5 types of cybercriminals

Technology has evolved. Unfortunately, humanity does not always evolve with it. As soon as the internet was invented, bad people were coming up with bad ways to use it.

Here are five types of cybercriminals:

INDIVIDUALS who are motivated by financial gain, basically your run-of-the-mill thieves with a 21st century twist. They can get you with phishing or malware scams.

ORGANIZED GROUPS who are motivated by financial gain. These groups are often highly organized, with specialization of roles and responsibilities. They often attack banks or go after intellectual property.

NATION-STATES whose intent ranges from monitoring other countries to interfering in elections to outright cyberattacks. They sometimes go after intellectual property. (Here's looking at you, China.) Some states employ thousands of citizens to conduct such activity.

CYBERTERRORISTS who partake in a sort of digital nihilism, where the only goal is disruption and destruction, often for political reasons. While ISIS immediately comes to mind, cyberterrorism is not limited to jihadists, but can include any group whose aim is to disrupt and destroy, such as eco-terrorists, white supremacists, and homophobes.

HACKTIVISTS are distinguished from cyberterrorists in that their goal is not destruction per se. Hacktivism is the subversive use of computers and computer networks to promote a political or social agenda. The term is confusing, because many self-described hacktivists are do-gooders who seek to advance human rights. While their actions are technically illegal, we'd like to distinguish them from the attention seekers or those with nefarious social goals or the generic "disrupt the status quo" justification. These often call themselves "hacktivists" though they would fall into the cyberterrorist category.

The State of Cybersecurity in 2015

2014, the year of the cyber breach—think Target, Heartbleed, Home Depot, JP Morgan Chase, and, yes, Sony—has unsurprisingly led the United States to where it is today: with a president willing to move the conversation about cybersecurity to the forefront of politics. Last week, President Obama used his annual State of the Union address to set his agenda for 2015. “No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids. We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism. And tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children's information,” he said.

Obama’s comments come amidst tangible action in Washington.  In the closing weeks of 2014, Congress passed several pieces of cybersecurity legislation, including the National Cybersecurity Protection Act of 2014, the Federal Information Security Modernization Act of 2014, the Cybersecurity Enhancement Act of 2014, and the Cybersecurity Workforce Assessment Act of 2014; this legislation will strengthen the ability of the public and private sectors to work together in preventing future cybersecurity breaches while also developing a more robust cybersecurity workforce.  Furthermore, Obama has planned a White House Cybersecurity Summit at Stanford University on February 13, which will provide an opportunity to develop further public-private sector collaboration and to explore cybersecurity best practices and technologies.

The legislation Obama referred to in his State of the Union address remains to be acted upon by a partisan Congress. The goals, however, are threefold: to encourage the private sector to share cyber threat information with the government through the use of liability protection for companies that adhere to consumer privacy protections; to strengthen the government’s ability to combat cybercrime by prosecuting the sale of botnets and criminalizing the sale of stolen financial information abroad; and to create a national standard for how and when companies report security breaches to the public.

Although cybersecurity experts are encouraged by Washington’s newfound urgency surrounding online privacy and security, many doubt politicians will be effective in creating a climate that will truly protect the public.  Increased sharing of information with the government assumes the government is a safe and secure place for information, which continues to beg blind trust and insecurity of consumers.  Congress is tasked with reauthorizing parts of the Patriot Act by June 1, 2015. Until the American public knows the extent to which the National Security Agency (NSA) is authorized to conduct surveillance, it should be hesitant to support the government’s proposed information sharing. Additionally, cybersecurity professionals at companies such as Nexus-Guard and Social-Engineer, Inc. find Obama’s proposed legislation to be “scary as hell,” as it would turn the hacking done in the interest of protecting companies against cyberattacks into a criminal offense.  

Obama was wise to refer to cyber-attacks as an “evolving threat” last Tuesday night.  However, he failed to recognize that partisan politics, slow-to-pass legislation, and business as usual will simply not keep up with cybersecurity’s evolving threats such that consumers will receive the security they deserve.

In an era in which the United States government is just beginning to grasp the significance of cybersecurity and has yet to produce a workable solution to protecting its citizens’ privacy and security, consumers everywhere need to take their online safety into their own hands. This Data Privacy Day, we urge you to take a look at the National Cyber Security Alliance’s provided resources to keep individuals and businesses secure in an otherwise well-intentioned but uncertain 2015.

Anonymous Re-Enters Israel-Palestine Fray in Support of Palestine

Related to our previous post, hacker group Anonymous claimed to have taken down thousands of Israeli websites between July 11 and July 17 in support of the Palestinians, according to the International Business Times.  Today, Businessweek reports the group has claimed responsibility for hacking a top Kenyan military Twitter account, where they "called for retribution over the war in Gaza, Kenyan politicians to stand down and an end to tribalism."

These attacks follow others against Israel by Anonymous in the recent past, including cyber attacks conducted in April in which the group urged allies "to hack, deface, hijack, database leak, admin takeover and DNS terminate the Israeli cyberspace by any means necessary.”

To read more about Anonymous's involvement, you can follow their website.

Cyber Warfare Underpinning Recent Gaza Strip Conflict

If there's one easy thing for people to understand about cybersecurity and cyber warfare, it's that there is a usually a strong presence of cyber attacks when there are threats of or actions of more traditional warfare.  While cyber warfare produces tangible technological, organizational, and economic damages, it can also be used as a form a psychological warfare.

A recent example comes out of escalated tensions in the Gaza Strip, where Hamas has used technology in service of their objective aims and Israelis have responded defensively.  Bloomberg reports that cyber attacks related to escalated tensions in the Gaza Strip have risen tenfold in the last few weeks.

Bloomberg reported about a recent attack involving a popular international pizza company:

During the time hackers controlled the Domino’s Facebook page, status updates included a threat to “strike deep inside Israel.” After Domino’s regained control, it posted an image of a masked man wearing a headband in Hamas’s signature green color, with the caption, “You can’t defeat the Israeli hunger for pizza!”

Israeli hackers didn’t stand idly by. They left some Hamas websites disabled for hours and others displaying content maligning the Islamist group and its leaders. 

An Israeli response to Hamas attack on the Domino's Facebook page translates as "“You can’t defeat the Israeli hunger for pizza!" according to Bloomberg.

 Some in Israel suggest that Hamas is also slowing internet service in addition to internet hacking and defacement like that which is being attributed to them in accounts like the above.  In forging a response, Israel cannot simply shut down access since their opposition generally do not use Israeli internet access to begin with.  Some analysis suggest attacks against Israel are being conducted by sympathizers abroad, which would make restricting internet access less effective in response.

The Israeli Internet Association's Dina Beer characterized the activity in the following way: “The attacks aren’t sophisticated; they just give the feeling that someone else is in control... It’s terrorism, designed mostly to frighten: ‘See, we can control your sites and do things you don’t want us to do.’ And it works.”

For more about these recent cyber developments underpinning the ground and air game in the Gaza Strip, head over the Bloomberg.

Syrian Electronic Army Hacks The Onion. Here's How They Did It

On Monday, members of the Syrian Electronic Army hacktivist group took command of The Onion’s Twitter account. Posing as legitimate writers, the SEA posted several jokes related to Israel and the civil war in Syria.

(For clarification, SEA is a pro-Assad organization.)

According to sources at The Onion the SEA used a phishing email attack on Onion staff members. The email included a link that appeared to link to the Washington Post, but in fact directed to a hacked website that displayed a fake Google Apps login page. Evidently, one or two employees fell for the ruse and the SEA gained access to their email accounts. From those email addresses, the SEA launched yet another phishing attack and ultimately gained access to Twitter.

According to The Onion:

Coming from a trusted address, many staff members clicked the link, but most refrained from entering their login credentials. Two staff members did enter their credentials, one of whom had access to all our social media accounts.

Immediately after discovering the breach, The Onion’s tech team sent an email to staff directing them to change their passwords. Unfortunately, this advice spurred a third phishing attack from a compromised internal email address that linked to a fake password-reset page. The SEA gained two more sets of credentials from this last attack, allowing them to maintain control on Twitter for an extended period of time.

It seems there couldn’t be a better time for Twitter to move to two-factor authentication — something the company is already working towards.

Try SumRando for free here.

Cyber-battle Slows Down the Whole Net

Internet been dragging lately? Don’t blame your ISP. A gigantic cyber attack is slowing things down for everyone.

It all started with a tiff between spam-fighting group Spamhaus and server company CyberBunker. Spamhaus is a non-profit that works with companies worldwide to help filter spam. CyberBunker is a server company with an ‘anything goes’ policy and allows for anything with the exception of child pornography or terrorism-related material.

You might see where this is going.

Basically, Spamhaus fights spam with a series of blocklists that contain companies and servers that host spam. And recently, Spamhaus added CyberBunker to their blocklists.

Though still unconfirmed, Spamhaus claims that CyberBunker is taking revenge for the block and is behind massive cyber attacks aimed at Spamhaus’s DNS servers.

If you weren't sure, CyberBunker is
literally in a bunker.

Spamhaus said that CyberBunker is affiliated with several criminal organisations in Russia and Eastern Europe and that they have launched massive DDoS attacks that are pushing 300 GB/s of data onto Spamhaus’s servers.

DDoS, distributed denial of service, attacks target systems by flooding them with traffic. To put the current 300 GB/s attacks in perspective, the previous DDoS record achieved only 100 GB/s. That’s right. The current onslaught has not only broken the previous record, but tripled it.

Steve Linford, chief executive for Spamhaus, said the attacks are strong enough to bring down even the most robust systems.

"If you aimed this at Downing Street they would be down instantly," he said. "They would be completely off the internet…. Normally when there are attacks against major banks, we're talking about 50 gb/s."

In fact, the attacks are so big, they are slowing down the rest of the internet. Prof Alan Woodward, a cybersecurity expert at the University of Surrey explained the size and scope of the attacks in an interview with the BBC.

"If you imagine it as a motorway, attacks try and put enough traffic on there to clog up the on and off ramps…. With this attack, there's so much traffic it's clogging up the motorway itself."

Hopefully, we’ll see an end to this madness soon. But in the mean time, maybe think twice before ringing Vodafone with speed problems.

Try SumRando for free here.

U.S. confirms offensive cyber-war program

In case you weren’t totally convinced that cyber war is on like Donkey Kong, the Obama administration publicly confirmed today what we’ve all known for some time: The United States is actively developing offensive cyber-weapons to be used whenever they feel like it in wartime.

I know. It’s shocking.

While the announcement should be heeded as a heads up that digital warfare is on our doorstep, it shouldn’t be much of a surprise in light of devastating American-made malware like Stuxnet being unleashed on Iran’s refinement facilities and the U.S. Department of Defense quintupling their Cyber Command just a few months ago.

"I would like to be clear that this team, this defend-the-nation team, is not a defensive team," Alexander, who runs both the National Security Agency and the new Cyber Command, told the House Armed Services Committee on Tuesday. "This is an offensive team that the Defense Department would use to defend the nation if it were attacked in cyberspace. Thirteen of the teams that we’re creating are for that mission alone." [Ars Technica]

Massive world-wide information leaks. What are you gonna do about it?

New reports say that a hacker group is stealing upwards of 1 Terabyte of data from governments and businesses every single day. This is not the work of 17 year-old techies in their mom’s flat, this is industrial hacking and it’s state-sponsored.

Holy crap.

As much as we like to believe that our governments and corporate leaders are smart and well prepared, they aren’t. 1 TB per day isn’t a leak, it’s Victoria Falls.

Even more recently, U.S.-based security firm Mandiant told The New York Times that state-sponsored groups in China may have the ability to bring down power grids, water systems, and oil pipelines.

Yep, the cyber-apocalypse is coming. What are you gonna do about it?

First of all, while all this seems pretty scary (and it is), this is not the time to dig a bomb shelter and start hording bottled water and canned food. It is, however, the time to take charge of your data.

Strong Passwords: Guess what, using the same password, no matter how good, for everything is dumb. All it takes is one data dump from one crappy server to unlock your bank, email, Facebook, everything. Use different passwords for every site and keep them organized with a program like 1Password. Honestly, security aside, programs like this are free and will make your life so much better.

Anti-Virus: Malware is the nasty stuff on your computer taking up memory and stealing your login credentials. Anti-virus programs won’t stop zero-day attacks, but they’re certainly a big step in the right direction.

Encrypt, Encrypt, Encrypt: Seriously people. Using that wifi network at the coffee shop? Guess what? A chimpanzee could figure out how to steal your data. It’s really that easy. USE A VPN.

Don’t be Stupid: We have a tendency to check out mentally when we’re casually surfing the web, but in today’s environment, keeping your wits about you will keep you safe. Is someone asking for your password? Do you trust these guys with your credit card? Think about what information you’re giving out, then ask yourself if you trust the receiver. If an offer is too good to be true, it probably is.