DarkGovernment

U.S. Largest Source of Malware

American websites host more malware and computers relay more spam than any other country, the latest security report showed.

As evidence of this, when an American Internet company, accused of collaborating with spammers and hackers, was disconnected from the net in November, the level of spam staggered down 75 percent.

The ‘Security Threat Report 2009′ was just published by Sophos, the U.K.-based IT security and control firm, which examined the threat landscape over the last twelve months, and predicted the emerging cybercrime trends for 2009.

Too many compromised computers

“Not only is the U.S. relaying the most spam because too many of its computers have been compromised and are under the control of hackers, but it’s also carrying the most malicious Web pages,” said Graham Cluley, senior technology consultant for Sophos. “We would like to see the States making less of an impact on the charts in the coming year. American computers, whether knowingly or not, are making a disturbingly large contribution to the problems of viruses and spam affecting all of us today.”

Sophos’s research reveals that in 2008, organized criminal gangs tripled their attacks against innocent websites, injecting malicious code to infect visiting home users and businesses.

In addition, 2008 has seen concerted campaigns by hackers to pose as legitimate anti-virus vendors, creating new professional-looking websites and applications every day with the intention of scaring users into believing that their computers have been compromised.

On average, five new scareware websites were identified each day by Sophos, with the figure peaking at more than 20 per day on occasion.

Trusted networks targeted

The report also documented the major Internet attacks of 2008, and showed a rise in hackers spamming out malicious attachments, designed to compromise PCs in order to steal identities, money and resources. By the end of 2008, Sophos was tracking five times more malicious attacks arriving through files attached to e-mails than at the start of the year.

Spammers and malware authors have shown interests in websites such as Facebook - hacking into innocent users’ accounts to take advantage of trusted social networks and send spam and malware.

“The last year proved beyond doubt that Internet hacking gangs are organised like never before, often working across borders to steal money and data from unsuspecting users. The volume of attacks has increased, with hackers using automated systems to break into vulnerable websites or generate new variants of their malware,” said Cluley.

“People need to wake up to the reality that the completely legitimate Web site they are visiting could be harbouring a dangerous malware infection planted by hackers. As we enter 2009, we are not expecting to see these assaults diminish. As economies begin to enter recession it will be more important than ever for individuals and businesses to ensure that they on guard against Internet attack,” he said.

Internet attacks are overwhelmingly orchestrated via networks of innocent home computers that have–unknown to their owners–been commandeered by hackers. Sophos urges home users and businesses to properly defend their personal computers with up-to-date anti-virus software, security patches and firewalls.

Statistics and findings

• Biggest malware threats - SQL injection attacks against websites and the rising tide of scareware.

• New Web infections - one new infected Web page discovered by Sophos every four and a half seconds (Three times faster than in 2007).

• Malicious e-mail attachments - five times more at end of 2008 than at the beginning.

• U.S. hosts the most malware on the Web (37 percent), usurping China’s position in 2007.

• U.S. computers relay the most spam (17.5 percent).

• Increasing allegations of state-sponsored cybercrime, as China, North Korea, Russia and Georgia amongst those accused of espionage and assaults via the Internet.

Top malware-hosting countries

In 2007, China was responsible for hosting more than 50 percent of all Web-based malware. This position was taken over by the U.S. in 2008.

The top ten malware-hosting countries in 2008 are:

1. U.S. 37.0 percent

2. China (including HK) 27.7 percent

3. Russia 9.1 percent

4. Germany 2.3 percent

5. South Korea 2.1 percent

6. Ukraine 1.8 percent

7. United Kingdom 1.7 percent

8. Turkey 1.5 percent

9. Czech Republic 1.3 percent

10. Thailand 1.2 percent

Other malware-hosting countries in Asia are Malaysia (0.1 percent), Japan (0.1 percent), Singapore (less than 0.1 percent). The spam-relaying countries are Philippines (0.9 percent), Japan (0.6 percent), Australia (0.6 percent), and Singapore (0.3 percent).

Tags: computer security, computer virus, malware, Security

Obama Computers Hacked

Hackers broke into the computer systems of the Barack Obama and John McCain campaign teams during the US presidential race and stole a ‘’serious amount of files” in an operation that US government cyber experts believe originated from China.

The Secret Service and FBI warned Obama and McCain earlier this year that their computer networks had been infiltrated by foreign hackers who downloaded large quantities of information from the campaign networks. “You have been compromised, and a serious amount of files have been loaded off your system,” an FBI agent said, according to a report in Newsweek magazine.
The report went on to say that technical experts speculated the hackers were Russian or Chinese. The FBI apparently told Obama the attack had not been carried out by political opponents.
US officials said they discovered that the cyber attacks originated in China but do not yet know if they were government-sponsored or from an unaffiliated source.
The incident was first revealed in a Newsweek report that said the FBI and Secret Service told the Obama team of the attack in the summer.
According to the article, Josh Bolten, the White House chief of staff, called David Plouffe, who was Obama’s campaign manager, saying: “You have a real problem … you have to deal with it.”

It is understood the campaigns then hired private cyber security companies to look into the breaches.

The Secret Service and the McCain and Obama campaign teams have made no comment on the alleged attacks.

Ironically, exiting president George W. Bush had just announced hours before in a speech that enemies of the United States could be working on a plan targeting the country as it makes the transition from one administration to another. It’s not certain if that was just a coincidental jab at the incoming Democrats or if Mr. Bush and his team are aware that a real threat is brewing.

Regardless, it seems Barack Obama, just days after being confirmed as the next president of the United States, has already been given a rude welcome.

Tags: chinese hackers, computer security, fbi, hacker, mccain, obama, russian hacker, russian hackers

The Online Shadow Economy of Malware

A multi-billion dollar market exists for malware authors,
malware, meaning computer viruses, trojans and spyware, is
about money. The teenagers who wrote viruses have grown up
and now they’re trying to make money. The shadow Internet
economy is worth over $105 billion. Online crime is bigger than
the global drugs trade. There is a sophisticated online black
market with tens of thousands of participants. Collectively, online
criminals are using the techniques of the free market to subvert
and corrupt legitimate online business.
Dot.com entrepreneurs of crime
Maksym Schipka, Senior Architect at MessageLabs, has been
spending a lot of time exploring this criminal underworld. He has
been looking at Russian websites, chat forums and exchanges
because he understands the language and because they are
the most active. However, there are similar online markets in
other countries. In the shadow economy, people boast of making
$10,000 a day and while this may be bravado, people are making
good money in the shadow economy. With little chance of being
caught and so much money at stake, it is little wonder that “a
huge number of people are involved,” according to Schipka.
Division of labor
The big surprise is the level of specialization and the
sophistication of the market. Picture a mall: some shops sell
clothes, some sell food, others sell books and so on. Each shop
is specialized and dedicated to one type of product. For each
type of product, there are several shops competing to offer better
prices and better service. This is what the shadow economy
is like.
Let’s look at one online crime and see how it breaks down into
a series of specialized trades. First, malware writers create new
viruses, spyware, and trojans to infect computers. For as little
as $250 you can buy a custom written malware and for an extra
$25 a month you can subscribe to updates that will ensure your
malware evades detection. The vast majority of malware authors
do not distribute it themselves. In fact, they make great play of
offering their software “for educational purposes only” in the hope
that this offers some immunity from prosecution.
A malware middleman buys malware from a programmer and
uses the services of a botnet owner to spread it. A botnet is
a remotely-controlled network of computers that have been
infected by a virus. Typically, they are poorly protected computers
belonging to innocent people around the world. You may have a
bot running on your PC now and not know it. These computers
give botnet owners the computing horsepower and network
connectivity to spam out millions of emails or send out hundreds
of thousands of trojan attacks or host a malicious website. Once
the malware has spread, the middleman can sit back and start to
collect stolen information and identities.
The middleman sells the stolen identities to make money.
A full identity sells for around $5. This includes full name and
address, a passport or driving licence scan, credit card numbers
and bank account details. Credit card numbers sell for 2-5% of
the remaining credit balance on the cards in question. Identity
thieves offer their customers a high level of service. For example,
you can buy identities sorted by country, industry, role; and credit
cards sorted by remaining balance.
There is another category of middleman who specializes
in turning stolen credit card identities into cash. He will buy
credit card information and then use a “drop service.” A drop is
someone who receives goods purchased with a stolen credit
card. Some are criminal fences; others are unwitting dupes doing
it for cash. A middleman buys goods from online shops – typically
cameras and portable computers – and then ships them to drops.
The drops, in turn, post them on or sell them immediately for
cash. This is how a stolen credit card is laundered.
Scammers scammed
They say there’s no honor among thieves. This is also true of
the shadow economy. Fraud and rip-offs are so common that a
system of guarantors and escrow accounts has emerged. For
example, a drop service provider might offer a guarantee to an
identity thief that they will be paid their cut of the sale of any
goods, even if individual fences don’t pay up.
Similarly, guarantors will provide an escrow service. For example,
a buyer will transfer payment to the guarantor and the seller will
transmit the virus code or the credit card numbers. If the goods
check out the funds are released. Typically, these
guarantors take 2-3% of the transaction value for
their services. The emergence of these services
shows a developing sophistication in the market,
driven by economics more than technology or
the demands of organized crime. It also shows
there are participants who value their long-term
reputation. These are worrying signs.
Continuous improvement
Another sign of growing sophistication is the
continuous improvement in the quality of products
on sale in the shadow economy. Malware writers
work hard to test their products against anti-virus
software. They offer guarantees that a given virus
or trojan will not be detected using current antivirus
programs. If vendors update their software,
then the malware author will supply a new version.
Conventional anti-virus programs rely on
“signatures” to detect malware. A signature is
similar to a DNA fragment that identifi es the virus
and separates it from legitimate data. Anti-virus
programs scan email attachments and other fi les
to check that they contain no known signatures.
As new malware comes to light, anti-virus vendors
issue signature updates. However, they can only
fi nd a new signature after a new virus is in the wild
and is released on the Internet. Worse, malware
authors can also download the signatures and test
their creations against the latest updates. Schipka’s
research suggests that malware authors can
produce new, unique malware every 45 seconds
in order to keep it undetected.
This is where the MessageLabs service is so
valuable. As malware developers get more
sophisticated, they fi nd it easier to stay one step
ahead of signature-based detection. MessageLabs
uses signatures, but also has a second line of
defense: its proprietary Skeptic™ engine. This
heuristic scanner can detect malware without
signatures. Moreover, the bad guys can’t buy it and
use it to test their malware. The only people who
have access to Skeptic are MessageLabs and the
only people who benefi t from it are MessageLabs
customers. Ultimately, says Schipka, “The only thing
you can rely on is very good, well-managed heuristic
detection.”
The free market and the future of online crime
The shadow economy has all the attributes of
a traditional economy – division of labor, price
competition, marketing and so on – accelerated
to Internet speed and carried out online. Adam
Smith, the pioneering political economist, in his
Wealth of Nations, foresaw that the division of labor
could increase productivity and quality. Similarly,
competition drives down prices and tends to drive
innovation. While it is interesting to observe these
classical economic principles at work, they hold
a terrible warning: malware is going to get more
common and more virulent. Companies that rely
on the Internet and email, need the best protection
they can get.

Tags: computer security, hacking, malware, shadow economy, trojan, trojans

Government Web Hackers Arrested

Spanish police have arrested five young computer hackers who allegedly disabled Internet pages run by government agencies in the U.S., Latin America and Asia, authorities said Saturday.

The National Police described the suspects as belonging to one of the most active hacker groups on the Internet and said two of the suspects are only 16 years old. The others are 19 or 20.

On the Internet, the group calls itself D.O.M Team, police said.

One of the group’s techniques was to infiltrate Web sites and insert a page of its own, police said. A Google search turns up several hits with pages that fit this description.

The group attacked some 21,000 Web pages over the last two years, police said in a statement. The five were arrested this week in Barcelona, Burgos, Malaga and Valencia.

The statement did not identify which government Web sites the suspects are accused of tampering with.

The Spanish newspaper El Mundo reported in March that the group had infiltrated NASA’s Web page, but a police official said Saturday she could not confirm this. The official spoke on condition of anonymity in line with department rules.

The group also hacked the Venezuelan national telephone company’s page, and that of the Spanish telephone operator Jazztel, among others, the paper said.

El Mundo said it had contacted the group and it described itself not as a bunch of delinquents, but computer-lovers that raid Web sites to show system administrators the pages’ vulnerabilities.

The Spanish investigation began in March after the Web page of a Spanish political party, Izquierda Unida, was disabled shortly after Spain’s general election March 9.

The five suspects did not know each other personally, but rather just over the Internet. They were in contact with other members of the hacking group, mainly in Latin America, police said.

Tags: computer hacker, computer security, crime, hacker, hacking, web hacker

University in Sweden Breaks Quantum Cryptography

Quantum cryptography has been regarded as 100-percent protection against attacks on sensitive data traffic. But now a research team at Linköping University in Sweden has found a hole in this advanced technology. The risk of illegal accessing of information, for example in money transactions, is necessitating more and more advanced cryptographic techniques.

When you send an encrypted message via the computer network, one of the most difficult problems to solve is how the key should be transmitted. One way is to send it by courier (either by regular mail or, as in spy movies, a person with a briefcase attached to his wrist). Another way is a “public key,” which is used for online banking and security functions in Web browsers (https://).

A courier must of course be reliable, otherwise there is a risk that the key will be secretly copied on the way. A public key is regarded as secure, since enormous calculations are required to break the long strings of data bits - some 2,000 - that make up the key.

But a new technology called quantum cryptography is supposed to be absolutely secure. Thus far, however, very few people have made use of it. It requires special hardware, for example with a type of laser that emits polarized light particles (photons) via optic fiber or through the air. Some companies and banks in Austria are testing the system, and trials are underway with satellite-TV transmission.

The security is guaranteed by the laws of quantum mechanics. Quantum-mechanical objects have the peculiar property that they cannot be measured upon or manipulated without being disturbed. If somebody tries to copy a quantum-cryptographic key in transit, this will be noticeable as extra noise. An eavesdropper can cause problems, but not extract usable information.

But Jan-Åke Larsson, associate professor of applied mathematics at Linköping University, working with his student Jörgen Cederlöf, has shown that not even quantum cryptography is 100-percent secure. There is a theoretical possibility that an unauthorized person can extract the key without being discovered, by simultaneously manipulating both the quantum-mechanical and the regular communication needed in quantum cryptography.

“The concern involves authentication, intended to secure that the message arriving is the same as the one that was sent. We have scrutinized the system as a whole and found that authentication does not work as intended. The security of the current technology is not sufficient,” says Jan-Åke Larsson.

In the article, published in the journal IEEE Transactions on Information Theory, the authors propose a change that solves the problem.

“We weren’t expecting to find a problem in quantum cryptography, of course, but it is a really complicated system. With our alteration, quantum cryptography will be a secure technology,” says Jan-Åke Larsson.

Tags: code breaking, computer security, cryptography, quantum, quantum mechanics