Hacking in to the hackers

Hacking is the curse of the 21st century. In today’s world we gladly give our personal details to an automated machine at the end of the phone or key them in online, why then are we not surprised when our payment card has been cloned, or our company’s bank accounts have been remotely plundered? It seems that common sense is fast going out the window…

A few years ago, the fact that people were able to ‘hack’ into computer systems from afar was the stuff that science fiction movies were made of. Unfortunately fiction has become reality and it’s not the general consumer who suffers – banks, huge corporations and governments are falling foul of the ever-ruthless hackers. Cyber crime has reached huge proportions and we’re all in the hackers’ grip.

Massimo Cotrozzi who heads up the IT security division of KCS Group, a Knightsbridge, London security intelligence and risk management company goes a step further: “We’re not so much in their grip, we are effectively being controlled by cyber fraudsters and everyone has to exercise extreme caution when working on computers, sending text messages or even speaking on mobile phones.”

Cotrozzi has worked in IT security since graduating with a BSc in computer science from Milan University. Cyber security became his chosen avenue and at one stage in his career he was seconded to the Milan Police Force where he was involved in several of the first hacking/phreaking/carding/e-mail fraud investigations. His investigations have encompassed industrial espionage as well as electronic surveillance and covert operations.

Keeping ahead of the hackers is one of the greatest headaches that specialists like Cotrozzi face all the time.  It would be true to say that literally every day there is another threat hitting the market which can effectively close down computer systems or send them into disarray. The world reeled in the autumn of 2010 when media headlines went into overdrive reporting on a virus called Zeus.

Zeus, a ‘botnet’ – slang for robot network – was first discovered in 2007 when it was used to steal information from the US department of transportation. Since then it has grown, affecting and infecting organisations and banks, but knowledge of its existence was not as widespread as it has become since October 2010.

In a nutshell, a botnet is a network of computers which are controlled through a command and control centre (C&C) usually resident on a hacked server which infiltrators access through anonymous network connections or virtual private networks (VPNs).

Botnet attacks are increasingly becoming the common way that fraudsters use to gather credentials for stealing money from bank accounts and lately also by cyber criminals to attack and damage specifically targeted infrastructures.

When Zeus began its alarming journey through millions of computers in October, it spread through the systems of individuals, businesses and municipalities around the world. The virus was disseminated in an email and when those targeted opened up their emails, the Zeus software installed itself, secretly capturing passwords, account numbers and other data used to log in to online banking accounts.

The devastating effect was that unauthorised transfers of thousands of dollars were extracted from bank accounts at a time. It even had the ability to route the funds to other accounts controlled by a network of ‘money mules’.

These mules – many recruited from outside the UK and especially from Eastern Europe – created bank accounts using fake documents and false names. The money didn’t rest in these false accounts: it was either wired on to mules’ bosses in Eastern Europe or smuggled in cash out of the US. An estimated $70 million is believed to have been extracted in this way. The FBI reacted and arrested over 90 people in the US and a number of others in the UK and Ukraine.

One would imagine that once discovered by the authorities and computer systems cleansed of the botnet that all would get back to normal again. Wrong. Zeus continues to perpetrate computer systems while cyber security specialists like Cotrozzi continue their attempts to keep one step ahead of its spread: it is incidentally now in its third version while version one has, through experts’ efforts, been made obsolete.

But Zeus has generated what is known in the business as ‘forks’ or variants which use the same infection method of the browser in order to steal credentials. Some more malware has recently been produced – and they’re now spreading.

Massimo Cotrozzi - KCS Group

 

Japan’s economy in crisis

Japan is being pressured on several fronts at present – the huge drop in business due to the global economic crisis, the rapid rise in the value of its currency adding fears of deflation and, in addition, from the Russian and Chinese disputes of territory. These challenges would be a difficult enough for a strong government with public support. However, that is hardly how one would characterize the current Kan government (Democratic party – DPJ).

Prime Minister Naoto Kan

Japan’s ratio of public borrowings to gross domestic product is currently unsustainable and tittering precariously toward a financial crisis. The Kan government is well aware of this and has attempted to instigate a number of measures to free up the stagnating economy. One such plan was to put laws in place which would make it far more attractive for the elder Japanese to give their inheritance to their children early, as the younger generation are considered far more likely to spend the Japanese economy out of recession (the massive surge in sales in Sony’s PS3 consoles since the release of the new GT5 game being a case in point).

Unfortunately the Japanese public does not consider any of the proposed plans palatable, despite the fact that most analysts believe the country will end up with a current account crisis in around two years. Indeed, there are strong signs that the crisis is beginning to happen already. The composite index of indicators such as industrial output, large-lot electricity use and retail sales are showing a steady decline, according to the Cabinet Office, and the Yen is only getting stronger.

In May this year, Prime minister Naoto Kan offered up the possibility of increasing sales tax by 5% – the net result was a rapid 9% drop in popularity for him and his party. Two months later the Japanese voters rejected the plan outright, leaving Kan with few tools left to repair the country’s damaged finances, and Kan himself has said that unpleasant action may have to be taken in order to avoid a Greek-style crisis. It should be remembered that Japan has had six prime ministers in the last four years and there are still leadership challenges simmering in background.

KCS Group Staff