Thursday, March 27, 2014

[infosecurity-magazine] Criminal Underground is a Sophisticated Metropolis, with Stores, Education, and Law & Order

“Shadowy hacker underworld.” “Dark Web.” “Underground cyber-forum.” These are the phrases that get bandied about referring to those dark corners of the internet where cybercriminals publish their malware, espionage campaigns are hatched and hacktivist manifestos are discussed. The verbiage is decidedly DIY. But new research suggests that these cyber black markets are hardly makeshift affairs: rather, they account for a mature and growing multi-billion-dollar economy with a robust infrastructure and social organization.

The report from RAND Corp. found that these black markets, like any other economy, react to market forces like supply and demand, and continue to evolve. Likening it to a thriving metropolis, RAND found significant levels of economic sophistication, reliability, accessibility and resilience in the products, distribution channels and actors involved in the black markets.

“The security industry, government and legal communities must come together to establish new norms for how companies can more vigorously defend themselves against cyber-attacks,” said Nawaf Bitar, senior vice president and general manager of the security business for report sponsor Juniper Networks, in a statement. “We must address the root cause behind the accelerated maturation of the cyber-crime market – the very economics that drive its success. By disrupting the economics of hacking we can break the value chains that drive successful attacks.”
The mainstream economic hallmarks of the cybercriminal shadow-land are myriad. For instance, there are storefronts, where data records, exploit kits and goods are bought and sold – and like other forms of e-commerce, the customer service elements range from instant messaging chat channels and forums to sophisticated, multilayered shopping cards. RAND found some organizations can reach 70,000 to 80,000 people, with a global footprint that brings in hundreds of millions of dollars. Those dollars are most often used in the form of digital currency, like Bitcoin, Pecunix, AlertPay, PPcoin, Litecoin, Feathercoin and Bitcoin extensions such as Zerocoin. RAND in fact found that many criminal sites are starting to accept only digital crypto currencies due to their anonymity and security characteristics.
There’s also a service economy – RAND said that not only goods, but criminal services are available for purchase. These tools, sold on the black market as traditional software or leased like any other managed service, can help enable the most unskilled hackers to launch fairly elaborate and advanced attacks. For example, RAND found botnets, which can be used to launch a Distributed Denial of Service (DDoS) attack, are sold for as low as $50 for a 24-hour attack.
The underweb also has a hierarchy of power. Much like a legitimate business, RAND found it takes connections and relationships to move up the (cyber) food chain. Getting to the top requires personal connections – and those at the top are making the lion’s share of the money.
Shockingly, there really does appear to be honor among thieves. RAND found many parts of the cyber black market that are well structured, policed and have rules like a constitution. In addition, those who scam others are regularly banned or otherwise pushed off the market. And, even the criminal cyber black market has criminals. Known as “rippers,” these specific bad guys do not provide the goods or services they claim.
There’s education and training too. RAND identified widely available tools and resources on the black markets that teach criminals how to hack, including instructions for exploit kits and where to buy credit cards. This access to training has accelerated sophistication, a broader set of roles and has helped facilitate entry into the hacker economy.
As far as who populates the underground, the research showed that there’s significant diversity. Cybercriminals from China, Latin America and Eastern Europe are typically known for quantity in malware attacks, while those from Russia tend to be thought of the leader in quality.
RAND also found areas of expertise and focus among different countries. Many Vietnamese criminal groups, for example, mainly focus on ecommerce hacks. Cybercriminals from Russia, Romania, Lithuania and Ukraine focus on financial institutions. Many Chinese cybercriminals specialize in intellectual property. And US-based cybercriminals primarily target US-based financial systems. In addition to a diverse set of cybercriminals, RAND said that there’s now more cross-pollination between these groups than ever before.
Bitar said that security personnel need to take a realistic view of the enemy and react accordingly. “We must never lose the moral high ground, however, so we cannot go on the offensive and hack back, but we can no longer remain passive,” Bitar said. “By using forms of active defense such as intrusion deception we can identify, thwart and frustrate attackers. Active defense is a promising and exciting approach for addressing the rapidly evolving threat landscape.”

No comments:

Post a Comment