In the era of the Internet, global cyber crime is spreading like the Plague. No longer is it the hobby of isolated hackers, but a source of income for the mob and a virtual weapon of hostile states. Most worryingly, no one is immune, not Barack Obama, not Bill Gates, not you. At the same time, the enemy remains invisible and hard to convict.

Are you certain that you know what is inside your computer and that you are its owner? Tens of millions of people think so. Nonetheless, there are dangerous viruses lurking around on their computers which serve the interest of someone else, while the so-called computer owners remain blissfully unaware.

The times when gullible computer users were tricked with e-mails about receiving the inheritance of a rich Nigerian uncle or asking to provide their bank details in order to access their sudden lottery windfall are long gone. The attacks of computer hackers have become so complex that they often puzzle computer specialists, let alone your average PC user.

Your computer may be used to hack into the White House

Anto Veldre, an information protection expert of CERT Estonia, comments on present dangers: “Really, e-criminals do not wish to do harm on the Internet; they just want to get to your wallet. They don’t even plan to empty it all at once. As is characteristic of prudent farmers, they can keep you, as their source of income, in the stable for months or years. A contaminated computer is a source of great income: in addition to emptying your bank account, they can use it to send junk e-mail, attack Georgia or hack into the computers of the White House. In addition, they can deposit a modest web form on your computer where taken-in neighbours can enter their bank PINs. An e-mobster can lend his army of 10,000 enslaved computers to a friend to organise A Really Big Scam.”

In other words, you don’t really have to be dim in order to become a victim. The freshly published, shocking report by one of the leading computer security companies  TrendMicro, reveals a series of threats which everyone should be aware of. The report talks about one of the most professional cyber-criminal gangs around. More specifically, it is a story about a company in Tartu, in southern Estonia, which manages a huge global cyber- crime network, with its roots possibly in Russia or the United States. The name of this company, in operation since 2005, is Rove Digital and last year its owner Vladimir Tšaštšin (pictured) was convicted of bank fraud in Estonia.

The gang keeps fooling Google and Microsoft

Investigators at Trend Micro, Feike Hacquebord, Ben April and Rainer Link, note in the report that, on the surface, it is a completely ordinary Internet service provider. But, in reality, since 2005, the company has administered and managed one of the most developed networks of websites spreading spy viruses. And they have “kidnapped” many infected computers. The Tartu cyber-criminal gang is very professional and smart; with its illegal activities it has even fooled the security teams of Google, Yahoo and Microsoft.

According to the data available to Trend Micro, the Tartu-based company owns various sub-companies in Europe and the United States, which operate on virus servers. Should one of them be disabled by cyber-defence, as happened in the US in 2008, the activities will soon move to another company elsewhere. According to the report, nearly 100,000 computer users receive spam from the Tartu company every day which says: “You are infected with a virus, please download this piece of free antivirus software.”

In reality, the antivirus protection is a virus itself. You read that you will be able to clean up your computer in a few easy steps, whereas in reality you will let a virus in. In a similar way, computer users are tempted with fake updates of the well-known programme Adobe Acrobat.

Every day nearly a million computers which have been contaminated by the company receive unwanted offers and commercials which direct them to pages that have been infected with the virus. For example, on contaminated computers you see a commercial for the potency drug Vimax on the CNN webpage, where there is really an advertising space for a car company.

An extremely cunning way of earning money is by “kidnapping” the search results of Google. If you do a Google search from a contaminated computer, you will receive a list of fake results which looks quite authentic but has been fed to you by criminals. If you click on a link, you reach pages controlled by the company, such as that of the potency drug Vimax.

Your computer as a trading object

The US computer security company Finjan describes, in one of its latest reports, how any computer, whether at home or at work, may become a valuable item of trade in the international business of cyber criminals, without the computer owner even realising it. The web environment through which you can buy and sell contaminated computers is called Golden Cash and it is controlled by criminals. The prices of contaminated computers vary from country to country. For example, Golden Cash can buy a thousand contaminated computers in Australia for 100 US dollars, but the price is a mere 5 US dollars in the Far-East. Then it will sell them, making a huge profit.
By buying contaminated computers and homepages, Golden Cash motivates young hackers to commit crimes and to earn money while doing so.

Trend Micro believes that it is possible to catch and prosecute this widespread network of cyber criminals. But this assumes the existence of international cooperation, which is the main point of concern.

NATO takes the threat seriously

The NATO Cyber Defence Center in Tallinn has been busy with a wide analysis of the aspects of this field for just over a year now. Without being directly under the control of NATO, the USA or the Estonian Ministry of Defence, but answering to its own managing body, the think tank has the goal of preparing the best possible network security for NATO countries.

Many of the astonishing findings of the NATO Cyber Defence Center were published in a report in Estonia last year, according to which:

• Cyber criminals enjoy practical impunity in countries such as Russia and China;
• The strategic planning of cyber criminals becomes more and more sophisticated, but governments remain ignorant in terms of dealing with the issue;
• One of the greatest challenges for dealing with the issue of cyber crime is the absence of relevant international law. The law regulating e-commerce is especially insufficient;
• Collecting the digital evidence and managing it in courts is, unfortunately, also inept;
• The number of “spamming zombie-computers” has quadrupled during the last quarter. They are able to send 100 billion spam messages daily;
• E-criminals are among the winners in the global economic recession;
• There are already more than 7,500 websites on the Internet directly under the control of terrorists;
• Cyber criminals will very soon be capable of destroying a country’s electrical, water and gas supplies, and Internet banking systems;

Black market intertwined with hacking

A leading researcher of the NATO Cyber Defence Center, Kenneth Geers, says that, unfortunately, no computer network is completely protected these days. There is a growing realisation in criminal circles that cyber attacks can be much more profitable than smuggling, drug trafficking or piracy. The black market and hacking are becoming intertwined ever more tightly, with money being directed from one field into another.

Geers mentions information theft as a growing trend. “As an entrepreneur, you could be investing billions of dollars in your product development. And then your secretary could take the product of years of work, and intellectual property, and walk out the door, never to be seen again. Or there is the possibility that hackers simply steal this information from your database,” he says.

According to Geers, cyber attacks are international. Very rarely are they executed on computers located in the same country.

“If I was an American hacker who wanted to attack a bank, I would organise the attack in countries which have poor legal cooperation with the US – for example, in Zimbabwe, North Korea or Turkmenistan. The possibility that I will be discovered, even if I am physically in Washington, is practically nil, as I would hide myself behind the charming anonymity of the Internet,” explains Geers.

Estonia in the world’s first cyber-war

The first ever cyber-war between two states occurred in 2007, when the websites of Estonian public departments and enterprises were subject to attacks that originated in Russia for three weeks. The attacks were on the parliament, ministries, banks, media channels and so on. The Kremlin denied its connection with the action, but Estonian security specialists discovered that there were computers of the Russian administration participating in the attack.

The action was spurred by the Estonian government removing a statue of a bronze soldier, symbolising Soviet occupation, from the city centre of Tallinn to a military cemetery, which angered many Russians.

It was a DDoS (Distributed Denial of Service) type attack, where hackers overload a server with millions of empty requests so that it stops working properly. The result is a website which is almost inaccessible or completely down. Estonian information security specialists were successful in warding off the attacks, an action which has been praised by many large media publications, such as The New York Times and The Economist. Many states have sent their computer protection specialists to Estonia to learn from the experiences here.

Since 2007, DDoS attacks between departments of different states have become practically daily events. For example, in August 2008, during the Russian-Georgian war, Georgia’s official departments came under attack. At the end of the year, there was a short series of attacks on the campaign pages of the United States presidential candidates Barack Obama and John McCain, as well as on the web pages of the IMF and the World Bank.
A new wave of attacks against US and South Korean web pages took place in July of this year. The targets were the web pages of the US Foreign Office, the South Korean Ministry of Finance, the New York Stock Exchange and NYSE Euronext.

State-requested computer attacks?

Almost without exception, such attacks are linked to political tensions. Just take a look at current affairs in order to understand that there is a clear interest group. For example, in the case of attacks against Estonia and Georgia, Russia was suspected. If not a case of “state request”, then at least the silent approval of the Russian government was there. In the case of the attacks against the US and South Korea, the hand of hostile North Korea was suspected.

The investigation into the attacks against Estonia ran into a dead end, as the Russian Prosecution Office declined to cooperate. However, one young Russian man living in Tallinn was convicted of an attack against the homepage of the ruling party, the Reform Party. He was fined 1,640 US dollars.

For many states, the experience of Estonia in 2007 was a wake-up call. People realised that such intervention is more of a threat to states than it had been considered previously. Organised crime today is already, in principle, able to create huge traffic jams, and paralyse media and business, governmental and public services, including controlling the operation of strategic weapons.

Kenneth Geers: “An attack with tanks and missiles seems, at first, more destructive than what can be achieved with a couple of computers. But let’s not forget that computers, networks and databases control practically everything in modern society. Even a tank uses a computer in order to aim at its target. In the same way, mass weapons are administered via computers.”

How you could become a victim of e-crime and lose your money?

1. Answer a plea of help or a letter announcing a windfall from Nigeria. Pay 10% of the sum you are promised.

2. Get and keep on your computer a malware, such as Zeus or Sinowal. In a couple of days you will notice significant changes in your bank account.

3. Click on a banner which offers a really new (albeit with an unknown name) antivirus software. Call their for-pay phone line, where you will receive an explanation of how your current antivirus software is old and should be deleted immediately.

4. Click on all the links which your friends’ computers send to your MSN window without thinking first.

5. Use different P2P environments (e.g. e-Mule or LimeWire) to get interesting software. Up to 30% of files there are contaminated and the newest trend is a key generator (you know, that thingy which calculates your license key) infected with a bank virus. Balance rules in nature: the money saved from buying a computer programme is balanced by the virus drawing funds from your bank account.

Source: CERT Estonia

Spam world 2009
(January – June)

Conclusion
• The economic crisis has not impacted the volume of spam: spam averaged 85.5% of email traffic.
• Malicious attachments were found in 0.3% of messages.
• 0.6% of all messages contained links to phishing sites.
• Asian and Latin American countries were the main sources of spam, with a shift away from Western European countries, the US and Russia.
• The amount of spam advertising small and medium businesses declined during the recession.
• Spam advertising spammer services has partly replaced messages containing offers for concrete goods and services.
Spam spreading states 2009

Spam in the computer network by type in Russia 2009

Source: Kaspersky

NOTE: Trend Micro’s shocking report on the Estonian cyber crime hub is avalible here.

This story was first published in the quarterly magazine Life in Estonia Fall 2009 edition