Wednesday, May 13, 2015

“I hacked into my daughter’s Facebook account”

Apr. 7 “I hacked into my daughter’s Facebook account”: I cut out this article called “An author hacks his daughter’s Facebook account and offers a chilling tour of the far-flung places crime thrives online” by Misah Glenny in the Globe and Mail on Oct. 8, 2011.  It’s more about cyber crime than parenting.  Here’s the whole article: 

A month ago, I was awoken at 1 o'clock in the morning by a call from my ex-wife. Did I know, she asked, where our 19-year-old daughter was? My ex-wife was due to give our daughter a lift to the airport for an early flight, but she hadn't turned up at the apartment. I went to my daughter's room at my place to discover her bag unpacked and passport on the floor.

Concerned, I hacked into her Facebook account by guessing her password. Once into the account, I put out a message to her friends asking them to let me know where she was. This actually worked (it is amazing how many young people are on Facebook at 2:30 on a Monday morning).

My daughter was mortified that I had hacked her account. She was torn between feeling guilty for having caused the problem and outrage that I invaded her privacy.

If we had been living in the United States, under a recent amendment to the Computer Fraud and Abuse Act (CFAA), my daughter could have brought criminal charges against me for “exceeding authorized access.” So in order to ensure my daughter's safety, I would have risked a criminal record and a possible 3-year jail sentence.

The raft of cybersecurity legislation now being presented to parliaments around the world highlights how the very genius of the Internet – interconnectedness – is also its Achilles heel. The Web's cross-border character is an intrinsic part of its nature. But the world's major cyberpowers – the United States, Canada, Western Europe, Russia, China, India, Israel, the Baltic states and Brazil – are having great difficulty working together to fight malfeasance on the Web. The legal issues are too complex and levels of trust much too low. And what may be acceptable online behaviour in one country, may be unacceptable in another.

For example, the FBI and the U.S. Secret Service regularly make use of sting operations to track down criminals. In one case, DarkMarket was a Web forum where cyberthieves could buy stolen credit card details, the latest viruses and even tutorials on how to become proficient in the latest cybercrime techniques. One of its five administrators was an undercover FBI agent. But most of his targets lived outside the United States, so the FBI sought to enlist the support of other police forces in order to track them down.

However, Canada and the European Union have much stronger data-protection provisions than does the United States. Problems arose immediately because of the different policing cultures and what under local legislation the police can or cannot do. In the case of DarkMarket, the FBI needed absolute discretion in their investigation but required the assistance of the German police. This failed and eventually led to the exposure of the FBI officer, in part because the German cops had to tread much more carefully than their American counterparts for fear of violating the suspects' civil liberties.

Courts in Germany are very reluctant to sanction any intrusion onto private or commercial networks for historical reasons. In the U.S. and Canada, however, cops regularly pose as underage children to see if they will be “groomed” by pedophiles.

If a German police officer were to do the same and the suspect asked him, “Are you a cop?”, he would be obliged to say, “Yes,” which rather defeats the purpose.

Most cybercriminals are smart and they are as well briefed on the legalities as the cops themselves. One of the most successful European cybercriminals I interviewed in researching my book was quite open: “I never touch American cards,” he said. “If I were to do so, I would be placing myself under U.S. jurisdiction and American cops are much less forgiving than the Europeans.” Incidentally, he said he considered Canadians to be more European in this respect.

But although there are hiccups in co-operation among the United States, Canada and Europe because of the different policing cultures, this is nothing compared with the difficulties in trying to establish working relationships with some other countries, including one which over the past decade has been a great incubator of cybercrime.

Russia is a paradox on the Web. The FSB (successor to the KGB) has developed a suitably Orwellian tool called SORM-2 that offers it full oversight over the country's Internet. Internet service providers in Russia are obliged to send a copy of every single byte that zips in, around or across the net, so everything that happens in Russian cyberspace is stored in vast digital deposits available to FSB officers 24/7.

One might therefore assume that Russia represents an implacably hostile environment for cybercriminals. Yet the Russian Federation has become one of the great centres of global cybercrime. The strike rate of the police is lamentable while the number of those convicted barely reaches double figures.

The reason, while unspoken, is widely understood. Russian cybercriminals are free to clone as many credit cards and hack as many bank accounts as they wish, provided the targets of these attacks are located in Western Europe and the United States. A Russian hacker who started ripping off Russians would be bundled into the back of an unmarked vehicle before you could say KGB.

In exchange, of course, should the Russian state require the services of a hacker for launching a cyberattack on a perceived enemy, then it is probably best for the hacker to co-operate.

And that is exactly what happened in 2007 and 2008 when major cyberattacks were launched against the critical national infrastructure of Russia's two neighbours, Estonia and Georgia.


It is possible that criminals instigated the attacks but highly unlikely. More probably they were either paid to launch them or they were leaned on by the authorities to participate in these acts of patriotism.

Nobody believes that the world's major cyberpowers will ever be able to fashion a treaty aimed at developing a co-ordinated response to cybercrime. However, as criminal activity and other threats begin to rise in Russia, China and elsewhere, the time is ripe for the West to reach out to the East in the hope of establishing some basic principles in order to reduce the Web-based threats we all face, regardless of our geo-strategic interests.


May 11 "Russian cybercrooks passing bad cheques": I cut out this article by Byron Acohido in the Edmonton Journal business section on Jul. 30, 2010.  In the newspaper, it's kind of different than the one on the internet.  It's kind of about a job scam and hacking here:

LAS VEGAS — A slick, new e-mail scam is putting well-intentioned job seekers at risk of losing $3,000 — and being arrested for check fraud, an investigator revealed at the Black Hat security conference Wednesday.

A cybercriminal gang based in Russia is sending e-mail directly to thousands of job seekers who’ve posted resumes on popular job websites, according to Joe Stewart a senior researcher at SecureWorks.

The job offer: the recruit can earn more than $300 for cashing a commercial business check, made out to him or her, and wiring the proceeds to a contact in St. Petersburg, Russia.

If the person agrees, a professionally printed business check arrives the next day by a shipping service. To earn the $300, the victim is required to cash the check and execute the wire transfer within 24 hours.

Stewart has discovered digital images of some $9 million worth of high-quality fake checks, each in amounts of slightly less than $3,000, written against some 1,200 business accounts. Many of the accounts are for contractors who often pay individual subcontractors with such checks.

The checks are so good because the cyber gang hacked into the databases of three firms that archive images of legit commercial business checks.
 
The criminals downloaded all the images they could find, grabbing bank routing numbers, names and addresses and even signatures of legitimate account holders. They used the information to create their own checks using easy-to-acquire software and printers.

“Presumably this scam has been working because they’ve been doing it for at lest a year and they wouldn’t be doing it this long if it were not making them money,” says Stewart.

SecureWorks says it is working with the FBI and says the hackers have not been caught.
The Internet-based check kiting scheme underscores how creative and efficient cybercrooks have become. Multi-stage attacks that combine stolen data and social engineering trickery are being refined to pilfer from individuals and businesses in novel ways.

"Cybercriminals are learning business patience, says Paul Ducklin, technology director at antivirus company Sophos. “They do research, acquire different pieces, put them together for specific purposes, take risks, and then profit handsomely.

Networking gear maker Cisco Systems issued a report Wednesday detailing how malicious software programs continued to highly saturate the Internet in the second quarter, ending June 30.

And Verizon Business reported that 85% of cyberattacks in 2009 were not technically difficult. “The criminal is not going to want to work harder than they have to, says Wade Baker, Verizon director of risk intelligence. really a reflection of them choosing easy targets to knock off.


No comments: