Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Life of a Cybercrime Investigator

Soulskill posted more than 3 years ago | from the dragnets-for-botnets dept.

Botnet 79

An anonymous reader writes "Steve Santorelli gets computing experts and law enforcers to cooperate in a global fight against organized Internet crime. This article talks about the role of law enforcement in identifying and battling online threats as they change and evolve. Quoting: 'The common wisdom about hacking and cybercrime is, in Santorelli's view, severely out of date. He says cybercriminals aren’t lone wolves; they are financed and directed by international criminal syndicates. ... Organized crime also has vast resources derived from its traditional operations to finance the hiring of quality hackers around the world. There is even evidence that some syndicates are investing in research and development, looking to create proprietary, next-generation hacking tools, Santorelli says.'"

cancel ×

79 comments

Sorry! There are no comments related to the filter you selected.

Problem is people (1, Insightful)

Anonymous Coward | more than 3 years ago | (#35482092)

This is why the problem isn't Windows. These people will do whatever is necessary to make profit. Linux would be just as well targeted if it had the same market share and amount of stupid people. Windows as an OS is secure, especially Windows 7, but there's nothing you can do about user stupidity unless you close down the whole OS. And is that something we really want to happen, locked "consoles" for everyone?

It's coming (2, Funny)

Anonymous Coward | more than 3 years ago | (#35482356)

And is that something we really want to happen, locked "consoles" for everyone?

It's already here and it's called iOS iPad, iTouch, and iPhone.

Re:It's coming (1)

Moryath (553296) | more than 3 years ago | (#35482392)

And the people who use them always love to say "well if everybody just used Apple nobody would have viruses."

Nevermind the fact that the moment this happened, even those devices would be targeted by a ton of remote-rooting attacks.

Re:It's coming (2, Insightful)

Billy the Boy (2016540) | more than 3 years ago | (#35482546)

It's already happening too. All those jailbreaks are really remote exploits. That's right, just by going to a website your OS gets rooted. Great.

Re:It's coming (0)

divxio (2016536) | more than 3 years ago | (#35482586)

I agree, it's a joke. Even Mac OSX is actively having trojan problems. What's great is that Apple is marketing the OS as unbreakable and as something that cannot get malware, thus making people stop caring about it and leading them to install malware.

Re:It's coming (1)

balls of steel (2016538) | more than 3 years ago | (#35482606)

Linux doesn't have that problem. Everything is installed from trusted sources.

Re:It's coming (2, Insightful)

Billy the Boy (2016540) | more than 3 years ago | (#35482644)

If Linux was mainstream OS, that wouldn't work. People need the ability to install freeware, shareware, commercial, their friends apps or their own apps and so on.

Look, the cause is stupid people. But you cannot fix stupid people. So what to do?

Re:It's coming (0)

Anonymous Coward | more than 3 years ago | (#35483464)

Stop having a conversation with yourself. It's a little obvious when all of the accounts you're using are made within seconds of each other...

Re:It's coming (1)

Luckyo (1726890) | more than 3 years ago | (#35483624)

It's a valid discussion though, or at least the way it would go if done by separate people. We've been there dosens of times already on slashdot.

Re:It's coming (1)

Monchanger (637670) | more than 3 years ago | (#35484028)

People need the ability to install freeware, shareware, commercial, their friends apps or their own apps and so on.

Oh please- you've been able to do that for years in package managers. It's easy to add software to a repository list giving you the ability to install a package your distro doesn't provide for whatever reason. Some software gets bundled in executables which work just like in Windows (e.g. America's Army [ubuntu.com] ).

Security-wise, the useful difference is that this process is not as ingrained in a brain-dead way that you routinely download an exe you shouldn't be trusting and reflexively click "Next" five times. The problem is that in Windows there is no such thing as a trustworthy package (nobody even bothers with signing their applications). And now that Windows users have finally moved a tiny step away from running as root, they've been retrained to routinely click the "you need sudo? yes- use it already, stop asking me every minute!" button. It's not users' fault that Microsoft discourages them from thinking about security because it feels like more trouble than it's worth. My mother is still working up her confidence in dealing with phishing, and she's just now starting to trust herself to the point where she doesn't need to forward the email to me for a second opinion. The last thing I need is to hear about every confirmation window that pops up.

By contrast, in a Linux packaging system I'm very aware that I'm choosing to install software that nobody has vetted. And since deb/rpm/etc are open formats I can easily do my own checking (or get someone else with know-how) to see which files are being installed where they can cause harm. Have fun doing that with an Installshield executable.

Re:It's coming (1)

Culture20 (968837) | more than 3 years ago | (#35485680)

If Linux was mainstream OS, that wouldn't work. People need the ability to install freeware, shareware, commercial, their friends apps or their own apps and so on. Look, the cause is stupid people. But you cannot fix stupid people. So what to do?

Hey, they can compile that stuff in ~/local/src/ and install it in ~/local/lib/ and ~/local/bin/ etc... I used to do that all the time back in school. It's just a quick
tar jxvf app.tar.bz2 ,cd app, sh configure --foo --bar, make, wget dependency1, tar zxvf dep1.tgz, cd dep, sh configure --foodep1 --bardep1, make, make install, cd app, make, wget dependency2, unzip -t dep2.zip, mkdir dep2, cd dep2, unzip dep2.zip, sh configure --foodep2 --bardep2, make, make install, cd app, make, wall IT_COMPILED, make install
away...

Re:It's coming (0)

Moryath (553296) | more than 3 years ago | (#35486986)

And this is why anyone with half a brain doesn't want to waste their time fucking around with Linux.

Re:It's coming (1)

TimHunter (174406) | more than 3 years ago | (#35482668)

I call bullshit. Show me where Apple is making such claims.

Re:It's coming (1)

PopeRatzo (965947) | more than 3 years ago | (#35483246)

I call bullshit. Show me where Apple is making such claims.

Here you go, right from the Apple's core. [apple.com] Notice how they say "Mac OS X doesn’t get PC viruses. And its built-in defenses help keep you safe from other malware without the hassle of constant alerts and sweeps."

Of course Mac OSX doesn't get PC viruses. Tim, don't you think that statement is just a little bit intentionally misleading? Be honest.

Re:It's coming (1)

TimHunter (174406) | more than 3 years ago | (#35483576)

Here's what divxio said and that I called bullshit on.

Apple is marketing the OS as unbreakable and as something that cannot get malware

The statement "Mac OS X doesn't get PC viruses" a) doesn't make either of those claims and b) is absolutely true.

Intentionally misleading? Not to me and apparently not to you. So who would be misled by it?

Re:It's coming (1)

Luckyo (1726890) | more than 3 years ago | (#35483650)

People buying mac personal computers because advertisement says it can't get personal computer viruses.

Re:It's coming (1)

jdgeorge (18767) | more than 3 years ago | (#35483926)

What, other than a PC [wikipedia.org] , does Mac OS X run on?

Re:It's coming (1)

PopeRatzo (965947) | more than 3 years ago | (#35484130)

Intentionally misleading? Not to me

Tim, with all respect that's the wrong answer. The more accurate answer would have been, "I didn't know Apple was claiming that OSX was impervious to viruses".

Seriously, I'm going to repeat the link here: where Apple says, "With virtually no effort on your part, Mac OS X offers a multilayered system of defenses against viruses and other malicious applications, or malware." [apple.com] The headline on that page says, " Mac OS X doesn’t get PC viruses. And its built-in defenses help keep you safe from other malware without the hassle of constant alerts and sweeps [apple.com] ".

Do you honestly believe that Apple is not trying to give the impression that you can't get infected if you run OSX? I'm giving you another chance to admit what anyone who reads that page can clearly see. Will you dig in further in your claim that Apple has never made statements suggesting that "OSX cannot get malware"?

Re:It's coming (1)

Curunir_wolf (588405) | more than 3 years ago | (#35483432)

I call bullshit. Show me where Apple is making such claims.

How about on their website [apple.com] ?

Mac OS X doesn’t get PC viruses. And its built-in defenses help keep you safe from other malware without the hassle of constant alerts and sweeps.

... which of course everyone reads as

Mac OS X doesn’t get viruses. And its built-in defenses help keep you safe from other malware.

Re:It's coming (1)

TimHunter (174406) | more than 3 years ago | (#35483622)

As I explained above, divxio's statement is

Apple is marketing the OS as unbreakable and as something that cannot get malware

Neither of the quotes you cite make such claims.

Re:It's coming (1)

uniquename72 (1169497) | more than 3 years ago | (#35484248)

Yes, and GW never claimed that Iraq was involved in 9/11, and Clinton never denied having sex with Lewinsky.

After all, the definition of "is" is changeable depending on context.

Re:It's coming (1)

bluemonq (812827) | more than 3 years ago | (#35483510)

Of the top of my head, all Apple says is that it doesn't get PC viruses. http://www.youtube.com/watch?v=sdF5IsyOxU4 [youtube.com] . "There are a 114,000 known viruses for PCs." "PCs, not Macs." If a customer believes that means Macs don't get viruses or malware, it's their own fault. Right?' Though...

"A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers. That’s thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part."
http://www.apple.com/why-mac/better-os/ [apple.com] ...funny, I thought what would prevent Windows viruses from running on OS X is plain incompatibility.

"Designed with security in mind, Mac OS X isn’t plagued by constant attacks from PC viruses and malware. Likewise, it won’t slow you down with constant security alerts and sweeps. Every Mac is secure right out of the box, so you can safely go about your work — or play — without interruption."
http://replay.waybackmachine.org/20090627142552/http://www.apple.com/getamac/whymac/ [waybackmachine.org]

"Designed with security in mind, Mac OS X isn’t plagued by constant attacks from viruses and malware. Likewise, it isn’t inundated by never-ending security dialogs. So you can safely go about your work — or play — without interruption. And easy-to-use parental controls let you manage what your kids can do on the computer and when they can do it."
http://replay.waybackmachine.org/20090303015013/http://www.apple.com/getamac/whymac/ [waybackmachine.org]

"Freedom’s not just another word for nothing left to lose. Strong security ensures your ability to conduct your business unhampered. Mac OS X delivers the highest level of security through the adoption of industry standards, open software development and wise architectural decisions. Combined, this intelligent design prevents the swarms of viruses and spyware that plague PCs these days."
http://replay.waybackmachine.org/20060203234931/http://www.apple.com/macosx/features/security/ [waybackmachine.org]

Interesting. I wonder why they started to qualify their statements by inserting 'PC'.

Re:It's coming (1)

MareLooke (1003332) | more than 3 years ago | (#35488996)

Except that a Mac is a PC. If they had said it doesn't get Windows viruses they would have had a point.

Re:It's coming (1)

davester666 (731373) | more than 3 years ago | (#35486236)

While there are remote exploits [notably, the PDF one with the original iPhone v1.0], most of the jailbreaks are not 'remote' in that you need to have the physical phone with a hardware connection to a computer running the jailbreak software.

Re:Problem is people (1)

lwsimon (724555) | more than 3 years ago | (#35482416)

As a geek who gets a call every time a family member's PC so much as has a popup - YES!. Locked consoles for everyone, please.

Re:Problem is people (1)

jimbolauski (882977) | more than 3 years ago | (#35482440)

This is why the problem isn't Windows. These people will do whatever is necessary to make profit. Linux would be just as well targeted if it had the same market share and amount of stupid people. Windows as an OS is secure, especially Windows 7, but there's nothing you can do about user stupidity unless you close down the whole OS. And is that something we really want to happen, locked "consoles" for everyone?

Not entirely true Linux isn't a single OS there are many different distributions these different variations cause a problem with exploiting flaws the uniformity of windows and it's popularity make it a good target.

Re:Problem is people (0)

Anonymous Coward | more than 3 years ago | (#35482520)

Except they all run Linux kernels and execute ELF binaries. The kernel is a VERY nice sub-system to control. You can get root without it being logged anywhere. Your argument doesn't really hold up that well. It's not like Windows is a singular OS either. They all have different kernels (2000 vs xp/2003 vs vista/2008 vs 7/2008R2) and they all have different patch levels....just like the various Linux distributions.

Re:Problem is people (1)

mlts (1038732) | more than 3 years ago | (#35483500)

We have that in devices, and attempts like ChromeOS are likely going to bring that to the desktop.

There is a big push to take root/Administrator away from the end user, for a number of reasons:

1: Joe Sixpack users won't be installing Trojans.
2: The hardware can not have features enabled.
3: OS updates are controlled, and it is easy to force users to get new equipment if they want to use apps with a new OS version.
4: Features can be disabled at will, like OtherOS.
5: Un-uninstallable "branding" can be added.
6: Ad agencies are guaranteed to get a firehose stream of data without the user being able to do a thing about it.
7: LEOs can easily access a device from remote to track usage or copy off files for use as evidence without the user knowing or being able to do anything about it.
8: DRM for music and other content can be made unhackable for a good long while.
9: Content can be pulled at any time.
10: If someone isn't liked by a device maker, their access can be pulled at any time. Lawsuit? Good luck.

Not just criminal syndicates, governments too (3, Interesting)

elrous0 (869638) | more than 3 years ago | (#35482098)

Much of the hacking now is government-sponsored too. China, Israel, the U.S., and Russia have all been allegedly involved in this for some time (probably a lot of others too). Stuxnet [wikipedia.org] , theft of Google source code [wired.com] , you name it. Seems like everyone is in the cybercrime (or cyberwarfare if you want to stick a more polite euphemism on it) business these days.

Governments rule the crime roost (0)

sgt_doom (655561) | more than 3 years ago | (#35482308)

Let's see now....Micro$oft's ADVAPI.DLL, and their sellout of the kernel to the Chinese Totalitarian Capitalist State? You nailed it of course, elrous0, and with the Pentagon's giving access to phony anonymizers to certain neocon PACs, it's all Wall Street motiviated, 'natch.

No. Government militarization dates back to 1990s (4, Interesting)

Anonymous Coward | more than 3 years ago | (#35482346)

I personally observed at least six or seven countries' military domains looking at one of my sites in the late 90s which focused on then unrealised methods of remote operating system fingerprinting (many of which were ICMP-based, and not implemented publicly until years later). As well as many parts of the US military, there was (South, obviously) Korea, Japan, and Germany I believe. Of course, back then they were happy to browse from a .mil.* IP, these days none of them would do that. Australia used to have a lot of network warfare information up on the DSTO website, there's less these days, however they are still a good source for the multi-military JWID events (Joint Warfare Interoperability Demonstrations), a regular compatibility-of-command-and-control event that involves many western militaries. The trend I have seen thus far is for government/military to co-opt hackers through establishing corporate fronts, usually led by an otherwise-reputable hacker who is on the take or convinced to 'help the country' with nationalism. They also pay hackers with basic community cred as informants, and send them to security-related events all around the world in the hopes of acquiring actionable intelligence. We all need to be very careful who we give information to. Furthermore, the increasingly commercial development of some areas of our industry (open source intelligence gathering / computational linguistics / passive traffic analysis + surveillance / video surveillance systems) are strongly contributing to the further degradation of society in to a 1984-like situation. The best thing we can do as people is to avoid the allure of money and refuse to work in these areas, whilst publicly pointing the ethical finger at those that do.

Re:No. Government militarization dates back to 199 (0)

Anonymous Coward | more than 3 years ago | (#35483912)

". The best thing we can do as people is to avoid the allure of money"

Good luck with that

Re:No. Government militarization dates back to 199 (0)

Anonymous Coward | more than 3 years ago | (#35487696)

If you don't take the money someone else will... It isn't about that really though. The problem isn't that someone wants our information. It is about us not having secure systems and the tools to fight this encroachment. I went to a movie tonight and the machines didn't take $$$. Only credit cards as far as I could tell. They didn't have a physical person manning a booth except after you got your ticket. Heck- even that appeared to be unmanned. Maybe I could have just walked in and sat down for all I know. The problem is not being able to control tracking or the ability to have anonymity. It is the fact we don't have the tools to do so. We have credit cards and no form of widely accepted anonymous currency on the net. We have outlawed it due to concerns over money laundering by the way.

In other words, the government turns hackers into? (1)

elucido (870205) | more than 3 years ago | (#35489158)

In other words, the government seeks to turn hackers into informants aka stooges?

What isn't know is how the government gets them to do that, without paying then any money. Threats? Help us or gitmo? Why would any hacker want "community cred" as an informant? And why would a hacker risk their lives for free? Patriotism?

That being said, these hackers would be informing or working for the mafias and others if not the government because the mob runs a protection racket just as the government does. But what you describe seems to be a protection racket, where the government offers hackers protection in exchange for information, and who knows what would happen to the hackers who don't receive protection.

Good career? (1)

C_amiga_fan (1960858) | more than 3 years ago | (#35482190)

I've thought a couple times about quitting engineering and going into Computer security, but not really sure how profitable that move would be.

Re:Good career? (1)

elrous0 (869638) | more than 3 years ago | (#35482384)

The only problem that I see with a security career is that I imagine you would almost have to be a grey hat these days to be truly effective in the field (though I'm sure there will be no shortage of white hats who would disagree). Hacking is getting pretty sophisticated, and it would always annoy me to be handicapped by the fact that I could never even skirt the law (much less break it) in trying to keep up with the latest techniques. This is unless you actually work for law enforcement, of course, in which case you could at least go undercover. To use a non-car-related analogy, It's would seem to me like fighting with one hand tied behind your back against a guy wearing brass knuckles on both hands.

I mean, it would really suck to have the FBI knocking on your door just because you were hanging out on a hacker IRC channel. And I somehow doubt they would buy a "But I was just trying to keep up in my field" defense. So that leaves you stuck with more legit outlets, which always seem at least one step behind the bad guys.

And state sponsored corporations (0)

Anonymous Coward | more than 3 years ago | (#35482254)

Sounds like HBGary...

JPMorgan Chase, GS & Morgan Stanley (0)

sgt_doom (655561) | more than 3 years ago | (#35482256)

You mean the trinity of evil when you speak of organized 'net crime? Or that big time criminal outfit, the US DOJ? Confused by propagandistic articles? We all should be by this time. When the banksters are finally executed, then and only then should people speak of the lower echelon of ethnic crime.

"The Life of a Cybercrime Investigator" (0)

Anonymous Coward | more than 3 years ago | (#35482276)

"The Life of a Cybercrime Investigator"

1. Be born.
2. Investigate cybercrime.
3. Die.
4. ???
5. PROFIT!

Re:"The Life of a Cybercrime Investigator" (2)

cultiv8 (1660093) | more than 3 years ago | (#35482550)

That should be 3 steps:

1. Investigate cybercrime
2. ???
3. Profit

#2 is mostly filled with commenting on /., reading xkcd (again), and boobies.

Cyber (0)

Anonymous Coward | more than 3 years ago | (#35482292)

Anyone that uses the root "cyber" should not be taken seriously.

Including this useless fucking site.

Re:Cyber (1)

jackdub (1938908) | more than 3 years ago | (#35483270)

cyberhacker != cybercracker
lulz.

Do they have a pi license? (0)

Anonymous Coward | more than 3 years ago | (#35482378)

Do they have a pi license?

Re:Do they have a pi license? (3, Funny)

davidwr (791652) | more than 3 years ago | (#35482438)

No, but they have 3 beautifully-handcrafted fake "1" licenses and they are about 1/7th of the way through the artwork of a 4th.

Some lone wolves still (2, Interesting)

trollertron3000 (1940942) | more than 3 years ago | (#35482422)

Although all of the powerful crackers know others, some of them truly are lone wolves. For instance, The Jester (th3j35t3r ) with his Xerxes botnet. He doesn't claim any affiliation AFAIK and is self-proclaimed former military hacker. I always wondered if they give him a pass because he helps with other things, like taking down Islamic-jihad websites which he's know to do. No man is an island after all and he definitely has connections. But still he seems to be the "lone wolf" acting with impunity at times.

And that's just one of many that have never claimed a group affiliation and seem to be driven more by underground fame and rage than money or crime.

Re:Some lone wolves still (2)

trollertron3000 (1940942) | more than 3 years ago | (#35482474)

Don't usually post to my own comments but a correction - he is self proclaimed former military and served in Afghanistan. He never claimed he hacked for them AFAIK.

Re:Some lone wolves still (0)

Anonymous Coward | more than 3 years ago | (#35489456)

Having a decent sized botnet doesn't mean you're a "powerful cracker." Any halfway technical person could assemble at least a 1K node one if they wanted to / were prepared to take the risk. (E.g. trojans on public torrent trackers.) Simpler still is to just get on IRC and buy one. Anyone with a nick that ridiculous who attention whores with public DDoS is probably an overgrown script kid. Or lol, I guess he fancies himself as an "ethical hacker" ... back in the day when there was still a scene people like that would have their d0x dropped and their boxes rm'd by real hackers like the Unix Terrorist and Cold Fire.

Best/Worst part of the article (2)

GameboyRMH (1153867) | more than 3 years ago | (#35482424)

Santorelli has devoted his career to identifying, tracking and apprehending cybercriminals in a new cyber-environment in which police chases are clocked at light speed and villains drive on a global superhighway congested with 1.8 billion law-abiding commuters.

LMAO! XD

Re:Best/Worst part of the article (1)

swanzilla (1458281) | more than 3 years ago | (#35483646)

Can you jam with the console cowboys in cyberspace?

Lets stay positive.. (1)

Tibia1 (1615959) | more than 3 years ago | (#35482446)

.... and hope that these organizations don't band together, start sharing innovations and start developing 'next level threats' as I'd call them. With those resources and people behind them, evil people could do bad things to the internet. Gah, lets hope not. Lets hope.

Re:Lets stay positive.. (1)

trollertron3000 (1940942) | more than 3 years ago | (#35482518)

They're already doing that with criminal clearing houses and exchanges. We just have to stay one step ahead of them and pay the best hackers to "white hat" for us. That's the key. We need out own heavy hitters that can skirt the fine line.

Re:Lets stay positive.. (0)

Anonymous Coward | more than 3 years ago | (#35486100)

We just have to stay one step ahead of them and pay the best hackers to "white hat" for us.

Can you afford to pay them? I wonder how much a cracker would enjoy the boredom of not being able to apply his research?

Re:Lets stay positive.. (2)

Cornwallis (1188489) | more than 3 years ago | (#35482578)

.... and hope that these organizations don't band together, start sharing innovations and start developing 'next level threats' as I'd call them. With those resources and people behind them, evil people could do bad things to the internet. Gah, lets hope not. Lets hope.

That reads like a description of the U.S. Gubmint.

Does This Qualify As Organized Crime ? (0)

Anonymous Coward | more than 3 years ago | (#35482650)

Why do you think they're called Banksters [bankofamerica.com] ?

Yours On Wall Street,
Philboyd Studge

We noticed (5, Informative)

DCFusor (1763438) | more than 3 years ago | (#35482740)

A good while back, while we were still on dialup, actually. Being a small software shop who delivered results and of course our bills over the 'net, we did a ton of email traffic. At the time it was a windows shop as well (by customer demand). We "captured" many viruses in emails, didn't catch them -- we were all pros and knew better. Since we had all the best tools money could buy, we looked pretty closely at these "captured" (eg, not caught) viruses. At first, they were obviously not the work of very skilled or well financed people. Many still had debug symbols in the code, and things like Devstudio and reverse compilation showed they were usually done with a "free" C compiler, not GCC, but Borland.
Most were pretty crummy code, at least by our standards, though there were a few interesting tricks, like pushing data on the stack and then doing a return to get a goto to happen, often into a system function.
All of a sudden, things got better or worse, depending on your POV. The stuff we were capturing suddenly changed, a lot - it was well written, well obfuscated, and tricky stuff -- we even got a cool idea or two from it, and the new stuff was much smaller and made better use of the system API to do nearly all the work -- none of the obviously malicious code was in the virus itself, just system calls with destructive parameters. This would have been around the 2006 timeframe.
It was obvious that someone had started putting money into the game, or for whatever reason the quality of the crackers had suddenly gotten a heck of a lot better, which usually implies the former. Real talent.
To the fanboi who said "it's not windows", sorry pal. Might have been true once, for bot farms and so on, that need volume. Today's cracking is financially based, and much more targeted. And most machines that deal with tons of money aren't running windows -- after being burned a few times, you think the financial business has any loyalty to the guys in redmond? Or anyone at all, for that matter? Linux is just plain more difficult to crack, and more proactive about patching when possible vuln's are discovered. Anyone who looks at the flow of updates to Ubuntu and how many of them "fix a possible security bug" knows this. Many bugs that would have been zero-day exploits are fixed before anyone has put an exploit out for them at all, just by doing some fairly obvious code analysis, looking for ways to overflow allocations and such.
Could be windows guys do that some too, but since they long-delay even well known holes, and you can't see what is in those closed source, uncommented updates, (sometimes there's a KB entry, but not always and always little detail) how could you prove that? I don't think you can.

financed ... by international criminal syndicates (1)

vlm (69642) | more than 3 years ago | (#35482752)

they are financed and directed by international criminal syndicates

This is the part I don't understand, or maybe its a troll indicator.

So.... I've seen all the movies. You wanna buy $100K worth of coke in Columbia to sell in the USA for $500K. But you don't have $100K. So you get a very special loan, with some very special terms, etc, from some dude in Columbia. Thats financing by an international criminal syndicate.

How exactly does an international criminal syndicate finance hacking? How much money has to be fronted to get a .torrent of visual basic or whatever, on a $300 emachines desktop, in moms basement, hopping on your neighbors wifi?

Psst, hey "Don VLM", I gotta business transaction for youse, Barry the Enforcer needs a new mouse from officemax for that special job, you know, for that guy that we was talking about? Yeah well that mouse costs money, like two dollars and ninety nine cents. I was wondering if you coulds front me the dough till next week, when we get our protection money from that kids lemonade stand. Yeah yeah, the usual 100% interest per week plus a cut of the action OK OK, "Don VLM". I know I gotta get you yourse three bucks next week or I'll end up waking up in bed next to a one of them decapitated "headless" servers. Yeah Yeah Capishe?

Re:financed ... by international criminal syndicat (1)

HikingStick (878216) | more than 3 years ago | (#35482890)

They're not financing workstations in basements--they're paying for real coding talent, for information, and for new exploits (or new uses of old exploits). If you know what game development teams look like, you've got an idea of what more and more criminal enterprise teams look like, except that, instead of a semi-competant boss who is looking out for the company's bottom line, you have a trusted semi-competant boss whose only mission is to pass the deliverables on to the syndicate. Slacking off, or throwing some code for a traditional employer might, at worst, find you looking for another job. Doing the same for your evil overlords might net you a bit more trouble (don't mess with dudes with guns).

Re:financed ... by international criminal syndicat (0)

Anonymous Coward | more than 3 years ago | (#35487766)

I seriously doubt anybody would bother committing murder over computer code. Something just tells me the cost of that code doesn't warrant it. It just attracts too much attention. For what? Revenge? No. They can just as easily get another coder. On the other hand if a syndicate lends money or drugs to someone that actually is a loss to the organisation. They can't recoup it. They have to ensure others don't attempt to do it. With a coder? What have they really got to lend? They don't lend anything. They just buy.

Re:financed ... by international criminal syndicat (1)

HikingStick (878216) | more than 3 years ago | (#35490404)

You're right that the exchange of physical goods carries a more obvious risk, but there's also risk in losing one's IP. In the case of a crime syndicate, that IP includes knowledge of operations, the technologies used (including attack vectors), and perhaps even server locations/service providers--all information that would be valuable to competing syndicates or law enforcement agencies. I doubt any crime syndicate that's hiring coders is simply going to let them run free with something as simple as a non-compete agreement.

Re:financed ... by international criminal syndicat (0)

Anonymous Coward | more than 3 years ago | (#35483350)

They're buying people's time, who are often in turn buying other people's time. It's cheaper and faster to do things like buy time on a botnet or buy a zero-day exploit for your malware than to come up with these things yourself.

Re:financed ... by international criminal syndicat (1)

Anonymous Coward | more than 3 years ago | (#35483404)

Just because the information doesn't get tweeted and dissected in main tech-media, it doesn't mean that there aren't real mafia-like crime syndicates around.

There are real criminals, with real organization, who collect 'protection money' just like you've seen in mafia documentaries and movies.

You do not have a choice but to pay up and be quiet. If you had an online business, say a betting site, which generates considerable amount of money on hourly basis and you would find yourself DDOS'd with the option to pay up a 'ransom' of some tens of thousands of dollars or lose reputation and revenue, what would you do?

You can not stop it and nobody has jurisdiction to end it. You pay up, and you keep your mouth shut or else.

While these stories do not surface often, it does not mean that it doesn't happen.

Posting AC for obvious reasons.

Re:financed ... by international criminal syndicat (0)

Anonymous Coward | more than 3 years ago | (#35486244)

they are financed and directed by international criminal syndicates

Psst, hey "Don VLM", I gotta business transaction for youse, Barry the Enforcer needs a new mouse from officemax for that special job, you know, for that guy that we was talking about?

Running bot-masters? Registering thousands of domains in an algorithmic fashion? Running a market exchange for CC number? Constantly recruiting new money-mules? Shifting accounts on different geographies? Protecting all the above not only from authorities but against competing syndicates as well?

Re:financed ... by international criminal syndicat (0)

Anonymous Coward | more than 3 years ago | (#35486342)

Are you talking about Columbia, South Carolina? Or Colombia, South America. Because you seem to imply one while spelling the other.

Re:financed ... by international criminal syndicat (0)

Anonymous Coward | more than 3 years ago | (#35497158)

You think that programmers at Microsoft get paid a salary because of the cost of their workstations? No, they're being paid for the time they spend programming. They're being paid because they know how to write code better than the average person. Same thing going on with these "criminal syndicates". They're paying programmers to write viruses.

Have been teaching that for a long time... (2)

HikingStick (878216) | more than 3 years ago | (#35482972)

The fact that there's been a move from the idealistic and casual hackers to organized crime has been sounded by wise security folks for years and years and years. The writing seemed to be on the wall pretty clearly since about 2004, and I was warning IT auditors and bank examiners about it from the mid-2000s onward.

It should be no surprise to anyone in the IT field, but I can see how there might be a big disparity between contemporary IT thought and the knowledge held by law enforcement units around the country (and, perhaps, around the world). Sure, not all of them are that far behind, but only those who have been engaged in the fight really have any feel for what is going on, so many of the smaller police departments and rural units probably have limited exposure, and even fewer resources for dealing with IT threats.

Fraud By Net (1)

b4upoo (166390) | more than 3 years ago | (#35483014)

Probably the largest amount of criminal activity comes fro women on dating sites trying to scam men into sending money to enable travel to the man. If the government gets serious millions of American women could get severe prison sentences for that game. In law it is not so difficult to offer proof that a woman has promised to travel to live with 75 different men all over the world on the same day and taken money from many of them.
            This is an issue like stealing bicycles. Bicycle thefts total far more than bank robbery losses and more deaths result from bicycle thefts than bank robberies as well. Yet a bank robber can easily get 20 years for a first offence and a bicycle thief will rarely be put in prison. We have it backwards.

Re:Fraud By Net (0)

Anonymous Coward | more than 3 years ago | (#35483220)

Citation needed.

Apples and papya? (1)

TiggertheMad (556308) | more than 3 years ago | (#35483784)

This is an issue like stealing bicycles. Bicycle thefts total far more than bank robbery losses and more deaths result from bicycle thefts than bank robberies as well. Yet a bank robber can easily get 20 years for a first offence and a bicycle thief will rarely be put in prison. We have it backwards.

bicycle thieves rarely use shotguns to execute their crimes...

Where to send my CV (2)

Curunir_wolf (588405) | more than 3 years ago | (#35483172)

Organized crime also has vast resources derived from its traditional operations to finance the hiring of quality hackers around the world.

How do I get in on that?

Re:Where to send my CV (0)

Anonymous Coward | more than 3 years ago | (#35483484)

I don't know how bad your situation is, but think about the likely retirement package first.

Re:Where to send my CV (1)

hellkyng (1920978) | more than 3 years ago | (#35484786)

1. Move to Easter Europe
2. Learn to speak Russian and Moldavian
3. Tell everyone you meet you are a super 1337 h@x0r
4. ???
5. Profit
6. Get arrested and prosecuted locally.
7. Accept slap on wrist
8. Profit

Re:Where to send my CV (0)

Anonymous Coward | more than 3 years ago | (#35484848)

You can't shake the Devil's hand and say you're only kidding.

Re:Where to send my CV (1)

OWJones (11633) | more than 3 years ago | (#35486016)

Don't worry. If you've got an electronic version stored somewhere, they've already grabbed a copy.

Re:Where to send my CV (0)

Anonymous Coward | more than 3 years ago | (#35486300)

Where to send my CV

For your convenience, you can post it in here: I promise to consider it.

It's the Hollywood! (1)

microbee (682094) | more than 3 years ago | (#35483174)

Look, I know who they are, the bad guys. Haven't you noticed in every hollywood movie that features a hacker, they use totally different hacking tools than what we see normally? Those Matrix like, futuristic hacking scenes allow a mediocre hacker to crack DoD mainframes in like 15 seconds with a gun pointing to his head! Un-Be-lieable! Oh, and don't forget that they all use Macs. I don't have any proof that is related, but Steve Jobs is on some big freaking Studio's board.

Re:It's the Hollywood! (1)

Anonymous Coward | more than 3 years ago | (#35483938)

Haven't you noticed in every hollywood movie that features a hacker, they use totally different hacking tools than what we see normally? Those Matrix like, futuristic hacking scenes allow a mediocre hacker to crack DoD mainframes in like 15 seconds with a gun pointing to his head!

You mean like in that movie 'The Matrix Reloaded', where trinity uses nmap [youtube.com] to find an exploitable SSH server? Insultingly infeasible.

Re:It's the Hollywood! (0)

Anonymous Coward | more than 3 years ago | (#35484898)

Like, Disney, perhaps?
http://corporate.disney.go.com/corporate/bios/steve_jobs.html
He's also the largest single shareholder of Disney IIRC, at about 7%

Life of a cop (0)

Anonymous Coward | more than 3 years ago | (#35484364)

is all I bloody read. what a waste of time posting this was.

Is this like the Cyber Police? (1)

leamanc (961376) | more than 3 years ago | (#35485694)

I hope no one out there dun goofed!

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>