and minders of “zombie” computers.
Richard Archdeacon, director of global services for Symantec told the NY Times, “It’s a remarkable development of a whole alternative business environment that’s occurred over the past several years.”
According to the same article, victims in the U.S. reported Internet fraud of $239 million in 2007. The average loss came to $2530. The most frequent fraud were fake emails and phony web pages. The phishing attacks came mainly from within the United States, but Nigeria, England, Canada and Italy were represented as sources also.
Despite the increasing elusiveness of the cyber crimes and the growing level of sophistication behind the attacks, U.S. judges remain reticent to sentence cyber crooks to severe jail time for computer crime. One case is that of Owen Thor Walker, a computer whiz from New Zealand who developed an extensive, international network of individual computers. Walker would “hire” his network to a company in the Netherlands and Walker was discovered when a computer attack caused the crash of a server at the University of Pennsylvania in America. Walk pled guilty, and was required to pay restitution to the university and saw his charges discharged without conviction.
Much of what the typical person thinks they know about crime today will be replaced by cybercrime over the next two decades. Much of criminal activity is already evolving. According to the American Bankers Association, bank thefts are being replaced by ATM skimming and other cyber-thefts. Burglars have already been robbing hotel rooms using keyless door hacking tools that was for sale at the Black Hat hacking conference and care thieves across the nation are using gadgets to unlock car doors without having to break the lock or window glass.
The future is here and there are a few more cyber-crimes that may affect you in the future:
Cyber-jacking. Why go to the trouble of boarding a plane and physically hijacking it? The disappearance of Malaysian Air Flight 370 has made some observers think that the aircraft’s system may have been hacked. While there is disagreement about the current ability of cyber-jackers, future attacks may leverage some type of cyber-attack to make it happen.
Human Malware. Humans may be infected with malware in the short term. If a person has a Wi-Fi connected medical device implanted, such as a pacemaker, physical harm to the body could occur if the device itself is the subject of a cyber-attack.
Cyber Assault. With the number of home appliances being networked now, and more to be connected to the web in the future, it doesn’t take long to see some of the potential of cyber assaults. A hot water heater, connected to the Internet, could be manipulated to spike the water temperature suddenly while the target is showering. Cyber attacks are only limited by the imagination of the perpetrator.
Cyber Extortion. With the significant degree of personal information including work and finances online, anyone who can gain control of the accounts can control lives.
Identity Theft. Sure, it’s a problem now. But “you ain’t seen nothing yet.” As biometric security such as fingerprint scanners and retina scans become more commonplace, biometric data will be a valuable commodity to the criminal underworld.
As everyone’s life increasingly depends on technology, the vulnerabilities to cyber-crime will only increase and often in ways that can’t be imagined now. Despite Olsen’s woeful prediction, in the next few years there is apt to be more — and varied — cybercrime that will call for increased vigilance.