DarkGovernment

The Online Shadow Economy of Malware

A multi-billion dollar market exists for malware authors,
malware, meaning computer viruses, trojans and spyware, is
about money. The teenagers who wrote viruses have grown up
and now they’re trying to make money. The shadow Internet
economy is worth over $105 billion. Online crime is bigger than
the global drugs trade. There is a sophisticated online black
market with tens of thousands of participants. Collectively, online
criminals are using the techniques of the free market to subvert
and corrupt legitimate online business.
Dot.com entrepreneurs of crime
Maksym Schipka, Senior Architect at MessageLabs, has been
spending a lot of time exploring this criminal underworld. He has
been looking at Russian websites, chat forums and exchanges
because he understands the language and because they are
the most active. However, there are similar online markets in
other countries. In the shadow economy, people boast of making
$10,000 a day and while this may be bravado, people are making
good money in the shadow economy. With little chance of being
caught and so much money at stake, it is little wonder that “a
huge number of people are involved,” according to Schipka.
Division of labor
The big surprise is the level of specialization and the
sophistication of the market. Picture a mall: some shops sell
clothes, some sell food, others sell books and so on. Each shop
is specialized and dedicated to one type of product. For each
type of product, there are several shops competing to offer better
prices and better service. This is what the shadow economy
is like.
Let’s look at one online crime and see how it breaks down into
a series of specialized trades. First, malware writers create new
viruses, spyware, and trojans to infect computers. For as little
as $250 you can buy a custom written malware and for an extra
$25 a month you can subscribe to updates that will ensure your
malware evades detection. The vast majority of malware authors
do not distribute it themselves. In fact, they make great play of
offering their software “for educational purposes only” in the hope
that this offers some immunity from prosecution.
A malware middleman buys malware from a programmer and
uses the services of a botnet owner to spread it. A botnet is
a remotely-controlled network of computers that have been
infected by a virus. Typically, they are poorly protected computers
belonging to innocent people around the world. You may have a
bot running on your PC now and not know it. These computers
give botnet owners the computing horsepower and network
connectivity to spam out millions of emails or send out hundreds
of thousands of trojan attacks or host a malicious website. Once
the malware has spread, the middleman can sit back and start to
collect stolen information and identities.
The middleman sells the stolen identities to make money.
A full identity sells for around $5. This includes full name and
address, a passport or driving licence scan, credit card numbers
and bank account details. Credit card numbers sell for 2-5% of
the remaining credit balance on the cards in question. Identity
thieves offer their customers a high level of service. For example,
you can buy identities sorted by country, industry, role; and credit
cards sorted by remaining balance.
There is another category of middleman who specializes
in turning stolen credit card identities into cash. He will buy
credit card information and then use a “drop service.” A drop is
someone who receives goods purchased with a stolen credit
card. Some are criminal fences; others are unwitting dupes doing
it for cash. A middleman buys goods from online shops – typically
cameras and portable computers – and then ships them to drops.
The drops, in turn, post them on or sell them immediately for
cash. This is how a stolen credit card is laundered.
Scammers scammed
They say there’s no honor among thieves. This is also true of
the shadow economy. Fraud and rip-offs are so common that a
system of guarantors and escrow accounts has emerged. For
example, a drop service provider might offer a guarantee to an
identity thief that they will be paid their cut of the sale of any
goods, even if individual fences don’t pay up.
Similarly, guarantors will provide an escrow service. For example,
a buyer will transfer payment to the guarantor and the seller will
transmit the virus code or the credit card numbers. If the goods
check out the funds are released. Typically, these
guarantors take 2-3% of the transaction value for
their services. The emergence of these services
shows a developing sophistication in the market,
driven by economics more than technology or
the demands of organized crime. It also shows
there are participants who value their long-term
reputation. These are worrying signs.
Continuous improvement
Another sign of growing sophistication is the
continuous improvement in the quality of products
on sale in the shadow economy. Malware writers
work hard to test their products against anti-virus
software. They offer guarantees that a given virus
or trojan will not be detected using current antivirus
programs. If vendors update their software,
then the malware author will supply a new version.
Conventional anti-virus programs rely on
“signatures” to detect malware. A signature is
similar to a DNA fragment that identifi es the virus
and separates it from legitimate data. Anti-virus
programs scan email attachments and other fi les
to check that they contain no known signatures.
As new malware comes to light, anti-virus vendors
issue signature updates. However, they can only
fi nd a new signature after a new virus is in the wild
and is released on the Internet. Worse, malware
authors can also download the signatures and test
their creations against the latest updates. Schipka’s
research suggests that malware authors can
produce new, unique malware every 45 seconds
in order to keep it undetected.
This is where the MessageLabs service is so
valuable. As malware developers get more
sophisticated, they fi nd it easier to stay one step
ahead of signature-based detection. MessageLabs
uses signatures, but also has a second line of
defense: its proprietary Skeptic™ engine. This
heuristic scanner can detect malware without
signatures. Moreover, the bad guys can’t buy it and
use it to test their malware. The only people who
have access to Skeptic are MessageLabs and the
only people who benefi t from it are MessageLabs
customers. Ultimately, says Schipka, “The only thing
you can rely on is very good, well-managed heuristic
detection.”
The free market and the future of online crime
The shadow economy has all the attributes of
a traditional economy – division of labor, price
competition, marketing and so on – accelerated
to Internet speed and carried out online. Adam
Smith, the pioneering political economist, in his
Wealth of Nations, foresaw that the division of labor
could increase productivity and quality. Similarly,
competition drives down prices and tends to drive
innovation. While it is interesting to observe these
classical economic principles at work, they hold
a terrible warning: malware is going to get more
common and more virulent. Companies that rely
on the Internet and email, need the best protection
they can get.

Tags: computer security, hacking, malware, shadow economy, trojan, trojans

NSA Employees Getting Entertained at Your Expense

Americans inclined to have phone sex on international calls may have an unintendedmenage a trois instead.  ABC spoke to two former NSA operatives on the record about their work in the Terrorist Surveillance Program, and let’s just say that they weren’t completely focused on the task at hand.  Instead of the narrow surveillance promised by the Bush administration, the NSA in practice likes to keep themselves amused:

Despite pledges by President George W. Bush and American intelligence officials to the contrary, hundreds of US citizens overseas have been eavesdropped on as they called friends and family back home, according to two former military intercept operators who worked at the giant National Security Agency (NSA) center in Fort Gordon, Georgia.

“These were just really everyday, average, ordinary Americans who happened to be in the Middle East, in our area of intercept and happened to be making these phone calls on satellite phones,” said Adrienne Kinne, a 31-year old US Army Reserves Arab linguist assigned to a special military program at the NSA’s Back Hall at Fort Gordon from November 2001 to 2003.

Kinne described the contents of the calls as “personal, private things with Americans who are not in any way, shape or form associated with anything to do with terrorism.”

She said US military officers, American journalists and American aid workers were routinely intercepted and “collected on” as they called their offices or homes in the United States.

Another Navy Arab linguist, David Murfee Faulk, worked at NSA from 2003 to late 2007, and told ABC essentially the same thing.  They saved conversations that amused them, often getting other operators to listen to phone sex, pillow talk, and other salacious tidbits. They also eavesdropped on journalists and aid workers, even after the NSA knew the numbers had nothing to do with terrorism.

They also intercepted critical information that saved lives in Iraq and elsewhere.  Faulk talked about discovering IEDs that got dismantled because of NSA intercepts, actions that saved the lives of American troops targeted by terrorists.  However, both Faulk and Kinne expressed frustration that the refusal of the NSA to winnow out numbers that clearly would produce no actionable intelligence made it harder for them to find the needles in the haystacks.  “By casting the net so wide and continuing to collect on Americans and aid organizations, it’s almost like they’re making the haystack bigger and it’s harder to find that piece of information that might actually be useful to somebody,” Kinne told ABC.  “You’re actually hurting our ability to effectively protect our national security.”

Americans have trusted the NSA to act professionally in its pursuit of terrorists, and to use its limited resources wisely.  We have heard for the last seven years about the shortage of qualified Arab linguists in the American intelligence community.  If these two are telling the truth, it’s not only a breach of that necessary trust in defending Americans from the asymmetrical threat of terrorists, it’s a criminal misuse of that limited resource.

We need a strong and focused effort from the NSA to discover terrorist plots before they have a chance to reach fruition in their goals of killing Americans.  If these accounts can be independently corroborated, then current management doesn’t appear up to the task.

Update: One commenter says, “Ed, you make a good point, but wouldn’t you possibly be tempted to listen in on a few phone sex calls after listening to thousands of hours of boring garbage?”  In my former career in commercial security, other companies in our field made extensive use of microphones in both residential and commercial applications, which can help cut down false alarms.  They can also provide endless hours of amusement for alarm company operators, especially the residential installations (if you get my drift), who don’t mind telling these stories to pass the time at their new jobs.  Believe me, I understand the impulse, although thankfully I’ve never been in that position myself.

That was why I understood the point of the NSA’s critics on the TSP.  A program like this requires strict supervision to keep abuses from happening.  If what ABC reports is correct, it doesn’t look like we’re getting it.

Update II:  Hmm.  It looks like ABC didn’t do enough research on one of its sources.  Adrienne Kinne is also on the board of directors of Iraq Veterans Against the War, a fact ABC doesn’t mention in its piece.  Faulk now works for the Metro Spirit as a reporter and doesn’t appear to have joined any organized political opposition to the war, but has spoken out against it.

Does that make them not credible?  Not necessarily, especially with Faulk.  They may have come to oppose the war based on these very experiences.  However, ABC certainly should have told its readers and viewers about Kinne’s association with IVAW.

Update III: Just to remind readers, the Bush administration claimed the TSP would only surveil without search warrants calls from phone numbers that had been previously implicated in terrorist activities.  They claimed they would get warrants, as provided by FISA, for all other calls with at least one destination point within the US.  If they’re recording calls outside of those parameters, they’re explicitly violating the law and breaking that promise.

Update IV: Conn Carroll reminds me that satellite phones are not covered under the FISA law and the NSA can listen to any and all conversations on them without warrants.  ABC didn’t bother to mention that either.  Still, is this really what the NSA should be doing?  If the satellite phone number belongs to an Army officer instead of a terrorist, why are we wasting resources on surveilling it?
Source: Hotair

Tags: communications intercept, domestic spying, national security agency, NSA, spying, wiretapping

UK Gets a Taste of American Eavesdropping

Plans for a massive expansion of ‘Big Brother’ state surveillance to cover every phone call, email, text message and internet visit in Britain were unveiled yesterday.

UK Home Secretary Jacqui Smith claimed
that storing details of individuals’ communications was vital to prevent further terrorist atrocities.

Activities which will be subject to snooping for the first time include visits
to social networking sites such as Facebook, auction sites such as eBay, gaming websites and chatrooms.

Police and security services will not be
able to access the precise content but will know each site visited, and to whom and when a phone call, text message or email was sent.

If this sets alarm bells ringing, they could seek a Ministerial warrant to intercept exactly what is being sent, including the content.

The billions of pieces of data are likely
to be stored for a year or more. The cost
is estimated to be at least £1billion, and
could be far higher.

Last night MPs and privacy groups attacked the proposals as ‘Stalinist’, ‘Orwellian’ and a reversal of the presumption that a person is innocent until proven guilty.

One opponent said: ‘They are making us all suspects.’

A leaked memo written by sources close to the project revealed it was fraught with technical difficulties.

Officials are split between placing the vast amount of data to be collected on a huge central Government database or forcing service providers to store the information,
to be accessed on demand.

Currently, the option being worked on is to request data from the service providers, the memo reveals. They are likely to pass on extra costs to customers.

Shadow Home Secretary Dominic Grieve said: ‘These proposals would mark a substantial shift in the powers of the state to obtain personal information on individuals.

‘Given the Government’s poor record on protecting data and running databases there
needs to be a full and proper debate.

‘The public will also be acutely aware of how, under this Government, surveillance powers designed to combat terrorism and serious organised crime have been used by local authorities to investigate things like fly-tipping. This would be absolutely unacceptable.’

Liberal Democrat spokesman Chris Huhne said: ‘The Government’s Orwellian plans for a vast database of our private communications are deeply worrying.

‘Ministers claim the database will only be used in terrorist cases, but there is now a long list of cases from the arrest of Walter Wolfgang for heckling at a Labour conference to the freezing of Icelandic assets where anti-terrorism law has been
used for purposes for which it was not intended.

‘These proposals are incompatible with a free country and a free people.’

We’re watching you: An East German Stasi officer listens in on a couple in a scene from the Oscar-winning film The Lives Of Others. Jacqui Smith has unveiled plans for a massive expansion of state surveillance
Phil Booth, of the NO2ID privacy campaign, said: ‘This is the Stalinist vision which we always knew was on the agenda. Monitoring the entire population is a complete abhorrence, reversing the presumption of innocent until proven guilty and making us all suspects.’

But senior security and police services were adamant that, without the new powers, lives would be put at risk.

They said some investigations have already been affected by criminals who use technology to avoid detection, by plotting online through social networking sites or
interactive games.

‘Criminals are getting more sophisticated in using this technology and they are going to exploit it unless we do something,’ one source said.

Miss Smith yesterday admitted the public had reason to be concerned.

In a speech to the Institute for Public Policy Research thinktank, she said: ‘Of course, even if there had not been events [data losses], the British public would have every right to be sceptical about a state activity that involves the collection of data.’

But she said that, without increasing their capacity to store data, the police and security services would have to consider a ‘massive expansion of surveillance’.

And she insisted: ‘There are no plans for an enormous database which will contain the content of your emails, the texts that you send or the chats you have on the
phone or online.

‘Nor are we going to give local authorities the power to trawl through the database in the interests of investigating lower level criminality under the spurious cover
of counter-terrorist legislation.’
Source: Dailymail

See More: NSA Monitoring Capabilities

Tags: big brother, electronic surveillance, Jacqui Smith, NSA, spying, U.K., wiretapping

Big Brother Extends Reach in U.K.

A new generation of speed cameras that can track drivers for up to 30 miles and cannot be dodged are being tested by police.

The devices stop motorists evading a ticket by braking suddenly before a camera and then speeding up immediately afterwards. The new cameras could cover whole areas of cities or suburban housing estates, guarding any number of entry and exit points.

By ‘talking’ to each other down phone or internet lines, they calculate a car’s average speed – even if it makes a series of left and right turns down a variety of roads.

The cameras are already in use, but mainly on the motorways.

They are now likely to appear on rural and urban roads, spelling the end for the 6,000 yellow ‘Gatso-style’ box cameras currently in use.

 

Transport minister Jim Fitzpatrick yesterday told a road safety conference that the latest cameras would be a key weapon in the fight to reduce road casualties.

Supporters say they are ‘fairer’, have so far reduced casualties by 50 per cent and encourage a smoother traffic flow and safer, more consistent driving behaviour.

But critics say it is merely a new chapter in the Government’s war on motorists, who paid £106million in fines last year.

One system, costing £200,000 to £1million depending on the size of the area covered, could replace many fixed-point speed cameras.

But although the number of cameras might reduce, greater areas of the road network would be covered.

One of the providers of average speed cameras, SPECs, told the conference that the cameras could be networked together, could be forward or rear facing, could scan multiple lanes and cover areas from 250 yards to nearly 30 miles.

The cameras photograph a number-plate as a vehicle enters the speed restriction zone, and then again when it leaves.

The system then calculates the car’s average speed between the two points.

If it is higher than the speed limit, the driver is automatically sent a fixed penalty fine and receives three points on their licence.

Mr Fitzpatrick said: ‘Trials have shown very good results. Wherever there are average speed camera signs, traffic moves at a uniform speed and crashes reduce.’

Approval for the new generation of cameras is imminent. It will be up to local authorities to decide whether to buy the system.

˜ Electronic signs that sense when a car is speeding and switch traffic lights further down the road to red, forcing it to stop, are to be introduced in Britain.

The system, already in use as a traffic calming measure in Spain, will be installed on Camden High Street in North London.

Tags: big brother, cameras, privacy, spying, traffic camera, U.K.

Have Mind Reading Machines Arrived

Years ago, Woody Allen used to joke that he’d been thrown out of college as a freshman for cheating on his metaphysics final. “I looked within the soul of the boy sitting next to me,” he confessed.

Today, the joke is on us. Cameras follow your car, GPS tracks your cell phone, software monitors your Web surfing, X-rays explore your purse, and airport scanners see through your clothes. Now comes the final indignity: machines that look into your soul.

With the aid of functional magnetic resonance imaging, neuroscientists have been hard at work on Allen’s fantasy. Under controlled conditions, they can tell from a brain scan which of two images you’re looking at. They can tell whether you’re thinking of a face, an animal, or a scene. They can even tell which finger you’re about to move.

But those feats barely scratch the brain’s surface. Any animal can perceive objects and move limbs. To plumb the soul, you need a metaphysician. John-Dylan Haynes, a brilliant researcher at Germany’s Bernstein Center for Computational Neuroscience, is leading the way. His mission, according to the center, is to predict thoughts and behavior from fMRI scans.

Haynes, a former philosophy student, is going for the soul’s jugular. He’s trying to clarify the physical basis of free will. “Why do we shape intentions in this way or another way?” he wonders. “Your wishes, your desires, your goals, your plans—that’s the core of your identity.” The best place to look for that core is in the brain’s medial prefrontal cortex, which, he points out, is “especially involved in the initiation of willed movements and their protection against interference.”

To get a clear snapshot of free will, Haynes designed an experiment that would isolate it from other mental functions. No objects to interpret; no physical movements to anticipate or execute; no reasoning to perform. Participants were put in an fMRI machine and were told they would soon be shown the word “select,” followed a few seconds later by two numbers. Their job was to covertly decide, when they saw the “select” cue, whether to add or subtract the unseen numbers. Then, they were to perform the chosen calculation and punch a button corresponding to the correct answer. The snapshot was taken right after the “select” cue, when they had nothing to do but choose addition or subtraction.

Until this experiment, which was reported last month in Current Biology, nobody had ever tried to take a picture of free will. One reason is that fMRI is too crude to distinguish one abstract choice from another. It can only show which parts of the brain are demanding blood oxygen. That’s too coarse to distinguish the configuration of cells that signifies addition from the configuration that signifies subtraction. So, Haynes used software to help the computer recognize complex patterns in the data. To dissect human thought, the computer had to emulate it.

Each participant took the test more than 250 times, choosing independently in each trial. The computer then looked at a sample of the scans, along with the final answers that revealed what choices had actually been made. It calculated a pattern and used this pattern to predict, from each participant’s remaining scans, his or her decisions in the corresponding trials. Haynes checked the predictions—add or subtract—against the participants’ answers. The computer got it right 71 percent of the time.

I know what you’re thinking: Why would anyone want a machine to read his mind? But imagine being paralyzed, unable to walk, type, or speak. Imagine a helmet full of electrodes, or a chip implanted in your head, that lets your brain tell your computer which key to press. Those technologies are already here. And why endure the agony of mental hunt-and-peck? Why not design computers that, like a smart secretary, can discern and execute even abstract intentions? That’s what Haynes has in mind. You want to open a folder or an e-mail, and your computer does it. Your wish is its command.

But if machines can read your mind when you want them to, they can also read it when you don’t. And your will isn’t necessarily the one they obey. Already, scans have been used to identify brain signatures of disgust, drug cravings, unconscious racism, and suppressed sexual arousal, not to mention psychopathy and propensity to kill.

Haynes understands the objection to these scans—he calls it “mental privacy”—but he buys only half of it. He doesn’t like the idea of companies scanning job applicants for loyalty or scanning customers for reactions to products (an emerging practice known as neuromarketing). But where criminal justice is at stake, as in the case of lie detection, he’s for using the technology. Ruling it out, he argues, would “deny the innocent people the ability to prove their innocence” and would “only protect the people who are guilty.”

I hear what he’s saying. I’d love to have put Khalid Sheikh Mohammed through an fMRI before Sept. 11, 2001, instead of waiting six years for his confession. And I wish we’d scanned Mohamed Atta’s brain before he boarded that flight out of Boston. But what Haynes is saying—and exposing—is almost more terrifying than terrorism. The brain is becoming just another accessible body part, searchable for threats and evidence. We can sift through your belongings, pat you down, study your nude form through your clothes, inspect your body cavities, and, if necessary, peer into your mind.

FMRI is just the first stage. Electrodes, infrared spectroscopy, and subtler magnetic imaging are next. Scanners will shrink. Image resolution and pattern-recognition software will improve.

But don’t count out free will. To make human choice predictable, you first have to constrain it so that it’s not really free. That’s why Haynes confined his participants to arithmetic, gave them only two options, and forbade them to change their minds. They could have wrecked his experiment by defying any of those conditions. So could you, if somebody came at you with a scanner or an electrode helmet. To look into your soul and get the right answer, science, too, has to cheat. Somewhere, Woody Allen is laughing. I can feel it.

Tags: mind reading, privacy, Technology