
Russian hacker engineered worldwide crime spree - grej
http://www.usatoday.com/story/news/nation/2014/06/03/fbi-busts-russian-hacked-created-zeus-cryptolocker/9919985/
======
zhte415
I like this in particular. It highlights the social manipulation part of such
a exploit.

>To draw attention away from the massive transfers, the hackers often created
a diversion, such as a "denial of service" attack that would bombard the
website with traffic in an attempt to shut it down, the law enforcement
official said.

Corporate banking applications have multitudes of layers of approval,
authorised signatories, transaction limits, multiple approvers, etc, and
increasingly mobile alerts. By creating chaos in an organisation, it does not
mean these break down, but everyone is panicking about something they feel is
important, and give scant regard to what seems credible and routine.
Exploiting a human fallibility.

Disclaimer: I used to do compliance and security training at a very large
financial institution. A huge amount focused on social manipulation via stress
and pressure being placed in someone at a critical node of the transaction
process.

~~~
yiedyie
This is concerning in conjunction with the trend for a cashless society.

[http://www.theaustralian.com.au/business/economics/australia...](http://www.theaustralian.com.au/business/economics/australia-
charges-towards-a-cashless-economy/story-e6frg926-1226942638254)

------
broolstoryco
"By the time the bank realized the money was missing, the hackers had
laundered it through so many accounts it became untraceable."

How is that even possible?

~~~
balls187
With access to thousands of bank accounts, you can issue small transfers to
and from those accounts, over and over and over again, to the point that the
transfers are so many, that tracing them becomes significantly difficult.

It's not untraceable, but the cost associated with unraveling a single theft
becomes prohibitively expensive.

~~~
usefulcat
Are the banks liable for these kinds of losses? I'm guessing no; if they were,
I doubt they'd consider it "prohibitively expensive" to track down losses of
hundreds of thousands to millions of dollars.

~~~
balls187
"hundreds of thousands to millions of dollars." is quite a large range when
talking about money.

My comment was specific to the example given in the article, where to amount
was about $195,000. While not a tiny sum of money, the amount of man hours
spent to unravel those transactions, to ultimately get to recoverable sum,
would be close to if not more than the original amount. And getting to the
amount, may not guarantee that you can recover the funds anyway.

~~~
AlexDanger
Putting aside the cost/hours of recovering the money, is this the only reason
its 'untraceable'?

I understand it becomes tedious to unravel the transactions, but is it still a
tractable problem? Or do these people eventually shift the money into offshore
banks that refuse to co-operate with authorities? It seems such a bank would
be quickly cut off from the rest of the world if it existed.

------
TY
As always, someone talked:

    
    
      A confidential informant tipped the 
      FBI off to the syndicate administrator's 
      email address...
    

Humans are the weakest link in any crime machine...

~~~
kordless
Wait till we have bad actor autonomous corporations. What a nightmare.

~~~
trhway
are you sure what we don't have them already? :) At least the high frequency
hedge-funds seems to be pretty close to it.

------
Intermernet
I'd just like to say, as someone who was in charge of a network that got hit
with crypto-locker (we had backups, no payout needed), I'm very glad that it's
stopped working.

Now we just need to wait for the next bunch of greedy, malevolent sociopaths
to create the next round of ransomware... Although I'm sure this has already
been done.

~~~
flatline
Given that they shut down a lot (all?) of the C&C servers, does that mean that
people who _did_ need to purchase a key are out of luck?

~~~
jlgaddis
If they have a tech-savvy friend, they should be okay. I recall reading an
article describing how a flaw in the CryptoLocker encryption process and that
the keys were actually stored on the PC itself -- meaning it's possible to
"unlock" it on your own.

~~~
awok
You're thinking of CryptoDefense, one of the more recent CryptoLocker
knockoffs. This flaw was also patched in early April if I'm not mistaken.

------
logicallee
Please. We do not need to use the word "dazzling" in this context. This
encourages people to spend their considerable mental resources "orchestrating"
simple fraud.

~~~
logicallee
(Thanks for the quick edit.)

------
atmosx
Sure he must be skilled, but other than cryptolocker's novel approach which
gave the victims no other possibility than to comply, on a purely technical
level I see (once again) no genius, just a guy who has a lot of free time to
spend on illegal activities...

~~~
PavleMiha
The sheer scope of it is impressive. To infect that many machines, have them
network with each other, engineer massive wire transfers that are somehow
silent and untraceable, not get caught to me is genius. Seems harder than
finding a couple of 0-days (even though that's ridiculously hard as well),
even on a technical level.

~~~
atmosx
That's true the numbers are impressive. He did get caught though, not him
personally but his network was brought down by the FBI. The thing with the FBI
is that of course, in the long you can't win, once you get in their radar it's
time to abandon ship IMHO.

------
marincounty
"Had to be paid in untraceable money cards or bitcoin" Visa, Mastercard, and
American Express shoud be required to pay for any fraudulent/suspected
activity on their prepaid cards? I know they charge us more than enough
interest to cover these types of frauds? As to Russian Hackers, I heard in
many small Russian towns these guys' are considered heroes? I really wish
Russia could get rid of corrupt politicians/Officials, so the Russian people
could have a fighting chance at a system like ours(America). That sentiment
goes for Mexico too. A system without trust must be like hell?

~~~
x0054
With all the problems and corruption in the American system I honestly hope
that there is something better to aspire to. Russia is incredibly corrupt, and
so is Mexico, but America is not without it's faults either.

~~~
atmosx
What about Norway, Finland, Canada and New Zealand?

------
unclebucknasty
I'm still not sure why ISPs cannot detect when customer machines have been
turned into botnet nodes and, effectively, disable them until cleaned. Seems
that the machine's Net activity would leave tell-tale signatures that wouldn't
be too hard to detect.

Yet, about the most I have seen an ISP do is block port 25.

In general, it seems that ISPs have a lot of unweilded power in this fight.

~~~
blhack
God this sounds like a nightmare. What looks like botnet traffic to an ISP
(irc, ssh, just about anything other than 80, 443, and 53) is stuff that I use
all day, every day, as part of my work.

Even filtering out SMTP traffic has been really frustrating for me at points
in the past.

I really hope ISPs _don 't_ start doing this. I want them to be as dumb of a
pipe as possible.

~~~
unclebucknasty
I hear you. I was frustrated by the SMTP thing _once_ myself. Thereafter, I
knew what was going on.

Anyway, as devs who need access to this stuff we are in the minority, and I am
sure they can find a way to make exceptions for people like us who are "power
users".

But, to leave the other 98% of grandmothers, etc. completely vulnerable to
botnets by default seems an unreasonable approach.

What seems clear is that they will eventually have to do _something_.

------
officialjunk
Sorry for the tangent, but does this guy look to be 30 years of age to anyone?
I'm having a hard time believing that based on the photos. I'm not implying
that someone who is 30 isn't capable of these acts, but perhaps they have his
age, photo or identity wrong?

~~~
sp332
Here are a few more images. [http://www.fbi.gov/wanted/cyber/evgeniy-
mikhailovich-bogache...](http://www.fbi.gov/wanted/cyber/evgeniy-mikhailovich-
bogachev) He's 30 according to the FBI.

------
tim333
I wish someone would persuade the Russian authorities to crack down on their
cyber criminals. It mostly seems that when they do get tracked down the
Russians basically ignore it and allow them to continue business as usual.

