There is no shortage of money at banks, usually. That's why criminals are motivated to rob them. But the act of robbing a bank is considerably less risky if you don't actually have to go there. Enter the hacker.
Money, It's a Hit
In previous installments of the Hackers posts we talked about the motivations of hackers. In the case, the motive is money. What drives computer programmers to steal money? Probably bad people with money that want more of it. Yet, a lot of them are overseas and I can't simply ask them, much less even identify them. I can speculate that some are state-supported, looking for handles on the US and other economies to exploit. Or they are criminal organizations that keep their own stable of indentured hackers in the back room, fed with Doritos and Mountain Dew. Or they are simply businesses that do things in shady ways, by contracting hackers to attack their competitors.
Either way, they typically employ a zero-day exploit and a chain of other buffer-overrun bugs to gain superuser access to a machine running Windows XP. At that point, they install a rootkit in the machine so they can gain superuser access at any point down the line. The machine becomes a bot.
Perhaps the most interesting and disconcerting fact is that there exist entities that sell and update rootkit programs. They need updating as Microsoft issues patches to the known exploits. But Microsoft's task is like trying to put your finger in the bottom of the boat when there are hundreds of holes. Ot thousands.
So there is a market, I expect, of zero-day exploits. These are bugs in software that make a system crash. And allow the hacker to upload code. That code might be part of a buffer overrun - the contents written into a buffer that's just too small to hold what's written. Since all machines are Von Neumann machines, this means that you can execute data just like you can execute code. Data and program are interchangeable. This is why the linker can exist, and dynamic linking of libraries can occur.
And it's also why it's possible to upload malware through websites.
Let's take a case in point: Microsoft has been fighting a war of attrition against the Zeus botnet. But, why do they call it the Zeus botnet?
First, a bunch of machines under control of one master hacker is called a botnet, a network of bots. Each machine can be activated by its master to do their bidding. With many machines under the hacker's control, operations like DDoS attacks can be run with greater effectiveness. Or they can use the botnet for sending ridiculous amount of spam emails advertising for fake Viagra. The botnets also give a certain degree of anonymity to their masters as well, because they are only, after all, operating by proxy.
It is apparent that a group of professional attackers maintains the Zeus code, which is code to help penetrate systems. How can such a group exist? They run their shop somewhere in Eastern Europe, away from the reach of the FBI and other law enforcement groups. I really wish that whatever country they are in would have the guts to shut them down. I'm not even sure Interpol has a presence there.
And maybe there is the question as to whether the construction of a tool to penetrate systems is even illegal at all, in and of itself. Still, selling the tool and supporting the tool seems like it is aiding in the commission of a crime.
Yes, the Zeus code costs money also. They charge between $700 and $15,000 US for their code and also for support, which includes updates to current zero-day exploits and also probably tech support via some anonymized IRC chat.
The presence of Zeus means that it's much easier for state-supported hacking and business-supported hacking to exist. These institutional hackers simply buy Zeus and then rent servers to make botnets.
And this is Microsoft's war of attrition: to take down the server farms (otherwise operating legally and used for housing websites and e-commerce operation, and possibly unaware that they house botnets) that have been converted into botnets. Some 13 million computers are used in this way. And this has resulted in the theft of about $100 million since 2007, that we know about.
Business as Usual
Another real problem is the rampant increase in hacking for the purposes of gaining a business advantage.
A really fascinating and discouraging piece of news showed up today. News Corporation, run by Rupert Murdoch, has been accused of another hacking scandal. This time it was purportedly hiring hackers to crack rival ITV network's smart card encryption scheme, and posting it online so most of ITV's customers could simply avoid paying them.
This put ITV out of business, which was just fine for News Corporation's Sky TV service, which likely picked up the customers.
News Corporation was found guilty of hacking one smart card for the DISH Network. And fined a piddling sum. But what actually happens is that they can post the hack (anonymously) and ruin their competitors.
Pretty sneaky, massively illegal, and very immoral.
The tiny fine was a classic Pyrrhic victory for the DISH Network.
4 teh Lulz
It is interesting to see a return of the splinter group LulzSec, so soon after Sabu, LulzSec's leader, was deftly converted to a mole and then turned on LulzSec itself. This had the useful effect of decreasing the hacker world's trust in itself.
Now, an enterprising hacker with the handle lalalalala has penetrated MilitarySingles.com and posted on pastebin all the information about the 171,000 dating servicemen (and women). As part of a new group. And they are calling themselves LulzSec Reborn.
Reborn, presumably, from the ashes of the FBI sting on the group.
This is the trending problem: that technology can change much faster than law enforcement. Tech is the fastest changing thing on the planet. So its a wonder that the FBI, Interpol, and MI-5 can barely keep up with it: they don't always have the tools they need to be effective. Why?
The real problem is that laws can't keep up with technology.