The Telegraph published an article on the bust of a black market website called Confidential Access (CA) specializing in fraud:
Detective Sergeant Christopher Richards, of the Metropolitan Police’s economic and specialist crime unit, said: “It was basically a fraud factory, a continued conveyor belt of consistently produced fraud.” The £11 million-a-year website sold false passports, pay slips and bank statements. It also coached users on how to carry out fraud via secure online chat forums.
Though most the ring leaders were arrested, “detectives are now hunting up to 11,000 people who used the service.” Note the large number: 11,000. This is only the tip of the iceberg. Even worse, this is just in the UK. Here’s some pictures of the fraud site (click to BIGGIFY):
While there are well organized gangs, there are still a lot of “loners.” It is very easy for someone to start making money in the e-crime scene as we can see in a German example we have nicknamed “Schadenfraud.” After searching in the second most search engine YouTube for faking IDs you get a lot of tutorial video clips even with links to software packs for creating real good fake IDs. In fact, it turns Barack Obama wasn’t born in the US after all, he’s German:
Currently, most estimates think that Flame has been around for 2-8 years. Using either end of the scale: How could it have gone undetected for so long?
Mikko Hypponen CRO at F-Secure summarized it nicely: “The worst part of Flame? It has been spreading for years. Stuxnet, Duqu and Flame are all examples of cases where we — the antivirus industry — have failed. All of these cases were spreading undetected for extended periods of time.”
How did they do it? Flame drops binaries with the .OCX extension, as they are often not scanned by AV. If it finds McAfee on the system it uses the .TMP extension because McAfee also scans .OCX by default. Worse, according to one Twitter statement, Kaspersky knew about Flamer within a month and didn't even add signature to their AV till few days ago. If true, this is another black eye for the AV industry.
It’s no secret that there is a huge industry devoted to bypassing AV. Flame, we hope, will help serve as a key event that compels organizations to rethink their security spend. More and more, we see enterprises assuming they’ve been compromised and taking the approach we detailed here.
Turns out the UN is warning member states about Flame. Let's hope "updating your antivirus" isn't one of the recommendations.
Reminder again: Please do not reuse your Bitcoinica passwords as the database server was compromised.
For reference, here’s the leaked memo from the FBI expressing concern over the Bitcoin site.
Ironically, this news comes as hacktivists lament tougher times:
- First, there’s this interview from Canada where fugitive hacker, Christopher Doyon, a.k.a. Commander X, states, “I think it’s a stalemate at the moment.” Though he does go onto predict that Anonymous will be the most powerful organization on Earth.”
- Second, Barrett Brown states, "Anonymous is, for now ... in a crippled state.”
Amnesty International UK's website was hacked courtesy a backdoor dropped on visitors systems. Most likely done by a foreign government, many speculate that it's the Chinese. Websense's blog gives a good technical overview of the attack. But what does it mean for security teams?
In some cases, hackers don’t want to steal the data from the website but rather want to infect the users who are visiting. This can lead to more access to business critical data which, for example, is often stored as files on a fileserver. In the Amnesty case, the real prize isn't Amnesty's data per se, but the corporate and individual data and files of those who visit the site.