Prevention

Life of Cybercrime

By Jennifer Martinez

Drugs, money, luxury cars, MTV Cribs-caliber houses. Paranoia, murder, prison and a trail of ruined lives. The lives of top cybercriminals today isn’t so far from the picture painted in Scarface. Yesterday’s hackers believed recognition brought fame and respect. Today’s cybercriminals adhere to Tony Montana's simple credo: "First you get the money, then you get the power." To reach their goal, they play a numbers game: By attacking hundreds of thousands of computers, cybercriminals are siphoning millions of dollars into their pockets every year.

Top players in cybercrime tend to work like shopkeepers selling shovels during the gold rush. They let others do the dirty work while they, for a small profit, provide the means. And those small profits add up to millions of dollars. Take Albert Gonzalez, who was arrested in Miami with a luxury condo, a 2006 BMW, and $1.65 million -- in cash. Instead of dealing cocaine, Gonzalez stole his money via hacking, duping and stealing information.

The money and the power
Alhough Gonzalez orchestrated huge cybercrime attacks, he didn’t work alone. He didn't even create the code that made him millions. The "sniffer" that he used to steal information from companies like Barnes & Noble, Forever 21, Office Max and T.J. Maxx was written by his friend, Stephen Watt. Gonzalez had a $75,000 birthday party and once complained that he had to count $340,000 by hand (because his bill counting machine was broken), but Watt gained nothing but the knowledge that his code was wreaking havoc on a global scale. It was almost like both men represented a side of the coin. Gonzalez was the money, while Watt was the power.

Finally, in August 2008, Gonzalez was charged with hacking into retail clothing chain T.J. Maxx’s computer system and stealing 40 million credit and debit card numbers (which would be sold on the black market). When they began, both men were in their 20s.

Gonzalez’s arrest was especially shocking because before the large-scale attack, he worked for the Secret Service. After being arrested for cybercrime, he was offered a position to help execute "Operation Firewall," which was designed to stop cybercriminals. He helped the Secret Service arrest 28 members of a cybercrime gang, but it's believed that he leaked information to save others from arrest.

The cybercriminal conscience
When Gonzalez was arrested, his family was shocked. Hard-working and church-going individuals, they couldn’t believe the turn that Gonzalez took. Most cybercriminals like Gonzalez do not believe that they are doing anything wrong.

Not all hackers cross the line. Several claim that by finding holes, they are helping society stay safe. Writes Corinne Iozzio in her article "The Cybercrime Hall of Fame":  "More often than not, a hacker sees an open window -- a hole in a system's security, a backdoor, etc. -- and climbs on through merely to prove that they can." But with the hole, window and backdoor comes access to valuable information and the opportunity to financially crush countless unsuspecting individuals. Not everyone climbs through that window with the same intentions.

Straight to the consumer
Though major companies like Barnes & Noble and T.J. Maxx might not seem personally relevant, cybercriminals also attack individual computers, especially with giant botnets that steal information straight from users' systems.

In the summer of 2009 a security team in America discovered one of the world’s largest botnets. Six cybercriminals controlled 1.9 million infected computers via remote server hosted in Ukraine. Forty-five percent of the infected computers were in the U.S., including 70 government-owned domains. The attackers could see basically anything on any of the infected PCs, install programs, record keystrokes and use the machines in Denial of Service attacks.

Though little is known of the international team above, we do know about 23-year-old Christopher Maxwell who, in 2006, was sentenced to 37 months in jail plus three years of supervised release. His botnet infected hundreds of thousands of computers globally and raked in over $100,000. Maxwell was teary-eyed in court, saying he didn't understand the gravity of his actions … although he may have enjoyed the spoils before the indictment.

We also know about the BBC, which created its own botnet just to see how much power botnets really have. As there was no bad intent and nothing stolen, they say that theirs was legal. Using it, the BBC reproduced a Denial of Service attack, sent spam and warned infected computers to invest in some Internet security.

A large-scale botnet is generally too big to poke around on each computer individually. However, the attackers can receive money by installing malicious software on portions of the computers, like placing ads for a price. According to the BBC, botnets are also useful for DDoS attacks (distributed denial of service), as criminals "threaten to knock a site offline unless a hefty ransom is paid." Cybercriminals can also "sell" the infected computers on the black market. So groups of computers, like shares in a company, are constantly bartered and sold. A user’s PC could be “sold” several times without the real owner ever knowing.

Avoid the bad guys
From banking to buying a birthday gift online, it’s imperative that everyone is smart about safety. If people aren’t careful, they could lose their homes, their financial reputations and their entire life savings to cybercriminals living on the other side of the globe, or just across the street. Trade that for some vigilance and security software, and the deal seems pretty good.