A Life of Cybercrime

Who ARE these people? Whether it’s the rare front-page news story, or the more common behind-the-scenes-ripoff, all cybercrime has one thing in common: there’s a bad guy behind it.

In the months to come, ClubNorton will intermittently explore the people behind the problem, and help you understand better why some people turn to "A Life of Cybercrime."

Drugs, money, luxury cars, MTV Cribs-caliber houses. Paranoia, murder, prison, and a trail of ruined lives. The lives of top cybercriminals today isn’t so far from the picture painted in "Scarface". Yesterday’s hackers believed recognition brought fame and respect. Today’s cybercriminals adhere to Tony Montana's simple credo "first you get the money, then you get the power." To reach their goal, they play a numbers game. By attacking hundreds of thousands of computers, cybercriminals are siphoning millions of dollars into their pockets every year.

Top players in cybercrime tend to work like shopkeepers selling shovels during the gold rush. They let others do the dirty work while they, for a small profit, provide the means. And those small profits add up to millions of dollars. Take Albert Gonzalez, who was arrested in Miami with a luxury condo, a 2006 BMW, and $1,650,000 - in cash. Instead of cocaine, Gonzalez stole his money via hacking, duping, and stealing information.

The Money and the Power

Though Gonzalez orchestrated huge cybercrime attacks, he didn’t work alone. He didn't even create the code that made him millions. The "sniffer" that he used to steal information from companies like Barnes & Noble, Forever 21, Office Max, and TJ MAXX was written by his friend, Stephen Watt. Though Gonzalez had a $75,000.00 birthday party and once complained that he had to count $340,000.00 by hand (because his bill counting machine was broken), Watt gained nothing but the knowledge that his code was wreaking havoc on a global scale. It was almost like both men represented a side of the coin. Gonzalez was the money, while Watt was the power.

Finally, in August 2008, Gonzalez was charged with hacking into retail clothing chain TJ Maxx's computer system and stealing 40 million credit and debit card numbers (which would be sold on the black market). When they began, both men were in their twenties.

Gonzalez's arrest was especially shocking because, before the large-scale attack, he worked for the Secret Service. After being arrested for cybercrime, he was offered a position to help execute "Operation Firewall," which was designed to stop cybercriminals. He helped the Secret Service arrest 28 members of a cybercrime gang, but it's believed that he leaked information to save others from arrest.

The Cybercriminal Conscience

When Gonzalez was arrested, his family was shocked. They were hard working, church going, and surprised at the turn that Gonzalez took. Most cybercriminals like Gonzalez do not believe that they are doing anything wrong.

"Many cybercrooks are young men in the U.S. and Eastern Europe who think they’re doing the system a favor by exposing flaws and have no qualms about the opportunities to exploit rich Westerners, according to police, researchers, and hackers."

Not all hackers cross the line. Several claim that by finding holes, they are helping society stay safe. Corinne Iozzio, in her article "The Cybercrime Hall of Fame," writes, "More often than not, a hacker sees an open window-a hole in a system's security, a backdoor, etc. - and climbs on through merely to prove that they can." But with the hole, window, and backdoor comes access to valuable information and the opportunity to financially crush countless unsuspecting individuals. Not everyone climbs through that window with the same intentions.

Straight to the Consumer

Though major companies like Barnes & Noble and TJ Maxx might not seem personally relevant, cybercriminals also attack individual computers, especially with giant botnets that steal information straight from users' systems.

In the summer of 2009 a security team in America discovered one of the world’s largest botnets. Six cybercriminals controlled 1.9 million infected computers via remote server hosted in Ukraine. 45 percent of the infected computers were in the U.S., including 70 government-owned domains. The attackers could see basically anything on any of the infected PC's, install programs, record keystrokes, and use the machines in Denial of Service attacks.

Though little is known of the international team above, we do know about 23 year-old Christopher Maxwell who, in 2006, was sentenced to 37 months in jail plus three years of supervised release. His botnet infected hundreds of thousands of computers globally and raked in over $100,000.00. Maxwell was teary-eyed in court, saying he didn't understand the gravity of his actions… though he may have enjoyed the spoils before the indictment.

We also know about the BBC, which created its own botnet just to see how much power botnets really have. As there was no mal-intent and nothing was stolen, they say that theirs was legal. Using it, the BBC reproduced a Denial of Service attack, sent spam, and warned infected computers to invest in some Internet security.

A large-scale botnet is generally too big to poke around on each computer individually. However, the attackers can receive money by installing malicious software on portions of the computers, like placing ads for a price. According to the BBC, botnets are also useful for DDoS attackes, as criminals "threaten to knock a site offline unless a hefty ransom is paid." Cybercriminals can also "sell" the infected computers on the black market. So groups of computers, like shares in a company, are constantly bartered and sold. A user’s PC could be “sold” several times without the real owner ever knowing.

Avoid The Bad Guys

From banking to buying a birthday gift online, it’s imperative that everyone is smart about safety. If people aren’t careful, they could lose their homes, their financial reputations, and their entire life savings to cybercriminals living on the other side of the globe, or just across the street. Trade that for some vigilance and security software, and the deal seems pretty good.

If you suspect cybercrime, there are some important things that you can do about it.

• You can report a suspicious-looking website to Norton Safeweb.
• If you think you’ve been sent an infected file, upload it to Symantec Security Response.
• If you want to talk to other people about it, check out the Norton User Forums.
• You can also check out the United States Computer Emergency Readiness Team, or US CERT for more information, or go to the Secret Service Computer Crime & Intellectual Property Section.

Why (bot) Not?

Botnets: Collections of thousands of computers owned by regular people and secretly controlled by cybercriminals. With a huge botnet comes real power, both from unsuspecting PC owners, and toward governmental agencies, like the Australian government. Or Georgia.

Botnets can work by stealing information from thousands (or millions) of individual computers. Cybercriminals can tell their botnet armies to install spyware like keystroke logging malware, and to report back sensitive information, like banking login passwords or credit card numbers. The criminal can then use the information personally or sell it to others to take advantage of it.

Unfortunately each computer in a botnet army is linked to an unsuspecting owner whose entire identity could be at risk.

Or the botnet could be used to attack. In 2007 the Internet in Estonia was shut down due to denial-of-service attacks (trans: being overwhelmed by botnet contact), and Georgia was severely disabled by Russian botnets in 2008. Other than taking entire countries offline, botnets could disable news sources, transportation websites, or overpower other highly important web sites.

Luckily, avoiding botnets or providing all-in-one protection for your computer can be as simple as running Norton 360. Keep your computer updated and protected to avoid joining the zombie ranks and to stop your PC from online wars in International waters.