Meet A-Z: The computer hacker behind a c

The Great Lover · Subject: Meet A-Z: The computer hacker behind a c Mon Aug 25 2008, 15:12

He goes by the nickname
A-Z and is one of Russia's bright young tech stars. He's a crack
programmer, successful entrepreneur and creator of sophisticated
software tools that help his customers make millions.

Trouble is, A-Z's masterstroke is a computer program called ZeuS that
helps cybergangs steal people's identity data and pull off Web scams on
a vast scale. Last fall, German criminals used ZeuS to pull off an
Ocean's Eleven-like caper, hijacking $6 million from banks in the
United States, United Kingdom, Spain and Italy, says SecureWorks, an
Atlanta-based company that monitors Internet crime and supplies
security systems for 2,100 companies and government agencies.

STORY: Thieves skim credit card data at fuel pumps

A few years ago, skilled hackers such as A-Z concentrated most of their
efforts on setting loose globe-spanning Internet viruses, mainly for
bragging rights. But cybercrime is now a fast-expanding, global
industry, security researchers and law enforcement officials say.
Because it most often goes undetected and unreported, cybercrime is
difficult to measure. A benchmark widely cited by the tech-security
community is that its value tops $100 billion a year, outpacing global
drug trafficking.

"All you need is a computer, Internet access and programming skills,
and now you have a viable career path in front of you," says Nick
Newman, a computer crime specialist at the National White Collar Crime
Center, a federally funded non-profit that trains local law
enforcement. "It's easy money, and because the Internet is anonymous
you don't think you'll ever get caught."

A-Z is an archetypical new-generation hacker. No one outside of his
close associates knows his true identity, virus hunters say. But
security researchers and government authorities have exhaustively
triangulated his presence in the cyber-underworld for nearly two years.
Based on A-Z's marketing activities in Russian chat rooms and forums,
and distinctive coding signatures in ZeuS, investigators peg him to be
a male in his early 20s, living in Moscow, working full time as an
independent software developer for hire.

"He's well-spoken, business-savvy and discreet," says Don Jackson, a
senior researcher at SecureWorks who has investigated A-Z's movements
online. Jackson belongs to a fraternity of about 200 other professional
virus hunters who shadow hackers and scrutinize Internet traffic to
flush out data-stealing programs and curtail Web scams. A-Z is "very
careful to maintain a professional image, and he always leaves his
clients wanting more."

Crafting a sneaky ZeuS

Hackers such as A-Z craft the code that enables crime groups to
continually inundate your e-mail inbox with spam scams and taint
millions of popular Web pages with snares to take control of your PC.

"Cybercrime has evolved into big business and created a market for
highly specialized individuals," says Steve Santorelli, director of
investigations at research firm Team Cymru, who has studied how ZeuS
helps cyber-intruders control infected computers. A-Z identified an
underserved market niche and hustled to fill it, Jackson says. He
recognized latent demand for software that could more efficiently
infect home and workplace PCs and turn them into bots — obedient
machines that could be controlled remotely without the owners'
knowledge or consent. Cybergangs now routinely assemble thousands of
infected PCs in networks, called botnets, which they then use to spread
spam, infect other computers, steal data and hijack online accounts.

A-Z perfected ZeuS — a customizable botnet creation and management
program that readily slips through computer firewalls and sidesteps
detection by anti-virus filters. He began hawking ZeuS for $3,000 on
Internet forums, where hackers and scammers congregate. By early 2007,
ZeuS began to catch on, according to reports from Sunbelt Software,
Symantec, McAfee, Kaspersky Lab, Finjan and other security firms.

One customer used ZeuS to steal user names and passwords from patrons
of a Russian online stock-trading site. Another used ZeuS to take
control of at least 150,000 PCs and encrypt personal files stored on
the hard drives, leaving behind a ransom note demanding $300 for the
keys to decrypt the files.

ZeuS was also deployed to swipe 1.6 million sensitive records from job
seekers at Monster.com and several other online job sites. Monster has
since taken an "extremely aggressive approach" to preventing fraud,
says spokesman Steve Sylven. "We continually refine our site
technologies to prevent unauthorized access to Monster services," he
says.

ZeuS was so effective that it inspired cheap knockoffs. This cut into
A-Z's revenue and tarnished his reputation, Jackson says. "His money
began to dry up when U.S. and German groups began selling counterfeit
versions."

Much as a young Bill Gates did when hackers began to pirate early
versions of Microsoft Windows, A-Z took steps to prevent the theft of
his intellectual property, Jackson says. A version of ZeuS began to
circulate with a statement strictly limiting the purchaser's use of his
brainchild. Violators, A-Z warned, would have key coding revealed to
the anti-virus companies, effectively neutralizing their copies of ZeuS.

In spring 2007, soon after the restricted version of ZeuS showed up,
A-Z adopted a lower profile. He stopped advertising ZeuS for sale on
criminal forums and began supplying ZeuS only to repeat or referred
customers, Jackson says.

Theft on a grand scale

In early summer 2007, A-Z agreed to form a partnership with a German
cybergang to pursue an ambitious heist worthy of a Hollywood thriller,
Jackson says. The gang was known for executing "man-in-the-middle"
attacks. This involved infecting a PC with a virus that sits dormant
until the user logs into an online bank account. The virus then comes
alive and tries to execute a cash transfer to an account controlled by
the crooks — while the victim is logged on and doing other banking,
says Ken Dunham, research director at iSight Partners, a Dallas-based
risk-management firm.

"The really bad actors are using code that can mess with your
transactions on the fly," says Dunham. "They're manipulating what comes
into and leaves your browser in real time."

Still, man-in-the-middle attacks are notoriously hit-and-miss. Some
banks have moved to thwart them by only allowing cash transfers from
commercial accounts, and requiring bank patrons to type in a special
code, called a security certificate.

Jackson caught wind of the alliance between A-Z and the German gang and
began reporting on it within tech-security circles. Here is what
Jackson has extensively documented about the partnership's elaborate
caper:

It was executed in two stages. In Stage 1, the gang sent millions of
spam e-mail messages purporting to carry a Web link to Father's Day
greeting cards, celebrity videos, stories on real and bogus news events
and other ruses. Anyone who clicked on such a link received an error
message — and the PC got infected. A generic version of ZeuS then began
to harvest all data typed by the PC user on any Web forms: shopping
pages, online applications, account logon pages and the like. ZeuS also
slotted each infected PC into a large botnet standing at the ready and
awaiting further commands.

Through the summer and fall, gang members combed through the stolen
data that poured in from generic ZeuS infections. They were on the hunt
for PC users with online access to commercial bank accounts equipped
with the ability to make online cash transfers. By November, the gang
had a list of several thousand such accounts and was ready to move to
Stage 2, which hinged on a "spear phishing" campaign, Jackson says.

Generic phishing scams that try to trick people into typing their
usernames and passwords at spoofed Web pages are typically
mass-e-mailed indiscriminately. By contrast, spear phishers target
specific individuals. The gang began spear phishing the commercial bank
account holders.

The e-mails advised the account holders that their security
certificates were "out of sync" and asked them to "click here" to reset
them. Since the messages included great detail about the individual and
did not ask for any sensitive data, the ruse was "very convincing,"
Jackson says.

According to Jackson, several thousand online banking patrons fell for
the ruse and clicked on the hyperlink. A fresh copy of their security
certificate, indeed, popped up. But a fresh infection also got
installed: a customized version of ZeuS tweaked by A-Z to alert the
gang the next time the PC user logged into the account, Jackson says.

Anticipating that ZeuS would reel in thousands of such alerts, A-Z
prepared the botnet created in Stage 1 to lend a helping hand. Jackson
says the botnet was set to automatically react to alerts. Each alert
triggered a cash transfer of $5,000 to $10,000 that took only a few
seconds to complete, he says. According to SecureWorks, British law
enforcement and affected banks compiled an estimate of ZeuS' total take
over the course of two weeks: $6 million.

A break in the case came when Jackson discovered a computer server in
Turkey where the gang stored instructions for making cash deposits into
accounts it controlled. Network operators in the U.K., Germany and
Turkey cooperated with U.S. law enforcement to shut down the server and
curtail the scam, SecureWorks says.

Though the robbery was widely discussed in tech-security circles, the
names of the banks that suffered losses were never disclosed. Members
of the German gang and A-Z remain at large and under investigation by
U.S. authorities. The FBI and U.S. Secret Service declined comment.

As a rule, tech-security firms help banks under non-disclosure
agreements. The names of the 20 affected banks have remained
undisclosed.

Hacker's free to 'live large'

Pursuing cybercrooks, especially hackers who mainly write code, is a
low priority for Russian police, says John Pironti, a banking security
expert at systems integration firm Getronics. As long as A-Z doesn't
leave Russia, he is effectively beyond the rule of law. "Unless he
causes someone physical or political harm, he can live large," Pironti
says.

A-Z, in fact, has admirers in legitimate tech circles. Yuval
Ben-Itzhak, a virus hunter at San Jose-based security firm Finjan,
marvels at the finesse it took to develop ZeuS. "To write a program
that needs to run on millions of PCs all around the world and not break
them is truly an art," Ben-Itzhak says. "I'm telling you, I'd be
willing to hire a person like this at any price."

In online chats, Jackson says, A-Z has told him that he presumes his
clients used ZeuS strictly for legal endeavors, and expressed a desire
to be taken seriously as a programmer. In one chat session, A-Z
divulged his goal to earn enough to trade in his 1995 Zhiguli sedan for
a Mercedes-Benz SLR sports coupe. In another chat, Jackson asked A-Z
about ZeuS' history of being used for mass infections and other
criminal activity. Jackson says the hacker insisted that his materials
are provided for research purposes and said that he could not control
his clients' actions.

Such facile answers come as no surprise to security experts and social
scientists who track the behavior of hackers and scammers immersed in a
virtual world where cheating and stealing — and getting away with it —
are badges of honor.

"Unfortunately, many of these new specialists rationalize their actions
in the absence of ethical guidance," says Santorelli of Team Cymru.
"They represent a serious challenge to those who seek to protect
Internet users."

pisces · Member Number of posts: 143 Age: 25 Registration date: 2008-09-17

good sharing brother keep it up lol!

_________________