Catching cyber-thieves: the future of net scams

To catch a cyber-thief
Attacks, hijackings and drive-bys are becoming so common that the online world is basically a version of Grand Theft Auto with more realistic porn

A few years ago, me and my friends had an ongoing joke. When a movie franchise had run out of ideas, it would try and contemporise itself with the following plotline: "CYBERTERRORISTS take over THE INTERNET, and THE HERO has to GO INTO THE INTERNET and KILL THE CYBER-TERRORISTS."

We decided it was going to form the story for the next pre-Craig James Bond adventure, or the next Bourne film, or even Jaws 5: Sharks on the Internet.

We were a little surprised when CYBERTERRORISTS showed up in Die Hard 4.0 – although John McClane didn't have to GO INTO THE INTERNET. He did, however, have to do all manner of ridiculously stupid things that surely no 52-year-old body is capable of.

Fast-forward three years after the release of Die Hard 4.0 and CYBERTERRORISM isn't really an issue, but CYBERCRIME is. I'll stop with the Caps Lock now. In fact, attacks, hijackings and drive-bys are becoming so common that the online world is basically a version of Grand Theft Auto with more realistic porn.

What's more is that cybercrime has become a huge business. Recently three men were indicted in Chicago for selling 'scareware', which convinces users that they have a virus on their PC, then offers them a conveniently expensive way to make it go away.

This kind of scam has been around for a few years, but what's really surprising is that the three men generated $100 million a year with their software. It's an epically huge amount of money, which gets laundered in much the same way as money from prostitution and large-scale drug deals.

Preying on the weak

Cybercriminals are also finding new ways to exploit humble, clueless internet users. The latest of these is the 'copyright violation scam', which scans the user's PC for illegally downloaded material and then gives the user the opportunity to pay off the Recording Industry Association of America (RIAA) or Motion Picture Association of American (MPAA) to the tune of $400 to avoid being taken to court.

Of course, the RIAA and MPAA have nothing to do with this latest scam. "These organisations are known for their hardball tactics, so it's almost plausible that they would do something like this," said F-Secure's Chief Research Officer, Mikko Hyppönen. "And we know there were people who paid up. There were several people on the PirateBay forums who said, "Oh yeah, I paid up."

With the zeitgeist of tightening copyright control haunting many torrenters, the idea of a quick and easy way to avoid appearing in court appeals to unsuspecting users.

Scarier still is the threat to online banking. Zeus is an advanced keylogger that sits silently in the background of your PC, and a recent estimation by security company Trusteer suggests that it currently infects one in every 3,000 PCs. Like herpes, you won't know you've got it until it's too late.

Over logging

"Zeus is a highly advanced keylogger/banking trojan combo," Hyppönen goes on to say. "It's able to penetrate most of the safeguards built into online banks. Even if you have one-time passwords in your online bank, or if you have challenge responses or a physical device to log in, there are trojans that will sit on your computer, wait for you to go to an online bank to pay bills, and then it will modify the bills as you pay them. You want to pay 50 bucks to the electricity company, you type that in. Zeus changes that to 500 bucks to a completely different account. But you won't see the change on your screen."

CYBERWAR: F-Secure's Chief Research Officer, Mikko Hyppönen

The threat to online banking gets even worse with a new scam in Brazil, as Hyppönen says: "You go to Banco Bradesco – the largest bank in Brazil – and [the virus] waits for you to login. So you give your authentication, and you're now logged in. It then shows you a fake page, which is very well designed.

It tells you that there is a special promotion, running for this week only, which lets you open a new special investment fund, which gives you interest of 3.9 per cent a year, which is plausible. It also says that all the users who sign up with at least €1,000 today will receive a free Nintendo Wii. And you can invest your money in this account by moving money from your account to this account number. It's a good deal, you get a nice return, and you get a free Wii."

Where do these new scams and viruses come from? It's a complex system that parallels the traditional legal software development process. One guy devises a scam, another designs the virus to do it, and he then sells it on to criminals who implement it in the real world. After all, designing a virus is completely legal, but then going on to use it to generate cash is very illegal.