Saturday, December 22, 2007
Those of you who decided to use my technique to fight spam can download an updated text file (URL to the file is specified in the article).
I have new collected data about the spamming sites and domains. The header of a file was updated as well. Njoy
Friday, December 14, 2007
Just want to share with you some good news.
Google finally made drastic step to remove the malware sites from their index. It was long overdue. Sunbelt first noticed the huge number of infected sites, and their appearance in results lists for a wide array of searches.
Microsoft and Yahoo! admitted that the malware sites is the problem need to be solved, however, they did not inform when they will follow Google's step. One more time: Google is ahead of crowd.
Wednesday, December 12, 2007
In accordance to IT security experts, cyber espionage will be the leading IT security threat next year. More than 120 countries utilize the Internet to carry out espionage as sophisticated, inexpensive attacks outpace porous network defenses.
Reading some of the latest reports on the Internet, I would like to add my thoughts about the global-level threats coming from Russian hackers, the one of the greatest source of malicious activity and cyber crime in the world.
First of all, let’s see what the people they are and what actually forces them to carry sophisticated attacks over the Internet.
WHO ARE THEY?
In the times of the existence of the USSR, the kids were brainwashed with the communism ideology starting from the kindergarten. “Grandpa Lenin” was the idol, the leader who “brought the Great October Revolution to all poor and working people”, who created the USSR with a mob of friends and his supporters from oversees (read: Germany). The Communist Party created the social model of the growing socialism that had to be inevitably converted to communism. I don’t need to explain what the communism means except the fact that this utopia still lives in the heads of many people.
In the condition of living under the power of Communist Party and KGB as a main suppressor of bright minds, the people get used to the way they live. The intelligence, particularly, entertained their minds by reading a lot of books, by listening the voice of the West using the transistor AM/FM radio, discussing the life and politics in the close circle of friends, and basically did not expect anything extraordinary from the every-day life. The main rule was “don’t stick your nose out” and you’ll be safe.
Young generation saw a clear path to the acceptable level of living (of course comparing to all other people in that country): get High School Diploma, get College Degree, and find the work as a regular engineer with average, low compensation, or, at least to become the factory worker. All of them knew that there is no way to make more money in that society unless you decide to break the law.
Everything was so standardized in a term of living that no one expected something extraordinary in their lives. To buy the car would take 10-15 years of hard work with above average compensation and saving of every possible ruble (Russian currency).
Time has dramatically changed the people who live in Russia these days. The money making opportunities, the food in the food stores, the clothe in the department stores, the new foreign cars on the streets, the new very rich Russians so–called "New Russians", the cost of living, and of course, the new Information Technology - everything has changed! The intelligent minds are more occupied with "how to make more money" idea than with new books in the book stores even if they don't have to get them through the network of friends anymore or exchange for other goods because they are freely available in the stores (just pay!).
The perception have changed! Now it is close to the Western's: to become rich! Those who were close to the Communist Party in the old days were able to grab the natural resources or entire fabrics/plants and became rich in very short period of time. They became the ideal for young generations: get rich quick. However, those who were ordinary people had no access to the country’s pie that already has been divided among the elite.
Current political situation in Russia does not encourage people at all. Believe or not, the life there still sucks. There is nothing worse than reasonless, apathy and useless life. The life when you have to kiss ^%$ (pardon my French) to every bureaucrat, put yourself down in a front of plumber or person from the Management office of the building where you live when you have to solve the every-day problems - is not something that you want to respect. Corruption has spread its web everywhere, and if you happen to cross the border of Russia it starts right there where the officials take unfairly large fees (or "bribe tax") for bringing the goodies – the fact of life in many sectors of the Russian economy.
This is so known fact that in order to minimize the exposure to corrupt practices the US Commercial Service recommended dealing only with large, well-known companies or publicly visible officials whenever possible. This suggestion is not a guarantee that you can avoid the corruption schemes (ex: 8 Russian banks engaged in money-laundering scheme with over $8 billion over 3 years). When the value of the goods is not in a line with the prices, the corruption occurs. Based on VeriSign data, for instance, the Russian federal government runs on a budget less than in Texas. It surely forces the public officials who are underpaid rely more on the “bribe tax” – the rule "demand vs. supply" in works.
Russia has always been a country that supports personified power and the term "democracy" sounds like foreign word. Russia has constructed a neo-Soviet cult of personality around increasingly clamorous figure of Putin. Putin is in the last year of his two-term serving as a President with no constitutional right to run for a third term. But the Kremlin propaganda constantly reminding Russians that their destiny is based on Putin’s longevity. It’s a known fact that Putin is a former KGB officer... Nobody knows which job Putin is going to take after the 2 terms, but everyone understands that he does not want to give the power away.
The paradox is that people support Putin but they despise his government placing Putin in their minds above corruption. It can be contributed to the fact that in spite of real challenges, the Russian government made some improvements by increasing employment opportunities and stability and decreasing the chaos of 1990s.
Putin was successful in establishing personal control over the central government. In accordance to the research by Moscow Center of Research of Elites, 78% of leading political figures (executive power and legislation) were somehow connected with the former KGB or currently restructured and named FSB during their careers. No wonder that many civil rights slowly but surely are suppressed not only for Russian citizens but also for some of the foreign journalists and actors. The assassinations are not the rare occasions…
There is still a lot of propaganda but now against Georgia, against Ukraine, and against America (do they want to steal our oil?) in addition to a state of fear. Who do they afraid of? Putin, bandits, court, management, or unavoidable crisis? It’s hard to determine. People don’t know but they are paralyzed, are faceless and motionless, and already trying to kiss %^& deeper, to lie harder, to scream louder at those who are lower on the social ladder, and to restrict more if they have any power. The main principle of soviet line [in the department store] came back: hate everyone who is staying ahead of you and despise everyone who is behind you.
The fact is that "mother Russia" is a bad mother that doesn’t love her children. This continuous fear and feeling the lack of own rights – is a life condition of kids that were lacking the love. The kids with not enough love are terrible force.
WHAT THEY DO TO SURVIVE
Russians always "bended heads" in a front of the Western society for their language (recall Tsar Peter and French language that was incorporated into the Russian elite society or hundreds of English technical and non-technical words that are being used today even if most of them can be directly translated in Russian because it's cool to insert them into the phrases), for music (Beatles, Rolling Stones, or even rap that was replicated by the low-class Russian musicians), for jeans (black market with Russian "fartsovschiks" who sold them under the table in 80-ties and 90-ties), and for their fashion and food.
Now, the replication spread to a computer field. Russians quickly adopted Information Technology and became quite sophisticated in many areas of computing. The computers were bought using legal and illegal ways when it was necessary, especially when the supercomputers were needed.
In order to survive and eventually live better, many Russians are looking for ways to make money. Some of them are building new businesses to serve the inside population (food or household service); the others build the connections across the border and import or export the goods or materials. If you have the business skills and connections it's a right way to go. But if you have no business skills or business talent? Maybe to find the job in some existing business as an employee? Join one of the thousands mafia groups? Learn something valuable in order to be in demand, but what? Tough choices.
I happened to talk to one young Russian fellow who came over to make some bucks in the US and was working as a life guard at the pool. On my question why he does not want to work in Russia, he mentioned that his father is a poor man with poor health, and there is no one who can help the family. There are no jobs available unless you have the car and you can speak/read English, so he is trying to find the way to make more money here and legally or illegally stay in U.S. so he'll be able to send some money to the family. I am sure you could meet some young Russians working in our department stores and in the resorts across the US coast. They are the folks who want to earn some money here, in the US, and like the described above fellow either hide and work for cash or get the chance to become a legal immigrant. You can also find them in almost every European country from England to Italy (including Sicily's smallest cities). Amazing...
What if you are an educated man with no business skills and no capital? What would you do? To become a bandit does not sound attractive; to work as an employee does not bring desired compensation and it is a long-long way to the desired level of prosperity. Some of them choose this way but are not happy. No wonder, you rarely see the smile on their faces. It takes years for former Russian immigrants who moved to the US to remove the fear, life dissatisfaction, cynicism, and anger from their faces.
Russia always was reach on smart and talented people. Let's take for instance the Russian scientists who created the space crafts and rockets, or take the artists, writers, or Russian programmers who are now working for many U.S. corporations being already U.S. citizens or still are working across the border (by the way, one of the best anti-virus program, Kaspersky Anti-Virus or popular WebCEO search engine optimization program are the creation of Russian programmers). In fact, the Russian firms exported $2 billion in software with expected 80% growth in foreign sales (in accordance to OSPINT.com).
Because of excellent school education in spite of all described above problems, there are thousands of talented computer enthusiasts who want to use their computer skills to make decent money. They are the greatest Russia's asset for future IT growth. Many of them organize the business offering their programming skills to foreign companies for pennies. Those who are well established and have a number of clients slowly raise their fees. In accordance to the latest figures, there are about 30,000 Russians who are engaged in the Information technology (with a 40% yearly growth). At the same time, the average monthly compensation of Russian programmers is around $650 dollars what is about 15-20% less than in the US.
Keep in mind that the Russian educational system graduates more than 100,000 new programmers each year! This surplus is partially utilized by the foreign companies such as IBM, Google, Microsoft, and Cisco. They built the labs and development centers in Russia. The others programmers choose one of the attractive ways to become rich quickly: to rob the foreign banks or sell valuable information to clients. Is it legal? No. Do I care? No! With unstable banking, legal, infrastructure, and government system; with anger or hate; with total corruption at every level of a society, with a life that sucks, they have no remorse. The sick society builds monsters like Russian Business Network (RBN), widely known for being a willing Internet host for spammers, malware-filled Web sites, and pornography because of its loose policies and willingness to host any Web site operator with no questions asked.
I heard that RBN has disappeared from Russian cyberspace and re-appeared in China recently, only to disappear again. RBN, until recently based in St. Petersburg, Russia, was known as the ISP of choice for cyber criminals. The group closed its Russian operation after its upstream ISP cut off the access to the group. There are some speculations that that group spread out but continues its operations. Who would refuse to make big bucks? Cyber-crime is a big business worth millions of dollars, and a business operation as large as RBN would likely not give up that easily. The analysis shows that there has been very little change in operations. Alexa statistics for Antivirgear - the bogus program, shows that the rankings have actually improved over the last month—indicating that the RBN’s activities are still going strong.
GLOBAL THREAT COMES FROM RUSSIA
As a recent Wall Street Journal article noted, cyber-criminals are exploiting Google searches and social networks – with their myriad sources of personal data – to dig for information about upper-level corporate personnel. Using that information to deliver ever-more believable email solicitations, these criminals are taking direct assault via "phishing" at corporate proprietary information stored on the desktop.
Russia has been and remains today the single greatest source of malicious cyber activity and cyber crime (possibly with the exception of the US). In many ways, Russia’s geography, and social and economic conditions (as you see above) create the perfect ground for cyber criminals. They can find the prestige in addition to money in poorly secured western companies and unprotected individuals. Because even law enforcement is often challenged with corruption, it’s hard to expect that the law in Russia will be enforced once the western company presented the claim supported by the facts and necessary evidence.
All this was contributed to the creation of a highly sophisticated cyber underground network with its own community, newsletters, blogs, and its own moral. Taking into account millions of poor people who are struggling making payments, with lack of food and clothing, and often begging on the streets and in the subways of big cities, this network is like a country within a country. Having less pressure from the law enforcement comparing to hackers in other countries, Russian hackers enjoy the freedom of doing whatever they decided to do.
How much they can make? It's hard to estimate, but I was able to find the article with short information about "the infamous 76service.com, which was run by two enterprising criminals who call themselves 76 and Exoric. The two cleared a cool one million dollars per month in a scheme modeled after portfolio investments". They sold access to infected PCs (think bots) what they called a 'project.' The buyer would harvest any valuable data off the machine, and sell that information to the black market. The buyer acts as a fund manager, and as some stocks perform well, some infected machines had more valuable booty -- such as bank account information -- than others. They could then sell it on the black market for a lot of money".
Needless to say, this example is shocking. No wonder, cyber crime with a profit is so popular among hackers. Forget about "innocent" teenagers who hacked your PC or server and placed some stupid message on the first web page or screen saver. It's all about money!
It's hard to separate the politics from cyber crime in Russia. I have to return back to the political situation inside and outside of Russia, and particularly, US.
As you probably know, the former USSR had 15 Republics, and after the collapse of the Soviet Union, the Republics got separated from Russia in order to become separate countries. Some of them were able to get rid of Russian influence, and joined the West (particularly, Baltic republics that joined NATO); others are still under heavy Russian influence with a various degree.
Due to the large population of native Russians in many of those countries, they are under pressure from Putin who used various vehicles to apply the pressure, for instance, restricting the sale of wine from particular regions (Georgia and Moldova), interfering with elections (Ukraine, where even the hackers were used to break the Central Election Commission’s servers), and placing the military bases at the territories of neighboring countries. It is not hard to understand why Russia wants to preserve the influence or presence taking into account that many former Republics have the natural resources that were used during the USSR era or have strategic geographic locations.
The relations between Russia and the US have become somewhat tense last years. Along with the collapse of the Soviet empire, many neighboring countries also wanted to loose the ties with Russia as being formerly dominated by Russia areas. Therefore, NATO expansion and US military bases in that region along the borders are not pleasant things for Putin.
There is no doubt in my mind that Russian government of FSB are eager to use the expertise of local hackers to test the ability to disrupt the communications or infrastructure of those countries that may be considered as "definitely, not the friends" if not to say enemies. In fact, in recent years, the Russian government allocated significant funding for IT-related projects and initiatives.
As I mentioned earlier in my blog, Estonia experienced distributed denial-of-service (DDoS) attacks on government, news and bank servers for several weeks. The incidents followed the removal of a Soviet statue from a central Tallinn Square. It was discovered that around 20,000 networks of compromised computers from the US, Canada, Brazil, Vietnam and others were linked.
Mikhel Tammet, director of the Estonian communication and information technology department mentioned: "It was a political campaign induced by the Russians; a political campaign designed to destroy our security and destroy our society. The attacks had hierarchy and co-ordination." Estonia is one of the Baltic countries that got separated from the Russia and became an independent, West-oriented country.
Experts believe recent attacks have been far more sophisticated in their nature, designed specifically to slip under the radar of the governmental systems they were targeting. They have progressed from initial curiosity probes to well-funded and well-organized operations for significant political or economic gain.
Evidence suggests that governments and government-allied groups are now using the Internet for espionage and cyber attacks on the critical national infrastructure (financial markets, utility providers, air traffic control) of other countries. There were more reported cases in 2007 than any previous year. This growing threat is acknowledged by the United States Department of Defense.
As the number of security holes is growing every year, the number of hacking attempts is growing, too. In accordance to Secunia Advisories, the number of security holes have been grooving at a steady rate around 25% a year:
• 2003: 2,700 advisories published
• 2004: 3,100 advisories published
• 2005: 4,600 advisories published
• 2006: 5,300 advisories published
Do you see the trend? Then more we protect our operating systems, networks, and applications then more we meet new challenges. Therefore, security now accounts for 20 percent of IT technology and training budget, according to new survey. "It is clear that information security is an increasing concern for many organizations -- 78 percent of those surveyed by CompTIA indicate that management now considers information security a top priority," the report says.
The successful attacks mean weak defense. Weak defense means poor skills of the majority of the security consultants. The director of one of the largest security consulting firms in Washington painted the picture most harshly telling a group of policy makers, "80 percent of our security consultants have soft skills and only twenty percent have hard skills. If we don't reverse that ratio within the next two years, we'll be out of business."
You may see the surprising things happened these days. The Chief Information Security Officers of the large federal agencies and corporations are being registered to attend Hacker Exploits classes. It surely demonstrates that the security field has reached a triggering point.
You could read numerous articles about credit card theft. In fact, the most successful thieves were Russian hackers. With well established networks of credit card sellers and buyers, with the sophisticated technique and attack tools, the Russian groups such as Web Attacker, Snatch, Rock Phish, and MetaFisher have been successful in their efforts. In spite of some efforts and partial success of Russian law enforcement, the network and the market still exist.
When the whole scheme was analyzed, the law enforcement officials discovered a high level of sophistication, organizational capacity, and constantly improved malicious code along with thousands of bots. They are so advanced that they have been thinking about preventive steps such as to mine the data inside the law enforcement agencies in various countries. In fact, the hacking groups go well beyond just credit card theft. They provide fundamental and countermeasure research on organizational structures and processes utilizing various databases and archives by basically employing the principle "knowing your enemy". They even try to plant one of the attackers into the infrastructure of the target organization in order to have more inside information. The thorough research and analysis in addition to a known method of social engineering before attacking the target is a scary trend…
* * * * *
I feel that while you are reading this blog you are thinking how to put together the opposite things like tough life in Russia with beggars on the streets and the explosion of Information Technology with growing number of sophisticated hackers inside of one country? As one of the Russian journalists wrote, "the country, full of talented, smart, and honest people becomes more stupid, more dishonest, and dishonored, and 20 years from now, people will ask again themselves like a maniac after orgy: how could I do this?"
Should we be afraid of Russian Hackers? The answer is above.