National Cyber Security Awareness Month: Cybercrime & Cybercriminals
For the third installment of my five-part series, I will be shifting the focus away from the consumer and family end of cyber security awareness. To prepare us for the move, I’ll go over some of the decades fanciest buzzwords while peppering in the classics, so we can make sure we’re all ‘reading from the same page’ so to speak, allowing us to take a shallow dive into the deep underworld of cybercrime and cybercriminals.
Our first buzzword is “dark web.” The dark web is a network of computers and servers that communicate via specialized software over the Internet. The specialized software is open source, freely available to use and modify, is called The Onion Router project, or Tor. This popular anonymizer, thanks to being open source, is available for almost any device. Tor uses a decentralized peer-to-peer mechanism to split, then send and receive information through as many participating hosts as possible. This behavior was designed by the Navy to improve privacy through anonymity during war time and was patented in 1998.
The two main parts of Tor are its client function, and its routing function. The client function creates a network node that acts as a proxy. The proxy catches traffic to be anonymized and the node splits and reassembles information via chunks that can travel over the Internet. The routing function receives chunks of data from neighboring nodes, also called peers, and hands-off the chunks to its proxy or on to other nodes. The connections between all peers are collectively referred to as an onion. Nodes themselves can serve up webpages and perform other transactional services for the onion in the form of hidden services. The addressing scheme, rather than names or numbers, is handled via encrypted and seemingly random addresses.¹
This onion routing provides many diverse paths, that the participants form automatically, to effectively communicate and handle otherwise mundane tasks on behalf of their peers. When a request is made from PC1 for google.com, it splinters out into 20 pieces. Peers, that we’ll call PC2 through PC21, all receive and transact individual pieces of the conversation requesting google.com. They then send replies through the onion to the original requestor, PC1². The likelihood of intercepting and reassembling the entire conversation is made even smaller the more participants there are. The onion doesn’t discriminate if the participants are reporters in war-torn areas communicating across enemy lines, or if they’re cybercriminals trading stolen identities; the more nodes that participate, the more anonymous it all gets.
The dark web is an analogy for browsing these layered peer-to-peer networks and using them to facilitate illicit transactions. Information is still transmitted over the Internet, but thanks to the nature of onion routing it’s extremely difficult to eavesdrop on the conversation. With either physical or remote access to the cybercriminal’s computer, entire conversations can be viewed with ease. Tor is not a perfect anonymity solution, but it does provide a dark side to the Internet that few ever knew existed.
The dark web has enabled and emboldened cybercriminals around the globe in terms of attack planning and coordination, and by giving them a common marketplace to deal in their scripts, wares, and stolen property. Malware, ransomware, and virus are tools hackers will use to steal information or gain control of individual computers. These are programs that users may download thinking they’re downloading a useful piece of software. Malware, spyware, and viruses can crash computers or collect and exfiltrate information, whereas ransomware encrypts users’ files and hold the decryption key in exchange for money, as the term ransom in the name implies.³ Depending on the attackers’ goals, malicious black hat hackers may monitor the computer for sensitive information or they may join the infected computer to a network of other infected computers, better known as a botnet. White hat hackers are generally benevolent and may even be given permission to break into computers as a sort of proof of concept. White hat hackers are often paid to discover vulnerabilities and are alternatively billed as a kind of inspection or as a security audit.
Controlling a botnet, a cybercriminal can generate and direct massive amounts of data using thousands of unwitting computers, to flood victims with irrelevant network traffic. The flood overwhelms the victim system and causes them to ignore legitimate network traffic.⁴ This type of attack is called a distributed denial-of-service.⁵ To put distributed denial-of-service another way, would be like a Burger King falsely advertising a 3-for-1 sale at the McDonalds across the street; so many people would arrive confused and annoyed at McDonalds that not even McDonalds’ regular customers would get served. What’s more, Burger King will likely experience more business that day due to longer overall wait times at McDonalds. DDoS attacks, as they’re referred to, have been carried out against major Internet companies like Akamai⁶, Google⁷, Amazon, Twitter, Netflix, Etsy, Github, Spotify, and Dyn,⁸ to varying degrees of success.
Besides black hat hackers, other types of cybercriminals can also wreak havoc on unsavvy Internet users. Scammers have been around since the dawn of commerce, offering products and services that, more often than not, never come to fruition. The Internet has no shortage of snake oil salesmen, and there’s always a Nigerian price waiting in your inbox to send you a million dollars⁹. Hijackers are a new breed of cybercriminal, using the open systems interconnection model that the Internet is built on¹⁰ to reroute legitimate traffic from its intended destination to illicit systems. They collect and analyze traffic, attempting to discover encryption keys, or looking for sensitive financial or personally identifiable information they can sell on the dark web¹¹. Even something as simple as an email address can be worth real dollars and cents.¹²
This is by no means an exhaustive list of the many types of cybercrimes or types of cybercriminals. Many organizations, including SUNY and New York State as a whole, now mandate training for their employees in the area of cybersecurity.¹³
For more detailed information on emerging cybersecurity threats, feel free to visit the following links:
US-CERT National Cyber Awareness System- https://www.us-cert.gov/ncas
FBI Internet Crime Complaint Center - https://www.ic3.gov/media/default.aspx
NYS Cyber Security Advisories - https://its.ny.gov/eiso/advisories
Microsoft Security Advisories and Bulletins - https://docs.microsoft.com/en-us/security-updates/