HOW BAD GUYS STEAL CYBER INFORMATION

Listcrime is a one-stop-shop for reliable, up-to-date information about cyber crime, we at Listcrime.com want to give home users and small businesses the advice they need to use the Internet safely. For the most part, references within this web page appear as links to the actual site that the information came from. I revert to customary referencing when citing non-WWW based sources. A bibliography of any sources not linked will appears at the end of this web page.

America’s cyberspace links the United States to the rest of the world. A system of networks crosses our planet, allowing Bad Guys on one continent to act on networks thousands of miles away. Cyber attacks cross borders at light speed, trying to find the source of dirty activity is difficult. This web page explains what the Bad Guys do to get your information and how they go about it. These Bad Guys will usually try and tap into your computer utilizing various methods. As a citizen you must be capable of safeguarding and defending your computer, networks and personal identification. See How bad guys steal your password.

SEE: LISTCRIMES INTERNET SCAMS and LISTCRIMES COMMON WAYS IDENTITY THEFT HAPPENS .

LETS EXPLORE SOME WAYS BAD GUYS STEAL YOUR INFORMATION WHEN YOU USE YOUR COMPUTER.

A. Accepting without reading:  By far one of the most common ways a computer becomes infected is the user simply accepts what he or she sees on the screen without reading the prompt and/or understand what it's asking.

Some common examples:

1. While browsing the Internet an Internet advertisement or window appears that says your computer is infected and/or that a unique plug-in is required. Without fully understanding what it is you're getting you accept the prompt.

2. When installing a program or update that program you're prompted (often checkboxes already checked) if it's ok to install additional programs that you may not want or are designed to monitor your usage of the program.

B. Opening e-mail attachments:  Another very common way people become infected with viruses and other spyware is by opening e-mail attachments, even when from a co-worker, friend, or family member. E-mail addresses can be easily faked and even when not faked your acquaintance may be unsuspectingly forwarding you an infected file.  When receiving an e-mail with an attachment if the e-mail was not expected or from someone you don't know simply delete it. If the e-mail is from someone you know be cautious opening the attachment.

C. Not running the latest updates:  Many of the updates, especially those associated with Microsoft Windows and other operating systems and programs are security updates. Running a program or operating system that is not up-to-date with the latest updates can be a big security risk and can be a way your computer becomes infected.

D. Pirating software, music and/or movies:  If you or someone on your computer is participating in underground places on the Internet where you're downloading copyrighted music, movies, software, etc. for free. Often many of the files can contain viruses, spyware and/or malicious software.

E. Downloading infected software:  Downloading any other software from the Internet can also contain viruses and other malware. When downloading any type of software (programs, utilities, games, updates, demos, etc.) make sure you're download the software from a reliable source and that while installing it you're reading all prompts about what the program is putting on your computer.

F. Password Social engeneering : Here’s an example of how it works. Using only one a name and place of employment, the Bad Guy can find a blog, résumé or other identifiers over the internet. Social networking sites such as Face book and MySpace provided a font of information on grandparents, pets, hometown and more. With that information a Bad Guy will visited your bank’s Web site, where your user name is usually simply your first initial and last name. The Bad Guy will then asked for a password reset. The bank sends an e-mail with that information to your Web mail account. See How Bad guys steal your password.

Ariel Rabkin, a researcher at the University of California at Berkeley, is probably the first to attempt to quantify the problem. He recently published a research paper (PDF) titled in part, “Security Questions in the Era of Facebook.” It examined password reset questions at 20 banks. Of the 215 questions used by the banks, he classified only 75 as secure and usable. The others were either easy for hackers to guess or obtain, or simply too hard for consumers to remember.

Knowing what they do helps you to defend your information.

Another example is when the hackers try and attack a home computer, a company or bank the first thing they try and do is to test for vulnerability. This is usually done with a "port scanner," a commonly available application that queries thousands of arbitrary Internet addresses, hunting for any network with open ports through which a hacker can easily enter. It's very similar to a burgular walking around a house looking for an open window. 

Most Hackers that come after your home computer usually want to harnes your home computer power. Some want your computer power, some want your information but most want both. A hacker might use your machine as a relay, a bouncing-off point from which to probe for weaknesses in other networks. Once inside your network, the hacker has free reign, for credit card numbers, personal information, or if its a business they want company information. Criminal hackers can use softwareand freeware programs off the internet to gain access.  Once in they can use your home computer or a companies network's processing power to help them spread spamming software to thousands of other computers.

* Key clue: If your computer is running very slow and doing odd things, it's likely someone has placed something on authorized on your computer.

 

Most Hackers are pretty smart, if they get your computer power it usually goes unnoticed by you the home owner or the compromised company. They purposely try and keep a low profile to stay unnoticeable. There are lots of Hacking tools that can be downloaded from the internet that can scan millions of IP Addresses over the internet looking for vulnerable computers to attack (SEE METASPLOIT.COM).  Hackers don't want their exploits to point back at their own machines, so they enslave other computers, turning them into "zombies," forcing them to attack in concert. Not only do Hackers use the bandwidth for theft but they can also be distructive.  For example a Distributed denial of service (DDoS) attacks is a method they use which involves numerous computers bombarding an Internet server with data, overloading it and causing the server to stall or crash. An attack meant to harm businessses, taking them offline.

Hacking attacks can be launched in a number of ways:

  • Attacking computers that don't have firewalls installed.
  • Installing keystroke loggers or other malicious code by hiding it in email attachments.
  • Exploiting browser vulnerabilities that have not been properly patched.
  • Exploiting weak or poorly protected passwords.
  • Hiding malicious code in downloads or free software.
  • Hiding malicious code in images on websites and waiting for unsuspecting users to click on them.
  • Employees or other trusted users simply accessing an unprotected computer.
  • Exploiting poorly installed networks, and especially wireless home networks.
  • Malware wages war on Gamers: Most gaming sites themselves are safe , or at least can detect something like SQL code injection.  But the real danger lies outside the actual games were gamers gather and trade tricks, tips and swap code.

*Hacker have their own websites that contain downloadable tools that help them break into vulnerable computers and take control of them.

Computer Essentials:

SEE: LISTCIME'S PROTECT YOUR PC

  • Keep up-to-date with the latest patches, especially for your browser.
  • Be careful about the types of websites you visit, what you click on, and what you download. And make sure that everyone who uses your computer understands the security risks and rules.
  • Make sure all computers you use in your home or business have the latest firewalls and anti-virus software installed.
  • Use a good-quality anti-spyware solution, and scan your computers regularly for virues and malicious adware
  • Be cautious of emails they may actually be phishing scams.

CLICK HERE: COMMON WAYS YOUR INFORMATION IS STOLEN

How BAD GUYS spread stolen information:

Did you ever wonder how your credit card and personal information is bought, sold or transferred? Have you ever wondered how someone uses your personal or credit card information after it is stolen to commit fraud? There are a number of ways, but the preferred method of choice for today's online hackers is through the dump process. A dump is a file containing the data like your Personal Identifiable Information (PII), credit card or bank account information stored on a file bought and sold over the internet.  Dumps are the favorite way BAD GUYS enjoy passing credit card fraud and PII information.

Credit card dumps allow credit card thieves to dump the data onto any type of magnetic card. For example hotel room keys, discount cards, gift cards, and other credit cards. This makes it easy to launder credit cards. A fraudster can simply use their own credit card and dump some stolen data onto it to purchase anything in person. When the cashier checks their identification, everything looks above legitiment.

The BAD GUYS gather your information by attacking systems that don't meet the standards mentioned above. Unfortunately Cyberspace is now heavily populated with non-human residents known as bots. Credit Card numbers posted on IRC, allow card numbers to be transmitted automatically by third parties. IRC system uses a very effcient “store and forward” mechanism for distributing messages that the fraudsters use to disconnect the supplier of the card number from the consumer of the number. This makes tracking by law enforcers more difficult. The IRC channels utilized by carders provide a sophisticated set of automated response generators or “bots” to facilitate the compromise of merchant sites, the validation or verification of card info from merchant records, and access to open proxies used to conceal online identity during commission of crimes. Bots are also known as "zombies" or "drones." They are part of the malware family; the part that allows an attacker to gain complete control over an infected computer. They also work closely with worms or Trojans to control your PC. So, if your computer has been victimized by any sort of infection, the bot is able to take over and, in a way, "zombie" your PC. So, if you notice your computer is running slower or it suddenly crashes, keep bots in mind as a possible reason. You'll just want to run your antivirus and spyware protectors immediately. An international network of IRC channels and related Web sites has arisen to facilitate credit card fraud and other forms of identity theft and payments fraud.

Automation of carding activities: IRC bots were run on many of the intercepted channels to enable and facilitate elements of the attack and exploitation process, including: target (merchant site) identification, target exploitation, card validation, card verification, and accessing open proxies used to conceal online identity during commission of crimes.

IRC Channel participants do little to hide their activities. They transmit almost all their traffic clear text across public IRC networks, typically leveraging IRC proxies on compromised hosts to obfuscate their entry points into the network.

Typically, a prospective seller of stolen identities posts a sample of stolen information to a channel, including personal identity and payment instruments, e.g. credit card numbers, expiry dates, and, in some cases, PIN numbers and CVV2 numbers. This advertising/negotiation activity is the principal online activity, with actual deals being concluded via IRC private messages or other out-of-band means not readily susceptible to monitoring via honeypots.

Criminal hackers have different motivations – profit, mischievousness, vainglory – but they all work in similar ways.

Today's hackers have ties to various organized crime groups, and are penetrating computers in the United States and elsewhere to obtain illegal profits. "New technology allows BAD GUYS to commit crimes in the United States from anywhere else in the world. It used to be that a certain skill sets was required to successfully steal credit card information online, and to successfully sell or exchange such information, however now its easy and an international network of IRC channels and related Web sites has arisen to facilitate credit card fraud and other forms of identity theft and payments fraud.  Hundreds of such IRC channels and semi-covert Web sites for illicit activity have popped up and criminals are communitcating in the open.

REFERENCES:

CLICK HERE: CENTER FOR INTERNET SECURITY

CLICK HERE: WWW.COMPUTERHOPE.COM

CLICK HERE: COMMON WAYS YOUR INFORMATION IS STOLEN

CLICK HERE: DIRT BAGS WEB SITES

CLICK HERE :WORLDSTARTS.COM TIPS

CLICK HERE : WATCHGUARD. COM EDITORIAL

CLICK HERE: CBS VIDEO IDENTITY THEFT

 

«««BACK        

CONTACT US       ABOUT US     DISCLAIMER

COPYRIGHT ©LISTCRIME 2008 ALL RIGHTS ®RESERVED