Computer Crime and Intellectual Property Section Large-Scale Internet Crimes Global Reach, Vast Numbers, and Anonymity Anthony V. Teelucksingh Computer Crime and Intellectual Property Section (CCIPS) Criminal Division, United States Department of Justice August 2010 1
Computer Crime and Intellectual Property Section REMJA Working Group on Cybercrime www.oas.org/juridico/spanish/ www.oas.org/juridico/english/ Computer Crime and Intellectual Property Section www.cybercrime.gov anthony.teelucksingh@usdoj.gov +1 (202) 514-1026 August 2010 2
Agenda Globalization of crime Some vexing problems Anonymity Botnets Carding Digital currency August 2010 3
Computer Crime and Intellectual Property Section Globalization of Crime August 2010 4
Globalization of Crime The Internet knows no borders Criminals exploit the Internet Global reach Anonymity Safe havens Mass targets August 2010 5
Global Cybercrime Snapshots 2009 Botnets * 6.8 million bot-infected computers 47,000 active each day 17,000 new command and control servers *Symantec Internet Security Threat Report, Vol. XV, April 2010 August 2010 6
Geographic distribution of infected computers in a single ZeuS botnet. August 2010 7
Symantec Internet Security Threat Report, Regional Data Sheet Latin America, April 2010 August 2010 8
Global Cybercrime Snapshots 2009 2.9 million new malicious code threats * Data breaches from hacking examples ** 160,000 health insurance and medical records university 530,000 social security numbers government agency 570,000 credit card records business 750,000 customer records mobile telephone service provider 130,000,000 credit card numbers credit card processor *Symantec Internet Security Threat Report, Vol. XV, April 2010 **Open Security Foundation, Dataloss Database, 2009 August 2010 9
Symantec Internet Security Threat Report, Regional Data Sheet Latin America, April 2010 August 2010 10
Online Underground Economy Symantec Internet Security Threat Report, Vol. XV, April 2010 August 2010 11
The Players Cyber-economy crime organizations Traditional organized crime drugs, guns, goods, people Gangs Extremists terrorist organizations Professional hackers Spammers Cybercrime organizations August 2010 12
OEA-REMJA August 2010 13
Some Vexing Problems Anonymity Botnets Carding Forums Digital Currency August 2010 14
Computer Crime and Intellectual Property Section Anonymity August 2010 15
Attribution is Difficult Impossible? Savvy online criminals know how to hide False identification Domain name registration Stolen credit cards Services that do not verify user information Online tools Proxies Anonymizing network Peer-to-peer Decentralized Segmented Redundant Resilient August 2010 16
Web Proxy Sits between ISP and web server ISP and web server no longer talk to each other directly Result: user anonymity from web server WEB PROXY USER ISP WEB SERVER August 2010 17
Web Proxies Type in the site you want August 2010 18
Web-Based Proxies The proxy gets the site and passes it to you You are still communicating with the proxy August 2010 19
Peer-to-Peer file sharing (P2P) Sharing files, using servers as little as possible August 20 2010
Old style P2P Relied on a server to keep track of the peers Who has KIDDIE.MPG? August 21 2010 Second computer from the right.
Newer style P2P Uses supernodes instead of central servers Who has KIDDIE.MPG? I ll ask the other supernodes. One of my nodes has it. August 2010 22
P2P today: Gigatribe and Darknets Small, private communities sharing files Difficult to find and enter 23 August 2010
P2P today: BitTorrent Efficient technology for a huge number of people to share huge files Tracker: knows which computer has which pieces of the file To join, get a.torrent file that identifies the tracker. Leacher: peer still downloading Seeder: Peer offering all pieces 24 August 2010
Anonymizing Network: Tor Tor = The Onion Router, an anonymity network that routes communication through multiple proxies, each with an independent layer of encryption (like an onion) Client = computer using Tor for anonymity Onion Router (OR) = computer that forwards data and anonymizes it (currently about 1200) Circuit = path taken by data through ORs Client OR OR OR Web Server August 2010 25
Computer Crime and Intellectual Property Section Botnets August 2010 26
What is a Botnet? A network of robots (bots) Robot : an automatic machine that can be programmed to perform specific tasks Also known as Zombies Thousands of computers controlled A powerful network at no cost August 2010 27
Purpose of a Botnet Distributed denial of service attacks Advertising spamming Sniffing traffic Keylogging Spreading new malware Installing advertisements Attacking IRC networks Manipulating online polls or games Mass identity theft August 2010 28
IRC Botnets Earlier Botnets controlled by Command and Control (C2) server Botnet user August 2010 29
IRC Botnets Newer Botnets distribute and have redundant C2 servers Botnet user August 2010 30
P2P Botnets Distributed control August 2010 31
P2P Botnets Hard to Disable August 2010 32
Computer Crime and Intellectual Property Section Carding August 2010 33
What is Carding? Carding: large-scale fraudulent use of stolen credit or debit card information Carding forums: websites and bulletin boards dedicated to carding Data usually comes from phishing/spamming or data breaches, rather than real world thefts Bulk transactions ( dumps ) are the norm Credit card data can be encoded on plastic cards for card-present transactions August 2010 34
What do Carding Forums Offer? Identity documents Stolen financial information User names and passwords Full info package of data on victim Card-making equipment and blanks Tutorials on how to be a carder or hacker August 2010 35
August 2010 36
Computer Crime and Intellectual Property Section Digital Currency August 2010 37
August 2010 38
Characteristics of Digital Currency Often backed by a precious metal such as gold May involve both an issuer and an exchanger Can be transferred to other digital currency Popular with cyber-criminals August 2010 39
Example: WebMoney Transfer (www.wmtransfer.com) Based in Russia Open account by downloading WebMoney client and providing name, address, and e-mail address Accepts bank transfers, credit cards, money orders, and cash Can transfer funds from one account to another August 2010 40
Summary Globalization of crime Some vexing problems Anonymity Botnets Carding Digital currency August 2010 41
Computer Crime and Intellectual Property Section REMJA Working Group on Cybercrime www.oas.org/juridico/spanish/ www.oas.org/juridico/english/ Computer Crime and Intellectual Property Section www.cybercrime.gov anthony.teelucksingh@usdoj.gov +1 (202) 514-1026 August 2010 42