the endless fight with cyber crime by rahul tyagi
DESCRIPTION
cyber crimeTRANSCRIPT
The Endless Fight with Cyber Crime By Rahul Tyagi
About Author
Rahul Tyagi is one of the top computer security experts available in
India, Brand Ambassador of TCIL-IT Chandigarh, Vice- President of
Cyber Security and Anti-Hacking Org, India, and Technical Head of
News Paper Association of India.
Website:- www.rahultyagi.net Mail:- [email protected]
My Self Rahul Tyagi and like others, I love the internet and yes it’s
true, think about everything it brought to us, think about all the
applications – services we use, all the technology like Smart Phones
like iPhone 4 with internet, which help us to grab the world in our
palm, and I feel good that it’s happening during my and your
lifetime. Internet exists from era in the world but few years will be
remembered as the years that got online (2008-11), in these years
we build something truly global. Think once again about Facebook,
Twitter, PayPal, Google and many more, these services are like
breath to us today and we cannot really survive without them.
But it also true that along with these facilities our cyber world have
problems, very serious problems, problems with security, problem
with privacy and information. I am spending my carrier by awareing
people from these threats. In this paper i am not going to show Big
Defacements, A Customized Crypter coding etc or something else,
because I don’t think so that it is my job. My job is to show
something which really affects the cyber society and I think this
paper will help you to gain knowledge about the global crime and
criminal strategies.
So to understand the crime scenario lets go back to 1986. This below
is a picture of a famous virus called Brain.A. This virus was the first
PC virus we have ever incurred for the PC.
What was
Funny part in that actually we know where it came from because it
said so. If you see the boot sector of the virus carefully. It says
“Welcome to the Dungeon, 1986 Basit-Amjad (pvt) Ltd. BRAIN
COMPUTER SERVICES 730 NIZAM BLOCK ALLAMA IQBAL TOWN
LAHORE-PAKISTAN PHONE: 430791,443248,280530.”
Basit and Amjad are the first names and off course Pakistani
Names. That was the virus comes in 1986 and now today is 2012. PC
virus related crimes are today’s top most cyber crimes proceeded
through process called RATing etc having the Trojan’s with FUD
(Fully Undetectable) nature.
In 2011 Mid Mr. Hippo Chief Security Researcher officer visited
Pakistan to meet them on the same address which was shown in the
virus code. After reaching the building he knocked on the Door. [:P]
, You wana guess who opened the Door ? Its Basit and Amjad who
opened the door (They are still their never caught). Here is the pic
standing in the picture is Basit and Sitting is Amjad.
Image Property:- Mr. Mikko H. Hypponen
So virus we see in the 1980 and 1990 are not a problem anymore. In
1990’s its very easy to detect that our computer is being infected by
a virus because its shows up. At that time virus and worms are
written by teenagers and kids mostly. Today viruses are big
problems. If we talk about phishing and same kind of attack, they
can be prevented by some basic precautions. Here is a screen shot of
the virus found by MacAfee.
Picture Property: - Rahul Tyagi
Here we can see hundred and thousands of malware coming up in
seconds. So the next question comes to your mind. Again new
question arises where they are coming from, today is the organized
criminal gangs writing and hiring people to write these viruses,
because they make huge money with these viruses.
Here is one gang called GANGSTABUKS operated in Moscow.
So how this site is usefull for a computer hacker or a coder. Well if
you are malicious virus writer coder and you are capable of infecting
popular operating system’s like Windows used in majority in the
world., but you do not know what to do after infecting the computer,
you can sell those infected computers ( Someone else’s computer) to
these guys, and they will monetize those infected computers and I
hope we all know how they monetize , For example they can use
banking Trojans which will steal money when you go for online
banking. But the things they were looking for is the sessions when
you go online and do online shopping.
In India it’s not a big problem yet but in future it will be. Now after
getting your credit card details and other things they will sell those
details to others. In below image we can see these cyber criminals
openly sell them in very cheap price.
In just $2 they are giving you the credit card ownership and after
purchasing you can go for online shopping in a flash. Credit Card
hacked in Russia can be used in Pakistan for shopping and hence no
one can stop and even chances for arresting people behind
purchases are very few.
We have many underground market places on which these illegal
selling and purchasing is being done.
Here we have first underground market place forum known as
alboraaq.com here people can sell hacked profiles like Facebook
Profiles, Twitter Profiles and many other.
There are many forums like this which are providing market place
at once it looks familiar but when you go deep you will find many
people who are selling purchasing illegal tools like, FUD Crypter,
Email Hacking Tools, Remote Accessing Tools and many more. And
the worst I have seen is the majority of users who are on these kinds
of forums are teenagers and good coders. They do not know will be
the outcome of these things which they are doing intentionally or
unintentionally.
Let’s have a look on the real cyber criminals wanted by the FBI. We
have some real cyber criminals which are behind big cyber crime
scenarios, if you go to FBI official site.
Image Source: - http://www.fbi.gov
Image Source: - http://www.fbi.gov
These two people were running online criminal gang called “I AM
YOU”. Through it they generate millions, right now they are on run
nobody knows where they are even dead or alive. Recently US
Officials froze a Swiss Bank Account belongs to them and that
account was having $14.9 Million , so one thing which is clear from
this that the amount of money online crime generate is significant.
What more worst I come to know that these days cyber criminals
are capable of investing into their attacks. They are hiring
programmers, and other testing people to test their attack before
the start of attack to check the efficiency and success rate of the
attack.
Internet as I said is truly global now and cyber criminals are making
the best use of that. Internet is international that is why we call it
internet.
Now what if we know even how to shut it down? Again problem
remains the same as we tries to shutdown it will jump from one
place to another, one country to another hence we cannot shut these
guys down. It is just like giving free plane tickets to the cyber
criminals on the internet helping them to reach us now in a effective
manner like never before.
Here we have a case study of a criminal tracked down by F-Secure.
This is a boot sector of a image which was having a virus attached
with it. And at first sight it seems fine but actually its boot sector is
encrypted with XOR Function 97(Popular Function used to encrypt
content).Here in the below image it is being decrypted by XOR
Function 97.
After decrypting the content here we can see in the below image
yellow portion text is the text which was decrypted recently.
If you see carefully in the image you will see some contents like
website address like http://unionseek.com/d/ioo.exe and some
kind of signature 0600K078RUS.
Link written shows that as the someone open the image this virus
ioo.exe, will automatically downloaded from the link and enters into
the computer without any alert or notification by the antivirus, is ok
but here the signature 0600K078RUS, which have no connection
with the code. And when Mr. Hippo who was investigating this case
Goggled it , they found nothing- ZERO Hit. There was a Russian
employer who was working in F-Secure , and when he saw this
signature he said that 78 is a city code for Saint Petersburg in
Russia.
After some investigation they found a blog which is related to
unionseek.com and what they see is that blog is of a 20 years old
boy, and thing which really amazed him that that boy was having a
Mercedes Benz S600, having V12 Engine along with 400 Horse
Power. For a 20 years old boy this was something big . How they
come to know about the car ? Because he blogged it on his blog. Here
are some pic which he uploaded into his blog.
On the left hand side it’s his Mercedes and on the right some other
car he hit from behind. But in the below image if you see his car’s
number which was 0600K078RUS which was same found in the
source code of the virus.
Now this is how we rest the case. Now what happen when they
caught, in reality cyber crime agencies never goes so far like this.
They even do not know from which country the attack is coming,
and if they even find the online criminal there is no outcome.
So one thing more pretty clearer now that it’s very difficult to stop
these cyber criminals. But if we say precaution is better than cure,
so what will be your precaution against these kinds of Virus attacks?
Now again I am sure as I used the word Virus then first protection
came into your mind will be Antivirus, but unfortunately these days
even your Paid –Premium fully updated Antivirus not going to
protect you from viruses , having FUD (Fully Undetectable) nature.
Let’s see a demonstration of it how cyber criminals make their
infection files Fully Undetectable.
Here this is a infection file of Trojan used to infect
computer and after infection help in Remote accessing. This is non
FUD and if we scan it with online virus scan it will come up with
following results.
Out of 43 anti viruses 38 detected that this is a malicious file. Now
lets try to make if FUD here below I am using a Crypter that will
make change the signature of the virus file and make it purely
Undetectable.
Here after browsing to the server.exe file as we click on build it will
change the signature hence will make server.exe fully undetectable .
You can see the new file coming up after crypting the old server.exe ,
now let’s again scan it with virus total portal and check what will be
the results.
Now we can
say it is undetectable by Top 43 anti viruses. So what to do now quit
using computer, stop using online services?. And truly speaking
giving answer to this question is really difficult for me too.Suppose if
your computer is being infected by this kind of virus what you can
do?.
Think about the services we use today and think at one day you
can’t have them for some reason or what. I see beauty in the future
of the internet but I am worried that we might not see them because
we are in big trouble created by cyber criminal and if it will be going
like this the we will have the situation of losing it all.
I have diverted my carrier towards cyber awareness and I do
feel like if we do not fight online crime now, then we are
running a risk of losing it all. We need a true global strict law
enforcement work done to find the organized criminal gangs
that are making millions from these attacks , which is more
important than installing and running firewall and anti viruses.
Finding the people behind these attacks and more importantly,
we have to find the people especially teenagers and script
kiddies who are going to be the part of these crime. We have to
find the people who have the potential but lack of opportunity
and have to guide them to devote the time and mind in
protection rather than destruction.
About Author
Rahul Tyagi is one of the top computer security experts available in
India, Brand Ambassador of TCIL-IT Chandigarh, Vice- President of
Cyber Security and Anti-Hacking Org, India, and Technical Head of
News Paper Association of India.
Website:- www.rahultyagi.net Mail:- [email protected]