Glenny - DarkMarket: Cyberthieves, Cybercops and You

DarkMarket

CyberThieves, CyberCops, and You

Misha Glenny

For Miljan, Alexandra and Callum

Copyright 2011 Misha Glenny

All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher.

Distribution of this electronic edition via the Internet or any other means without the permission of the publisher is illegal. Please do not participate in electronic piracy of copyrighted material; purchase only authorized electronic editions. We appreciate your support of the authors rights.

This edition published in 2011 by
House of Anansi Press Inc.
110 Spadina Avenue, Suite 801
Toronto, ON, M5V 2K4
Tel. 416-363-4343
Fax 416-363-1017
www.anansi.ca

LIBRARY AND ARCHIVES CANADA CATALOGUING IN PUBLICATION

Glenny, Misha
Darkmarket : cyberthieves, cybercops and you / Misha Glenny.

Includes index.
eISBN 978-1-77089-048-0

1. Computer crimes. 2. Cyberterrorism. 3. Computer hackers.
4. Internet in espionage. I. Title. II. Title: Cyberthieves, cybercops and you.
HV6773.G53 2011 364.168 C2011-903101-9

We acknowledge for their financial support of our publishing program the Canada Council for the Arts, the Ontario Arts Council, and the Government of Canada through the Canada Book Fund.

PROLOGUE

crime@21stcentury.com

In humanitys relentless drive for convenience and economic growth, we have developed a dangerous level of dependency on networked systems in a very short space of time: in less than two decades, huge parts of the so-called critical national infrastructure ( CNI in geekish) in most countries have come under the control of ever more complex computer systems.

Computers guide large parts of our lives as they regulate our communications, our vehicles, our interaction with commerce and the state, our work, our leisure, our everything. At one of several cybercrime trials I have attended in recent years, Britains Crown Prosecution Service demanded the imposition of a so-called Prevention of Crime Order on a hacker, which would come into force after his release from prison. The Order would block him from accessing the Internet except for one hour a week under the supervision of a police officer. By the time my client completes his sentence, the defendants lawyer remarked at the hearing, there will barely be a single human activity that will not somehow be mediated by the Internet. How is my client supposed to live a normal life under such circumstances? he asked rhetorically.

How indeed. Those who have left their mobile phone at home even for a few hours usually notice an intense irritation and a sense of loss, akin to cold turkey among more dependent users. Interestingly, when deprived of the device for three days, this corrosive feeling of unease is often replaced by a rush of liberation as one is transported back to a world, not so far away, where we neither had nor needed mobile phones and we arranged our lives accordingly. Today most people feel they cannot live without these tiny portable computers.

Perhaps the nearest comparison to computers is the motor vehicle. As cars became a standard family item from the 1940s onwards, only a minority of drivers really understood what was going on under the bonnet. Nonetheless that was still quite a number who could fix their vehicle whatever the cause of breakdown, still more who could tweak the carburettor in order to limp home, and most could at least change a flat tyre.

These days if its only a flat tyre, you can still probably reach your destination. But a growing number of breakdowns are now the result of a computer failure in the control box the black plastic housing usually located behind the engine. If it is a control-box issue, then even if you are an experienced tank mechanic you wont be able to get the car moving. If you are lucky, a computer engineer will be able to fix it. But in most cases you will need to replace the unit.

Computer systems are so much more complex and fragile than internal combustion engines that only the very tiniest group of people can begin to deal with a problem beyond the familiar mantra, Have you tried rebooting it?

We now find ourselves in a situation where this minuscule elite (call them geeks, technos, hackers, coders, securocrats, or what you will) has a profound understanding of a technology that every day directs our lives more intensively and extensively, while most of the rest of us understand absolutely zip about it. I had first begun to appreciate the significance of this when researching my previous book on global organised crime, McMafia . I travelled to Brazil in order to investigate cybercrime because this absorbing country is, among its many positive qualities, a major centre of bad stuff on the Web though this was little known at the time.

Here I met cyber thieves who had engineered a spectacularly successful phishing scam. Phishing remains one of the most dependable pillars of criminality on the Internet. There are two simple variants. The victim opens a spam email. The attachment may contain a virus, which enables a computer somewhere else in the world to monitor all activity on the affected computer, including the input of bank passwords. The other trick lies in designing an email that appears to have been sent by a bank or other institution, requesting confirmation of login and password details. If the recipient falls for the ruse, then the spammer can use these to access some or all of your Internet accounts. The Brazilian hackers demonstrated step-by-step how they secured tens of millions of dollars for themselves from bank accounts in Brazil, Spain, Portugal, the United Kingdom and the United States.

I then visited the cybercops in Brasilia who had busted four other members of their criminal group (although at least twice that number were never tracked down by the police), and then I interviewed the chief of X-Force, the covert-operations department of the American computer security company, ISS . In the space of about a week I realised that conventional or traditional organised crime, colourful and varied though it was, carried with it significantly greater risks for the perpetrators than for those engaged in cybercrime.

Old-fashioned organised-crime groups, attached to the technology and means of the twentieth century, need to overcome two daunting hurdles if they are to make a success of their chosen profession. The police represent their primary business risk. The efficacy of law enforcement varies both geographically and in time. Organised-crime groups adapt themselves to these changing conditions and choose one of a number of methods of dealing with the forces of law and order. They can attempt to outmuscle them; they can corrupt them; they can corrupt politicians exercising authority over the police; or they can evade detection.

Then they face a second problem: threats posed by the competition, other bad guys trawling for prey in the same waters. Here again they can attempt to outmuscle them; they can suggest forming an alliance; or they might agree to be absorbed by them.

In neither case, however, can the criminal syndicate simply ignore them that way lies failure, with sometimes fatal results. Key to survival and prosperity is the ability to communicate with your fellow criminals and with the police and, indeed, to send the correct messages to both groups.