top of page

Montez’s Perspective on Cyber Crime

Updated: Nov 29, 2022

Is there light, or darkness, at the end of the tunnel? If you are an everyday average person, when you hear the phrase “beware of cyber crimes,” you’re probably thinking “Are you serious?!  Wow! …another fanatic to make us so cyber conscious until we start seeing computer chips floating in the air.”  Well, I don’t know about that, but if those things are out there I think it’s about time we saw them.  Or at the very least, assess the risk of not being aware of them.



We will take a look at the origin of cyber crime, and the affects it has on the government, businesses, and consumers alike.  Then, we will peek down through the corridors of time to determine whether there is either light or utter darkness, at the end of the tunnel.  But I must warn you – if you dare walk through those corridors – be sure to take a flashlight with you as you gingerly move about.


History

Now, where did the word “cyber” come from?  According to merriam-webster.com, the first known use of the word “cyber” was in the year 1991.  The meaning of cyber is of, relating to, or involving computers or computer networks (as the Internet).  Therefore, the term cyber crime is synonymous with computer crime.  What are computer crimes?  Well, contrary to popular opinion, it is not a female super computer using robots to commit anarchy on humanity like in the movie i-Robot, featuring Will Smith.


Protecting yourself from cyber criminals, at any level has become a grave challenge.  In hopes of identifying the root cause of the problem, it is important to know how we got to this point.


The origin of the Internet morphed out of a research project in the 1960s, commissioned by the United States government.  In the early days, the Internet was just a private network of multiple separate networks that were joined together.  The idea of a need for security in the early days was beyond human comprehension.  Could you image someone, or even the government for that matter, barricading your local public library from the public?  It would be the epitome of insanity.  Why would you barricade or even lock the doors to deny entry of a public library?  Well, the Internet in the 1970s was like a local library that would eventually be commercialized by the 1990s.


International involvement, new discoveries, and advancements in network technologies over the years, enabled the Internet to become a global network of networks.  A global system of connected computer networks, which serves billions of people worldwide.  People just about all over the world now are connected to each other by networks on the Internet.  However, advancement in computer and network security technology has always been a step behind new network technologies. Did someone say American made, but unprotected?!


According to the Internet Crime Complaint Center (IC3), over 90% of all recorded cyber crimes were committed in the United States or involved American citizens. Given the right set of tools, coupled with weaknesses in computer systems and network infrastructures, criminals can steal valuable personal information via the internet.  New advancements in network technology also give cyber criminals that innate ability of creating new breeds of sophisticated tools to do their dirty work.  Millions of people around the world have become victims of organized cyber crimes.


The IC3 marked the third year in a row that it received over 300,000 complaints; which is a 3.4-percent increase over the previous year. For victims reporting financial losses, the average was $4,187.


According to the IC3’s 2011 Internet Crime Report, “the most common victim complaints included FBI-related scams, identity theft and advance fee fraud. The IC3 received and processed more than 26,000 complaints per month. Based on victim complaints, the top five states in America were California (34,169), Florida (20,034), Texas (18,477), New York (15,056) and Ohio (12,661). Victims in California reported the highest dollar losses with a total of $70.5 million.”  The top five reported crimes were:

  • FBI-related Scams – Scams in which a criminal poses as the FBI to defraud victims.

  • Identity Theft – Unauthorized use of a victim’s personal identifying information to commit fraud or other crimes.

  • Advance Fee Fraud – Criminals convince victims to pay a fee to receive something of value, but do not deliver anything of value to the victim.

  • Non-Auction/Non-Delivery of Merchandise – Purchaser does not receive items purchased.

  • Overpayment Fraud – An incident in which the complainant receives an invalid monetary instrument with instructions to deposit it in a bank account and send excess funds or a percentage of the deposited money back to the sender.

According to Antone Gonsalve, “cyber criminals have sold a variety of hacker services in the underworld for some time. Criminals rent networks of compromised PCs and tools for building the so-called botnets. They also open marketplaces for buying and selling credit and debit card, social security and bank account numbers.  However, the services from dedicated express.com are the most unusual; because it rents compromised corporate systems. Dedicated express.com charges its customers a $20 registration fee, which is paid via a virtual currency called Web Money. There are around 17,000 compromised corporate computers that are currently being rented by dedicated express.com   Even servers from Fortune 100 companies are currently being rented by these organized cyber criminals.”In Antone Gonsalves’ article titled, Cybercriminals Sell Access to Compromised Corporate Systems, Antone shares how cyber criminals hacked into corporate servers to sell them.  He explained how dedicated express.com, believed to be out of Russia, pays hackers a commission for corporate servers they hack into.  The hackers hacked into thousands of corporate servers via Microsoft’s Remote Desktop Protocol, with weak usernames and passwords.


According to Michelle Fox, from cnbc.com, “hacking is often called the biggest danger to the economic security of the United States.”  In the article titled 10 Ways Companies Get Hacked, Michelle describes the ten different pathways of entrance for hackers who target corporations, big and small.  The most common ways are the following:

  • Weak Usernames and Passwords: Hackers guess the user’s username and password to login as the user.

  • Social Engineering or “spear phishing”: This appears to be one of the most common tactics used by hackers to hack into corporate computer systems.  The hacker tricks an employee into taking an action, like opening an email attachment that may download a virus onto their computer.

  • Drive-By Web Download: The hacker infects a website that is commonly used by employees. Once the employees visit the infected website, a malicious code is downloaded onto their computer without them knowing it.

  • USB Key Malware: Hackers have also been known to infect USB keys as well.

  • Scanning Networks for Vulnerabilities: The hacker remotely scan servers to determine vulnerabilities. If a weakness is detected (e.g. open port), the hacker can then send a command or data to the server that will cause it to crash and infect the computer.

  • WiFi Compromises: Hackers can also invade a system by exploiting an open wireless network, or poorly secured WiFi.  The retailer TJ Maxx was one of the hackers’ first WiFi exploits several year ago.  The hackers guessed the security of the retailer’s weak WEP WiFi security setting, and stole over $40 million in credit and debit cards from the retailer.

  • Cyber Espionage – The Chinese Threat:  A group of hackers from China who’s only impetus is to steal from American businesses.

My First Encounter

My first experience with a virus was after I bought my first computer.  It was a Dell 4400 Dimension.  About two years later, my computer started shutting down on its own. After several hours of trying to troubleshoot on my own to no avail, I called one of my friends who fixed computers.  My friend told me how to start the computer in safe mode over the phone, and from there I somehow managed to download (while in safe mode) an anti-Trojan software from Microsoft that quarantined the virus, and allowed me to repair my machine.

I removed viruses from computers for family and friends as well, but the worse kind I have encountered was some sort of root-kit malware virus.  After days of searching the web and trying anti-malware software (e.g. Malwarebytes) to no avail, I finally found a website (www.bleepingcomputer.com) that answered my prayers.  I downloaded ComboFix.exe and tdsskiller.exe, followed the instructions from one of the threads from one of the discussion forums on the website, and was able to successfully remove the malware and the root-kit.


According to the Federal Bureau of Investigation (FBI), “Every day, criminals are invading countless homes and offices across the nation—not by breaking down windows and doors, but by breaking into laptops, personal computers, and wireless devices via hacks and bits of malicious code. The collective impact is staggering. Billions of dollars are lost every year repairing systems hit by such attacks. Some take down vital systems, disrupting and sometimes disabling the work of hospitals, banks, and 9-1-1 services around the country.”  Millions of people all across the world are in a race against time to protect their assets and secure their network infrastructures.


In a quest to answer the befuddling computer information and network security questions of our time, researcher and crime fighters alike have begun taking frequent journeys beneath the surface into the hackers’ underworld.  This proactive approach is helping computer information and network security experts try to stay one step ahead, by learning about the cyber criminal element of human society, and how to combat it.


The FBI is currently leading the national effort to investigate high-tech crimes, including cyber-based terrorism, espionage, computer intrusions, and major cyber fraud.  To stay in front of the emerging trends, the FBI gathers and share information and intelligence with public and private sector partners worldwide.  For example, IC3 is a multi-agency task force made up by the FBI, the Nation White Collar Crime Center (NW3C), and the Bureau of Justice Assistance (BJA).


In November of 2011, the FBI arrested six Estonian nationals and charged them with running a sophisticated internet fraud ring that infected millions of computers worldwide with a virus and enabled the thieves to manipulate the multi-billion-dollar Internet advertising industry.  Users of infected machines were unaware that their computers had been compromised.  An FBI statement to the public from Janice Fedarcyk (Assistant Director in Charge) stated “…with the flip of a switch, the FBI and our partners dismantled the Rove criminal enterprise. Thanks to the collective effort across the U.S. and in Estonia. Six leaders of the criminal enterprise have been arrested and numerous servers operated by the criminal organization have been disabled.”


Summary

Throughout the years, there have always been organized crimes preying on individuals and businesses alike.  Although technology is constantly changing, combating organized cyber crimes is still the same.  Criminals and crime fighters are on the same playing field.  Hackers are not necessarily smarter than computer and network engineers who discover new breakthroughs in computer network technologies, or network security administrators that work to secure them.  However, hackers appear to be well aware of the fact that most computer networks and application systems were designed without them in mind.  Like most criminals, hackers know that their success is depended on the victim’s ignorance.

Now, am I trying to say that humanity is on the verge of being destroyed by cyber criminals due to a lack of knowledge?  Well, although that might be the case in the movie i-Robot that is not at all what I am trying to say.


Nevertheless, I must say that unless consumers realize that they are asking to become cyber victims if they leave their cyber doors open; unless companies realize that it is never a good idea to be a sitting duck (only reactive) to cyber criminals; and unless we realize the cyber fisherman from foreign countries are not trying to feed the fish, they’re going to be utter dark days ahead.  Do you have a flashlight?

May the force be with us all.

23 views0 comments

Recent Posts

See All

תגובות


Post: Blog2_Post
bottom of page