Welcome to the UnderNet!

E-mail Print PDF
AddThis Social Bookmark Button

At the turn of the millennium, a few call centers had started operating and SMS text messaging was becoming increasingly popular.

The Internet was also fairly new and available to only a few. Most users weren’t overly concerned about malware. Any concerns then were focused on ‘computer viruses’ spreading through infected media such as diskettes, not the Internet. Then on 5 May 2000, e-mail messages with attached ‘love letters’ began spreading across the globe.

The I Love You computer worm wasn’t particularly sophisticated. It was a Visual Basic script for which templates had been readily available for some time. I Love You was able to spread so quickly and do so much damage for two reasons. People then weren’t wary of e-mail messages or the other dangers on the Internet, and the message had been craftily social- engineered to seem as if it came from a romantic interest. It seems that the old Beatles song is true. There are lots of lonely people. While the perpetrators were tracked down and arrested, there were no Philippine laws at the time with which they could be seriously prosecuted. And they were eventually freed.

Draft anti-cybercrime bills were then too raw and contained too many contentious provisions, so ‘hacking’ and other penal provisions were quickly tacked on to e-commerce legislation and enacted into law two months after the I Love You outbreak.

Until the Prevention of Cyber- Crime Act is signed into law (12 years after I Love You), the Lawful Access and Penal Provisions (Sections 45 to 50) of the Electronic Commerce Act of 2000 (RA 8754) remain the primary Philippine statutes on the Internet.

Nowadays, we are much more aware of cyber threats—not just e-mail attachments, but also malicious websites, hacking and theft of credentials (user names and passwords), compromised or hijacked accounts, infected and ‘zombied’ computers serving as part of large criminal ‘botnets’ (short for robot networks), and a whole slew of new and emerging threats.

We now know that the best anti- virus programs will not protect us from malware if we insist on doing careless things like using unknown, unsecured computers, clicking on suspicious links, or visiting dangerous websites. This is all for the good. But what do those who create and spread malware get out of it? It’s no longer just a prank by college kids, so how juicy are the profits?

Consider spam. We are all familiar with spam e-mail messages by now. Neither you nor most of your friends are likely to fall for the obvious spam and phishing tricks, but there are always a few who will. The sheer volume of spam is so huge that, even if only a very small percentage fall for it, the aggregate take can be quite substantial.

It takes about the same effort to send out a dozen spam messages as it does thousands or even millions. That’s one advantage the bad guys on the ‘Net have, the easy automation allowed by computers and the resulting flood of malware over the Web.

A major innovation is that spam and other forms of malware need no longer be sent from a single computer, one that can readily be traced. Instead, cybercriminals now use botnetswhich are large networks of infected and compromised computers orchestrated by the criminals’ control servers.

These zombie computers on the botnet can be used not only to send spam, but to initiate attacks (e.g., Denial of Service or DDOS) against other computers and servers. Is your computer clean, or is it, unknown to you, part of a botnet?

There is also the class of malware, keystroke-loggers, that can capture user names and passwords that you type on your computer. This allows criminals access to not only your e-mail and social network accounts, but also bank accounts if you do financial transactions online. While a keystroke-logger on a single computer is bad enough, a zombie computer can sniff out credentials on connected networks. If, for example, the computer that controls the WiFi network at your favorite coffee shop has been compromised, it can be used to monitor all traffic across that WiFi network, or insert itself into sessions that are being done over that network. This is one reason why it’s not such a good idea to do banking transactions over unsecured WiFi.

The user credentials, such as credit card numbers, user names and passwords, harvested by criminal syndicates are often stored in server locations referred to as ‘dropzones.’ Recently, cyber-security experts and authorities were able to recover 33 gigabytes of data and stolen credentials from one such dropzone.

This does not mean the recovered data is now safe. After all, the criminals may have already exploited the stolen credentials and will likely also have copies of the stolen credentials stashed at other dropzones.

The recovery does provide some warning as to which accounts have been compromised. These warnings are important as there is now the criminal innovation of micro-theft. Instead of making one big charge or draining your account in one go, criminals can now automatically steal small amounts from thousands of accounts over an extended period of time.

Cybercriminals will often trade the data they gather through various means. There is even a distinction (and price difference) between virgin data and credentials that have already been used or exploited. These trades take place in closed, underground forums or chat rooms.

Naturally, membership to these fora is carefully screened and monitored. Even after you have successfully joined, it takes a while to build a reputation in this ‘UnderNet’ before other criminals trust you enough to trade with you.

The exchanges on the criminal UnderNet are not limited to stolen data. There’s also a vigorous trade in DIY kits for compromising computers and networks or building your own botnet.

But why build and run your own systems from scratch? As a criminal, you now have the option of joining affiliate networks where you do only part of the work; that is, deploy and operate only a portion of the compromising infrastructure in return for commissions.

If, on the other hand, you are interested in some data or would like to launch cyber attacks but don’t want to do the work yourself, the UnderNet now offers Crimeware-as-a-Service (analogous to SAAS or cloud services). You specify what you want and others will do it for you. For a fee, of course.

Print ed: 07/12


On Newsstands Now

The Asian Consumer Goldmine