Fil des billets

mercredi 26 mars 2008

Compte-rendu du FIC 2008 (Forum International Cybercriminalité)

A l'heure actuelle, il est important de mettre l'accent sur le besoin d'une véritable coopération internationale entre tous les acteurs de la lutte contre la cybercriminalité. Alors que le contact passe plutôt bien entre le secteur privé et le gouvernement, le contact entre services judiciaires à l'international est un peu plus tendu, soumis à de nombreuses contraintes juridiques.

Sans une harmonisation des législations à l'international, les cybercriminels ont encore de beaux jours devant eux, et ils le savent bien. Est-il encore besoin de préciser que les professionnels de cette criminalité sont tout autant au fait des dernières techniques (double fast flux etc.) que des dernières législations ? il faut bien l'admettre, il suffit de regarder de quels pays aux législations "faibles" (pour ne pas dire inexistantes) se servent les phisheurs/propriétaires de jeux d'argent en ligne sauvages/diffuseurs de malware et autres délinquants...

Mais restons positif : les lois évoluent, et je suis curieux et impatient de voir se concrétiser tous les prochains projets de loi (de quelque nation que ce soit) qui feront évoluer le schmilblick... ;-)
Pour le faire évoluer, il y a des évènements tels que le FIC 2008, le second Forum International de la Cybercriminalité.

j'ai eu l'honneur d'assister à cet évènement récent (qui se déroulait le 21 mars 2008) dont je vous ai concocté un petit compte-rendu, co-rédigé avec mon collègue Vincent Hinderer, sur le blog du Cert Lexsi.

dimanche 22 juillet 2007

MPack developer interview

Damn... Has this week been the week of the interview ?

I found a very interesting one, the guy being interviewed is one of the developer of the world-famous MPack kit.

Here is the article from Security Focus.

Again, it shows that fraudsters behind this kind of illegal activities are just taking it as a usual business.

samedi 21 juillet 2007

Spammer Interview

Macworld released an interesting spammer interview this week ... It is just confirming what I always thought : spammers became real business men...

Original link is here, but I'll copy/paste you the content here anyway :

“Ed,” a retired spammer, built a considerable fortune sending e-mails that promoted pills, porn and casinos. At the peak of his power, Ed says he pulled in $10,000 to $15,000 a week, storing the money in $20 bills in stacks of boxes.

It was a life of greed and excess, one that preyed especially on vulnerable people hoping to score drugs or win money gambling on the Internet. From when he was expelled from high school at 17 until he quit his spam career at 22, Ed — who does not reveal his full name but sometimes goes by SpammerX — was part of an electronic underworld profiting from the Internet via spam.

“Yes, I know I’m going to hell,” said Ed, who spoke in London on Wednesday at an event hosted by IronPort Systems, a security vendor now owned by Cisco Systems. “I’m actually a really nice guy. Trust me.”

A quick-witted and affable guy who wears an earring and casual clothes, there was a time when Ed wasn’t so nice. He sent spam to recovering gambling addicts enticing them to gambling Web sites. He used e-mail addresses of people known to have bought antianxiety medication or antidepressants and targeted them with pharmaceutical spam.

In short, Ed said he was “basically what people hate about the Internet.”

He spent 10 hours a day, seven days a week studying how to send spam and avoid filtering technologies in security software designed to weed out garbage e-mail. Most spam filters are effective 99 percent of the time; he aimed for that remaining window, using tricks such as including slightly different images in his spam, which can fool filters into thinking the e-mail is legitimate.

“The better I got at spam, the more money I made,” Ed said.

He would start a spam run by finding an online merchant who wanted to sell a product. Then he’d acquire a list of e-mail addresses — another commodity that has spawned its own market in the world of spam. He’d also set up a domain name, included as a link in a spam message, that, if clicked, would redirect the recipient to the merchant’s Web site, enabling Ed to get credit for the referral.

The spam would then be sent from a network of hacker-controlled computers, called botnets. Those machines are often consumer PCs infected with malicious software that a hacker can control. Ed would “rent” time on those computers from another group of hackers that specialized in creating botnets.

If one of the spam recipients bought something, Ed would get a percentage of the sale. For pharmaceuticals the commission was around 50 percent, he said.

Response rates to spam tend to be a fraction of 1 percent. But Ed said he once got a 30 percent response rate for a campaign. The product? A niche type of adult entertainment: photos of fully clothed women popping balloons.

To track the money, merchants set up a “referral sales page” where spammers can see how much they make from a spam run. Ed would log in frequently, watching the money increase. He was paid into electronic payment transfer accounts, such as e-gold or PayPal, or into his debit card account, which he could cash out in $20 bills.

That became problematic when the cash became voluminous. He says he made $480,000 his last year of spamming. But the lifestyle of being a spammer was taking a toll. In essence, he had no life.

It’s hard to go into a bar and explain your job to a woman by saying “I advertise penis enlargement pills online,” Ed said. “It doesn’t go down very well.”

He rationalized his actions by saying spamming is not like robbing someone, although the lurid impact of spam was clear. Some nine million Americans have some dependence on prescription drugs, Ed said, and he noticed that the same people were buying different drugs each month. “These were addicts,” he said.

Additionally, “the product is always counterfeit to some degree. If you’re lucky, sometimes it’s a diluted version of the real thing,” he said. Viagra is cut with amphetamines, and homemade pills are common from sketchy labs in countries such as China, India and Fiji, Ed said.

So Ed got out of the business. He’s written a book, “Inside the Spam Cartel: Trade Secrets from the Dark Side,” which he said has had some take-up in law enforcement circles eager to learn more about the spam business, which he projects will only get worse.

As broadband speeds increase, spammers will increasingly look to market goods by making VOIP (voice over Internet Protocol) calls or sending out videos, Ed said. The ultimate unsolvable problem is users, who continue to buy products marketed by spam, making the industry possible.

“I think in 10 years we’ll still get spam,” Ed said. “Be prepared to be bombarded.”

jeudi 7 juin 2007

Malserver ...

Google published an interesting study about web servers and malware...

The link is here.

It is very interesting to see the differences between the different web servers, according to the country they are hosted on.
And then, even more, to see which of these servers are hosting the biggest amount of malware.
For example, in China, nearly all malware are running on IIS, while in Germany there's almost only malware on Apache.

What also astonishes me is the growth of nginx, knowing it's a very young product (first public version had been released in october 2004) ... Of course, it's mostly used in Russia, as it is a russian product, but still, I would have thought it wasn't so spread worldwide already ...

Cyber attack against Estonian government

You might have been surprised not seeing any reference on my Webl0g about the cyberwar that took place between Russia and Estonia for about three weeks recently. (it began at the end of April)

Well, I have to admit I haven't been having much time recently to spend here, and then, well ... I guess you've read about it in plenty different websites...
To be honest, I thought such kind of things would happen years ago. After all, botnets have always been able to DDoS (even a few old eggdrops are enough sometimes...) and it wouldn't have been surprising to see successfull DDos against some special networks earlier...

Anyway, what happened in Estonia is definitely alarming ... Enough for NATO to study it at least ...And for Bruno Kerouanton to speak about it during his rump session at SSTIC 2007...

As usual, mainly because I'm missing time, I found a good article on the web about it, and it's HERE, coming from Counterterrorism Blog

lundi 7 mai 2007

TJX, WEP, et makis

Bon, oubliez les "makis", c'est juste que je n'ai pas beaucoup mangé ce midi et que j'ai comme une envie de cuisine japonaise... :->

Vous avez tous entendu parler de l'"Affaire TJX" je suppose ? Au cas où, voici un rappel des faits parmi tant d'autres ...

De nouvelles informations concernant la compromission et l'enquête sont apparues depuis, le papier le plus intéressant ressortant de mes lectures étant celui de Sid que vous pouvez lire ici.

Il en ressort à nouveau le faible niveau de sécurité et un gros problème de... WEP :-/

vendredi 27 avril 2007

Free Phish For All :-p

As said on CERT LEXSI's Weblog in THIS article from Nicolas WOIRHAYE, the french ISP "FREE" (aka FREE PROXAD) has got its own dedicated phishing kit now.

It was quite a long time I was expecting this kind of phishing, but I had seen none yet impacting a french ISP.
Of course, to phish such company is a nice way for fraudsters to collect personnal data, FTP accesses, mails, big storage capacities, and so on...
Waiting to see one for "WannaDo" :-P

page 3 de 3 -