The Internet is probably the most widely used form of communication
on earth and our dependency on it increases every day. Almost anything
can be conducted on the internet, and with such widespread use, the
number of cyber criminal activities also increases.
Recently, the Federal Bureau of Investigation has succeeded in
disrupting an international cyber crime syndicate; a botnet operation
that had affected two million computers. A botnet is a collection of
infected computers or bots that have been taken over by hackers and are
used to perform malicious tasks or functions. A computer becomes a bot
when it downloads a file (e.g., an email attachment) that has bot
software embedded in it.
Authorities believed that Coreflood infected more than two million
PCs, enslaving them into a botnet that grabbed banking credentials and
other sensitive data. Its masters then used the details to steal funds
via fraudulent banking and wire transactions, the US Department of
Justice said yesterday. The vast majority of the infected machines were
in the US, but the criminal gang was likely based overseas. Security
experts said it was hard to know how much money the gang stole. It could
easily be tens of millions of dollars and could go above $100 million,
said Dave Marcus, McAfee Labs research and communications director.
Security experts are pretty sure the Russians were behind it. A civil
complaint against 13 unnamed foreign nationals was also filed by the US
district attorney in Connecticut. It accused them of wire and bank
fraud. The Justice Department said it had an ongoing criminal
investigation. "Botnets and the cyber criminals who deploy them
jeopardize the economic security of the United States and the
dependability of the nation's information infrastructure," Shawn Henry,
executive assistant director of the FBI's Criminal, Cyber, Response, and
Services Branch, said in a statement.
Coreflood started out as an internet relay chat (IRC) bot used for
attacking other IRC users. Over time however, it evolved into a TCP
proxy as part of an anonymity service, and then later into a
full-fledged info stealer Trojan. The last several years Coreflood has
maintained a low profile while other more prolific botnets came to the
forefront of public attention. However, just recently the group behind
Coreflood escalated their activity until it was brought down by the FBI.
In 208, a ring of cyber bank robbers from southern Russia breached
inside company networks. They infected every PC within reach with a
custom-made data-stealing program using Coreflood. The Coreflood Gang
infected swaths of PCs inside thousands of companies, hospitals,
universities and government agencies, says SecureWorks researcher Joe
Stewart, who has tracked and documented the spread of Coreflood over
that period. Says F-Secure researcher Patrik Runald, "This is very
organized crime. These gangs are hiring people and making tons of
money". The Coreflood Gang is among the most sophisticated. "It's spying
on you, capturing your log-ons, user names, passwords, bank balances,
contents of your e-mail," Stewart says.
US Government programmers shut down the Coreflood botnet on Tuesday.
They also instructed the computers enslaved in the botnet to stop
sending stolen data and to shut down. It was the first time US
authorities had used this method to shut down a botnet, according to
court documents. "The seizure of the Coreflood servers and internet
domain names is expected to prevent criminals from using Coreflood or
computers infected by Coreflood for their nefarious purposes," US
Attorney David Fein said in a statement.
Companies need to secure their network security. IT professionals
need to understand the latest hacking trips and methodologies that are
out there by undergoing technical security training programs.
EC-Councils brand new TakeDownCon is a technical information security
conference series, in addition to learning from some of the best
security experts, TakeDownCon also offers highly sought after technical
training courses, including the Certified Ethical Hacker (CEH) course,
often touted as the worlds most comprehensive ethical hacking training
program.
The CEH Program certifies individuals in the specific network
security discipline of Ethical Hacking from a vendor-neutral
perspective. The Certified Ethical Hacker certification will fortify the
application knowledge of security officers, auditors, security
professionals, site administrators, and anyone who is concerned about
the integrity of the network infrastructure. A Certified Ethical Hacker
is a skilled professional who understands and knows how to look for the
weaknesses and vulnerabilities in target systems and uses the same
knowledge and tools as a malicious hacker.