Breaking bad: Drugs, bots, hackers, and cyber insecurity

The battle against cyber crime chalked up a couple of big wins for the good guys this week, as the FBI captured Dread Pirate Roberts and Symantec took down ZeroAccess. But those coups were countered by new revelations about the scope of activities by Russian data-theft group SSNDOB and other examples of the ingenuity of today’s hackers. Cue “The Never Ending Battle” soundtrack.

For those of you who started the week mourning Walter White, here’s a real-life plot worthy of “Breaking Bad”: The FBI this week seized Ross William Ulbricht, the man behind an online drug marketplace known as Silk Road. In addition to distributing heroin, cocaine, LSD, and methamphetamine, Ulbricht — whose aliases include “Dread Pirate Roberts” and “Silk Road” — is charged with soliciting one Silk Road user to murder another Silk Road user who was threatening to release the identities of thousands of the site’s members — talk about cutthroat tactics.

FBI agent Christopher Tarbell describes Silk Road as “the most sophisticated and extensive criminal marketplace on the Internet today,” and claims several thousand drug dealers used Silk Road to move drugs to “well over 100,000 buyers.” The FBI estimates the Silk Road site generated $1.2 billion in sales and $80 million in commissions.

Now that’s big business. An anonymous Silk Road drug dealer who goes by the alias “Angelina” breaks it down further for Mashable:

[Silk Road] runs like a small Internet retailer/packing and shipping company. We use accounting software to manage our finances and we pay taxes. We’ve built an order management system to track our inventory and shipping. We had to build the order management tool with a significant level of built-in security — but that still let us get some visibility into how many days of inventory we have, whether business is up or down, where our costs are, etc.

As a day-to-day job, it feels much like it might feel to work at any other Internet retail company.

In other words, just think of Silk Road as the Amazon of illegal services. In addition to drugs, the site was used to solicit a variety of illegal activities, including compromising social networking accounts for identity theft; hacking ATMs; and providing connections for stolen credit card information, firearms and ammunition, and hit men. “The site has sought to make conducting illegal transactions on the Internet as easy and frictionless as shopping online at mainstream ecommerce websites,” the FBI report says.

Not in the same league but still a significant security win, the cyber criminals behind the ZeroAccess botnet lost access to more than a quarter of the machines they controlled, thanks to an operation executed this week by Symantec. ZeroAccess was one of the largest botnets in existence, made up of more than 1.9 million infected computers and used primarily to perform click fraud and bitcoin mining. Symantec estimates the botnet’s activities generated tens of millions of dollars per year in revenue.

The savings in energy costs alone are reason to cheer this blow against ZeroAccess, as estimated by Symantec researchers:

The bitcoin mining activity, which uses computational power to generate bitcoins, a type of virtual currency, would consume an additional 1.82 kWh per day for every infected computer, if that computer would be turned on all the time. Multiply this figure by 1.9 million for the whole botnet and we are now looking at energy usage of 3,458,000 KWh (3,458 MWh), enough to power over 111,000 homes each day.

Back on the dark side, security researcher Brian Krebs continued to roll out revelations about the Russian data-theft group known as SSNDOB. In addition to stealing massive amounts of personal data from firms like LexisNexis and Dun & Bradstreet, the Russian hacker group infiltrated the servers of the National White Collar Crime Center, a clearinghouse for data used by law enforcement.

But as InfoWorld’s Serdar Yegulalp notes, “the most embarrassing aspect of these attacks is how they were executed via an exploit and a bug that in theory should have been fixed for quite some time.” It seems all of SSNDOB’s exploits attacked vulnerabilities fixed in the most recent versions of Adobe ColdFusion.

“[I] found it interesting that the attackers were able to dump an entire database without being authorized to do so,” said Gary Alterson, senior director of Risk and Advisory Services at security consulting firm Neohapsis. “Dumping a full production database isn’t normal behavior, and even if it were OK, it shouldn’t be done without a change ticket. So the dumping of databases across the environment should have raised a flag somewhere.”

Springing up to meet that need are companies like Hold Security, whose efforts contributed to uncovering SSNDOB’s break-ins at the data brokers. The company recently expanded its security services to include monitoring of forums where cyber criminals sell or trade the data they’ve stolen. Hold Security then alerts organizations that their data is circulating on underground hacker forums. Founder Alex Holden says his company has profiles on as many as 10,000 data thieves who are causing security headaches worldwide. In the last month alone, Holden said company analysts came across more than 100 million stolen user IDs and passwords.

As in any other business, cyber criminals are in competition with one another. Holden says there have been instances of one hacker ratting out another to Hold Security’s analysts in an attempt to shut down their competitor. “There is no kinship between certain thieves,” he said.

For a closer look into the malware and malicious hacker gangs roaming the online world, check out Roger Grimes’ account of 7 sneak attacks used by today’s most devious hackers. Grimes looks at some of the most innovative techniques that “stretch the boundaries of malicious hacking,” including fake wireless access points, cookie theft, file name tricks, waterhole attacks, and bait-and-switch tactics.

As ingenious as the methods might be, the fallout from these attacks is sobering:

When a hacker modifies your system in a stealthy way, it isn’t your system anymore — it belongs to the hackers. The only defenses against stealth attacks are the same defenses recommended for everything (good patching, don’t run untrusted executables, and so on), but it helps to know that if you suspect you’ve been compromised, your initial forensic investigations may be circumvented and fought against by the more innovative malware out there. What you think is a clean system and what really is a clean system may all be controlled by the wily hacker.

In light of that bracing news, maybe John McAfee plotted his return to the spotlight just in time.

This article, “Breaking bad: Drugs, bots, hackers, and cyber insecurity,” was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter.