In This Article
Subscribe to Technology Updates
Russian Hackers Market Virus–Building Tool
by
findingDulcinea Staff
MPack is a user-friendly software package, marketed out of Russia, designed to turn any novice hacker into a master virus builder; this is the latest in a series of stories highlighting the activities of sophisticated and very active Russian hackers.
30-Second Summary
For between $700 and $1,000, the Dream Coders Team will sell MPack to anyone who fancies creating a computer virus to attack the hard drives of unwitting users.
“Without any computer science skill or any security background, you can install this package on any Web server and start to infect people with malicious code," Yuval Ben-Itzhak, CTO of security company Finjan, told CNET.
Tim Eades, of Sana Security, explained to the BBC that hackers are capitalizing on rising demand: "It's the classic verticalization of a market as it starts to mature."
Last spring, the MPack was responsible for an estimated 10,000 compromised sites in Europe and, this September, the Bank of India was attacked by a Russian crime organization that purchased software from the Dream Coders Team.
According to The New York Times, the rise of Russian hackers can be, at least in part, explained by cultural and economic factors. The Russian education system is strong on math and science, but there are few job opportunities for the high-achievers after they graduate.
In addition, decades of authoritarian rule under communism has created a society with “a deep skepticism about the virtues of following the rules.”
International observers have even suspected the Russian government of organizing hacking operations. In May, 2007, Estonia was hit with a barrage of cyber attacks. According to the Guardian, “If it were established that Russia is behind the attacks, it would be the first known case of one state targeting another by cyber-warfare.”
“Without any computer science skill or any security background, you can install this package on any Web server and start to infect people with malicious code," Yuval Ben-Itzhak, CTO of security company Finjan, told CNET.
Tim Eades, of Sana Security, explained to the BBC that hackers are capitalizing on rising demand: "It's the classic verticalization of a market as it starts to mature."
Last spring, the MPack was responsible for an estimated 10,000 compromised sites in Europe and, this September, the Bank of India was attacked by a Russian crime organization that purchased software from the Dream Coders Team.
According to The New York Times, the rise of Russian hackers can be, at least in part, explained by cultural and economic factors. The Russian education system is strong on math and science, but there are few job opportunities for the high-achievers after they graduate.
In addition, decades of authoritarian rule under communism has created a society with “a deep skepticism about the virtues of following the rules.”
International observers have even suspected the Russian government of organizing hacking operations. In May, 2007, Estonia was hit with a barrage of cyber attacks. According to the Guardian, “If it were established that Russia is behind the attacks, it would be the first known case of one state targeting another by cyber-warfare.”
Headline Links: Marketing the MPack
Technology reporter Robert Lemos explains that the “MPack is what’s known as an infection tool-kit. It's basically a collection of programs that makes it easier for a hacker to take over a victim's computer.” The MPack also comes with free upgrades for a year. When new software vulnerabilities are discovered, the team creates a code that can be used to take advantage of it. These codes, called exploits, are shipped to customers.
Source: On The Media
According to the BBC, the market for hacking tools is vibrant. The hackers tend to be groups of friends who have other jobs; there is little chance of getting caught and ample opportunity for making extra income. The MPack “includes a statistical package that lets owners know how successful their attack has been and where victims are based.”
Source: The BBC
MPack was used last spring to attack approximately 10,000 Web sites in Europe. ITJungle explains how the software works: “The MPack product analyzes the HTTP request header to figure out which OS and Web browser they're using. Based on this information, the MPack product creates a tailor-made exploit cocktail that has the best chance of infecting the victim's computer.” Hackers are fast at finding new vulnerabilities, but users can protect themselves by promptly installing new security patches.
Source: ITJungle
Background Links: A hacking timeline
Most recently, in September, hackers used the MPack kit to the attack the Bank of India. The Dream Coders Team is unapologetic. “We are just a group of people working together but doing some illegal business," one member said.
Source: CNET
The Sunbelt security firm, an American-based security software company, was able to determine that the Russian Business Network, an illegal operation linked to other bank scams, purchased the cyberware and executed the Bank of India attack. A spokesperson from Verisign, an Internet infrastructure company, said the group is linked to “a powerful St. Petersburg politician,” and thus effectively immune from prosecution.
Source: ZDNET UK
In May, 2007, Estonia was hit with a Distributed Denial of Service attack (DDoS) that disabled government Web sites, in addition to sites of newspapers, banks, and large companies. Estonia and Russia were in a diplomatic dispute over Estonia’s plan to relocate a Soviet World War II memorial. Merit Kopli, editor of an Estonian newspaper, said, "The cyber-attacks are from Russia. There is no question. It's political." NATO and the European Union did not officially accuse Russia, but planned to “raise the issue with Russian officials.”
Source: The Guardian
In 2001, Time magazine reported that the FBI had identified Russian and Ukranian hackers as the perpetrators of the biggest e-commerce scam to date.
Source: Time
CNN’s timeline “A 40-year history of hacking” shows that the first computer hackers emerged at MIT in the 1960s. Hacking crimes range in severity; in 1989, German hackers sold U.S. data to the KGB; and in 1993, hackers rigged a radio station phone system so they could win a give-away contest.
Source: CNN
Opinion and Analysis: Cyber terrorism and the hackers' lifestyle
Clifford J. Levy of The New York Times considers whether the Russian character readily lends itself to the hacker culture. He states that the Russian "ethos has often been that if provincial governors and traffic cops and everyone else have their hands out, why should I play it straight?”
Source: NY Times
In 2002, concern arose over the mounting risk of digital terrorism. Dmitri Chepchugov of the Moscow police said, “These days you don't need to get a truck bomb into, say, a chemical plant or crash a plane into it. All you need is a group of hackers who get into the computerized control system, knock it out, and trigger a disaster."
Source: Time
BBC technology correspondent Mark Ward’s investigation into hacking has shown that it can be a lucrative business. In one hacker chat room, someone left the following message: “i got many shops + tons of daily orders. i hack a shop in 3-4 hours and sell it for 100-500$.” It’s also safe apparently. One hacker bragged, "It is very difficult for them to find us, and even if they do, they have no evidence.”
Source: The BBC
Most Recent Beyond The Headlines
© 2012 Dulcinea Media, Inc.
