Friday, November 18, 2011

Week 12 Post: Reflections

Reflecting on the blogs I’ve written over the last 11 weeks, it is apparent that the blogs I have posted have been largely focused on the hacking community.  My primary source of information was Cnet.com and thehackernews.com.  I primarily used them as my launch points for blogging as they have long been my source for IT Security related news, as they can always be trusted to have the lastest in IT security related stories.

I focused on hacking stories because in the world of IT security, hackers are the #1 threat, and because I find the topic both interesting and relevant to the goals of not only our blogging assignment, but towards the entire degree path. 

In my searching for stimulating and pertinent material each week, I would spend a considerable amount of time researching various sites to get multiple viewpoints of any given topic, and would often find myself researching topics more than I normally would just to learn about what was going on in any given event.  This research I performed each week has broadened not only my view of the hacking community but the climate of the world as well.

We are living in interesting times, with groups/movements such as WikiLeaks, Anonymous, the 99% Movement, and the Occupy Movement, etc.  It’s quite interesting to see the lines between the real and digital world blurring.  How digital attacks and events are complimenting protests and actions performed in the real world. 

I believe blogs such as these could aid IT Security professionals and future IT Security students in understanding the current climate and the threats that exist in the cyber world.  Understanding the pathology of cybercrime and keeping abreast of security threats, both past and present may aid in the proactive development of countermeasures for future threats.     

Friday, November 11, 2011

Week 11 Post: $14 Million Click-Hijacking Scam

The U.S. Department of Justice said on November 9th that it had uncovered an Internet scam ring that fetched 14 million dollars by means of infecting millions of computers around the world with malware that is designed to redirect Web searches to websites that generate revenue.

Seven culprits, six from Estonia and one from Russia are being brought up on charges of wire fraud and computer intrusion, says the FBI. The group is accused of infecting roughly 4 million computers in more than 100 countries (500,000 in the U.S. alone), including NASA – with malware named DNSChanger. The malware makes changes to the Domain Name Server (DNS) settings on the infected computers, effectively redirecting them to rogue DNS servers which then point them to specific Web sites.

Essentially the malware hijacks the infected computers and when certain Web searches were performed, it would redirect them to sites that would pay them money whenever people visited the sites and clicked on ads.

An FBI statement reports: “When users of infected computers clicked on the link for the official Web site of iTunes, for example, they were instead taken to a Web site for a business unaffiliated with Apple Inc. that purported to sell Apple software."

Additionally, the malware would redirect the infected machines that searched for Netflix to a business called “BudgetMatch” and searches that were intended to find the IRS were redirected to H&R Block.”

The accused are also facing charges that they replaced legitimate ads on sites with their own ads that triggered payments to themselves. An example is that they replaced an American Express ad on the Wall Street Journal’s home page with an ad for “Fashion Girl LA” as well as replacing an “Internet Explorer 8” ad on Amazon.com with an ad for an e-mail marketing firm.

The way that computer were infected with DNSChanger was triggered when they visited certain Web sites or when they downloaded certain software to view videos online. Additionally, the malware software prevented antivirus and operating systems from updating correctly.

The accused allegedly created companies that masqueraded as legitimate advertising publisher networks. Apparently the operation began in 2007 and ended in October of this year with the completion of a two-year FBI investigation dubbed “Operation Ghost Click,” says the FBI.

The rogue DNS servers that were used in this operation have been replaced with legitimate servers in effort to correct the Internet access issues persistent on infected computers. The owners of infected computers will need to be proactive in clearing the malware off of their machines. People can verify if their computers are infected by typing their DNS information into an FBI webpage (https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS).

The indictment filed in the U.S. District Court of New York was unsealed on Tuesday.



References:
Mills, E (2011). Seven accused in $14 million click-hijacking scam. Retrieved 10 November, 2011 from Web site: http://news.cnet.com/8301-1009_3-57321844-83/seven-accused-in-$14-million-click-hijacking-scam/?tag=txt;title

Wednesday, November 2, 2011

Week 10 Post: Anonymous threatens Mexican drug cartel

The Mexican arm of Anonymous is going toe to toe with one of the world’s most dangerous criminal organizations, the Mexican cartel Los Zetas. Anonymous is making threats to the drug cartel over the alleged kidnapping of one of its members in Veracruz.

Anonymous does not identify the missing member by name, but alleges he was kidnapped from a street protest, “doing Paperstorm” which is a reference to posting flyers or messages in public areas.

In a Youtube video, a man dressed in a suit and tie, and wearing the Guy Fawkes mask from the movie “V for Vendetta” (the mask has become the symbol for Anonymous), says in Spanish: “You made a huge mistake by taking one of us. Release him. And if anything happens to him, you (expletive) will always remember this upcoming November 5th” He continues with “We demand his release, we want the Army and the Navy to know that we are fed up with the criminal group Zetas, who have concentrated on kidnapping, stealing and blackmailing in different ways.”

"We can't defend ourselves with a weapon, but if we can do this with their cars, houses, bars, brothels, and everything else in their possession," the video says. "It won't be difficult. We all know who they are and where they are."

The video posted earlier this month also threatens to expose its associates to include journalists, taxi drivers, police and corrupt government officials who allegedly cooperate with the cartel. The website of a Gustavo Rosario, a Mexican politician suspected of having connections with the cartel was defaced and the words “Es Zeta” (is Zeta) were shown on his main page.

These threats move Anonymous into a whole new realm, they typically target corporations, government agencies, and law enforcement departments that it deems financially or morally corrupt, gangs have never before been the target of their attacks.

The U.S. Justice department states that the Zetas cartel may be the most technologically advanced sophisticated and violent force of the paramilitary enforcement groups in Mexico.

Mike Vigil, a retired head of International Operations for the DEA said that the Zetas Cartel needs to take Anonymous seriously because by publishing the names they identify the Zetas Cartel members to rivals and they will go after them. If Anonymous makes good on its threats and publishes these names, it will most certainly lead to more deaths.

This is a pretty bold move by Anonymous and it will be interesting to see the resulting fallout.









References:

Anonymous Veracruz copia. Retrieved 01 November, 2011 from Youtube Web site: http://www.youtube.com/watch?feature=player_embedded&v=3ZL0E1J7wOg!

Mills, E (2011). Anonymous online activists threaten Mexican drug cartel. Retrieved 01November, 2011 from Cnet Web site: http://news.cnet.com/8301-1009_3-20127534-83/anonymous-online-activists-threaten-mexican-drug-cartel/?tag=txt;title



THN Reporter (2011). Anonymous hackers threatening a Mexican drug cartel. Retrieved 01 November, 2011 from The Hacker News Web site: http://thehackernews.com/2011/10/anonymous-hackers-threatening-mexican.html