Computer Crime Research Center


U.S. Cyber-Crime Unit Focuses on Russian Hackers

Date: May 11, 2005

Investigations by the Hi-Tech Crime Unit into Russian groups responsible for denial of service attacks against online betting sites last year have shed new light on the way criminal hacking groups work.

Crime syndicates across the world are banding together in informal alliances to hack into credit card databases, steal on-line banking details and extort businesses by threatening denial of service attacks, the Web site reported.

Five people have been arrested so far following collaborative investigations by the Hi-Tech Crime Unit, Russian police, the FBI and private sector security specialists.

The investigations have revealed loose collaborative criminal networks, including groups selling the network services of tens of thousands of hacked PCs, known as bot networks, to other criminal groups to launch denial of service attacks.

“We have learned a great deal from our operations in Russia. We knew there were loose networks, but we did not understand the nature of the groups and how they related,” said Mick Deats, head of the Hi-Tech Crime Unit.

The unit, working with overseas law enforcement groups, has infiltrated the groups by tracking their activities on the internet and tracing the movements of laundered funds. “International cooperation has moved on in leaps and bounds. You have to work really quickly because digital evidence is volatile. You cannot use the normal mutual legal assistance channels,” said Deats.

Investigative work by a U.S. computer forensic specialist helped lead the National Hi-Tech Crime Unit and the FBI to a Russian gang responsible for launching denial of service attacks against online betting sites in a multimillion-pound extortion attempt last year.

Barrett Lyon, a specialist in preventing denial of service attacks, posed for months as a computer criminal to infiltrate a Russian crime syndicate which had brought down online gambling and retail sites. His work helped detectives at the National Hi-Tech Crime Unit secure the arrest of a 21-year-old Russian mechanical engineering student Ivan Maksakov last year.

The investigation unravelled one of the most high-profile internet crime syndicates and set the scene for four further arrests, it emerged last week.

Lyon, now chief technology officer at Prolexic, which specialises in defending firms against denial of service attacks, used specially developed software to trace and monitor “bot nets” of hacked PCs used for the attacks. “We located the bot nets because our systems took the attacks on behalf of customers. With all the information we gathered, we posed as bot nets ourselves,” he said.

A breakthrough came when Lyon and his colleagues found details of the chat channel used by the gang hidden in bot net software downloaded from an infected machine. It emerged the gang was using internet relay chat to talk to each other and to control up to 80,000 bot nets.

“We were on the chatrooms where they were controlling the bots from, watching them talking about who they were going to attack next,” he said. Lyon posed as a hacker and, over the next few months, earned the trust of the criminals and built up a profile of them.

The gang remained out of reach until Maksakov made the mistake of logging into an internet chat session in March 2004 using his own IP address. Lyon traced Maksakov’s address and phone number in Russia and sent off an urgent e-mail to the Hi-Tech Crime Unit. “Ivan was the name that was given to us via exe during ICQ chat. His last name, address and phone number are now known.”
Original article

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2005-05-12 16:46:22 - nic 1 jak
Total 1 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo