April 01, 2007

Threatwatch - bots, selling Ameritradelity, all your DNS belong to US

In our side project of collecting reported threat statistics, here's lots of them:

MessageLabs, a company that counts spam, recently stopped counting bot-infected computers because it literally could not keep up. It says it quit when the figure passed about 10 million a year ago. Symantec Corp. recently said it counted 6.7 million active bots during an Internet scan. Since all bots are not active at any given time, the number of infected computers is likely much higher. And Dave Dagon, who recently left Georgia Tech University to start a bot-fighting company named Damballa, pegs the number at closer to 30 million. The firm uses a "capture, mark, and release," strategy borrowed from environmental science to study the movement of bot armies and estimate their size.

"It's like asking how many people are on the planet, you are wrong the second you give the answer. : But the number is in the tens of millions," Dagon said. "Had you told me five years ago that organized crime would control 1 out of every 10 home machines on the Internet, I would have not have believed that. And yet we are in an era where this is something that is happening."

This transcript of a trading account fencing ("selling of stolen goods") spree reveals:

Two accounts on TD Ameritrade. One has $7,000, $2,000 on the other. Plus I have a us.etrade.com account which has $1,300. I will sell all for $250. I also have a Fidelity valued at $50,000 that I'll sell for $350. Purse on webmoney Zxxxxxxxxxxxx. I can send them in parts so you can be sure I am not a fraud, but you make the first transaction, and then I send you the money.

Funnily enough, the "fence" wasn't that smart, as the TV Intern doing the 'buying' tipped him off fairly early that he was probably an investigator.

Not a number, but a threat (posted by Duane, pointed out by Philipp):

DNSSec is poorly adopted already, and now the US Gov wants IANA to hand over private keys, giving people even less incentive to adopt.

"At an ICANN meeting in Lisbon, the US Department of Homeland Security made it clear that it has requested the master key for the DNS root zone. The key will play an important role in the new DNSSec security extension, because it will make spoofing IP-addresses impossible. By forcing the IANA to hand out a copy of the master key, the US government will be the only institution that is able to spoof IP addresses and be able to break into computers connected to the Internet without much effort. There's a further complication, of course, because even 'if the IANA retains the key ... the US government still reserves the right to oversee ICANN/IANA. If the keys are then handed over to ICANN/IANA, there would be even less of an incentive [for the U.S.] to give up this role as a monitor. As a result, the DHS's demands will probably only heat up the debate about US dominance of the control of Internet resources.'"

A Cook Report around 1997 laid out the basic case that it is US government formal but unstated policy that the net is controlled and kept as a US-managed institution. That makes the above an old and well understood threat; serious high security Internet systems do their "own DNS," including Skype, eCash, WebMoney, Ricardo. (All except the last are from memory and anecdotes.)

The above can be seen as a power play between the overseers of the poodle ICANN (Commerce Dept?) and the DHS, being the new kid on the block. The solution to the above problem is simply to issue the DNS root zone master key to every government agency that asks for it. If the crazies in DHS have a right to it (as they will argue) then so do the mad mullahs of Persia ... and all points in between.

Then, the root key moves to where Spire put it: 150,000 people with legitimate access to it, so no longer a security tool. Problem solved.

Addendum: dead link was this:

Hackers Pillaging Your Hard-Earned Retirement Funds
The Following Are E-mail Exchanges Between a Russian Hacker and an ABC News
Intern Dubbed 'Svetlana'

March 20, 2007- -

Hacker (March 9, 10:44 AM): Hello Svetlana! You need TD Ameritrade accounts?
I have a couple and Fidelity.com as well. On one there is 7k for cash
trading/withdrawal. How much are you willing to offer for it? Write me and
we will discuss )

Svetlana (11:42 AM): Hello! Thank you for responding...what percent do you
usually take for the information and what exactly will you give me if we
make a deal? Is the 7K in TD Ameritrade or in Fidelity.com?

Hacker (11:46 AM): Ok 7k is on the Ameritrade and I do not take a
percentage. I can just simply sell you the account. I am not a fraud you can
ask Egold he knows me. A couple of hundred dollars will satisfy me

Svetlana (11:53 AM): Ok, do you have the password and the number of that
account? And is this account American? How much money is in the Fidelity? A
couple of hundred is feasible, how much exactly do you want?

Hacker (12:03 PM): Two accounts on TD Ameritrade. One has $7,000, $2,000 on
the other. Plus I have a us.etrade.com account which has $1,300. I will sell
all for $250. I also have a Fidelity valued at $50,000 that I'll sell for
$350. Purse on webmoney Zxxxxxxxxxxxx. I can send them in parts so you can
be sure I am not a fraud, but you make the first transaction, and then I
send you the money.

Hacker (12:05 PM): Yes, all the accounts are American.

Svetlana (12:14 PM): Ok, so I will send you the money, and you will give me
1) username 2) password?

Hacker (12:16 PM): Of course, I have these accounts from time to time and if
you need them we can work together permanently. As soon as you make the
transaction I will send you the information in the email.

Hacker (12:34 PM): Svetlana, how do you like my offer? Are you going to buy,
I need to know that they are yours so I don't sell them. Write back.

Svetlana (12:52 PM): I will pay you double if along with this information
you have the names of these people and their SS #.

Hacker (12:56 PM): Ok when you enter you will see the owner's information.
When are you planning to buy the accounts? Today?

Hacker (1:00 PM): I also have two trading.scottrade.com accounts valued a
little under $40,000. Need them?

Svetlana (1:09 PM): Yes, I DEFINITELY need them. I never used a webmoney
account, how do I sign up to it?

Hacker (1:23 PM): Ok fine Svetlana I will help you make the transfer. Go to
www.roboxchange.com, select "exchange electronic money," "forward," in the
window select USD e-gold. For the receiver choose WMZ. Type in the amount in
your e-golds and below it will say how much that equals in webmoney. Copy
the number of the purse from the email Zxxxxxxxxxxxx. That's it, press
"exchange," the money will be instantaneously transferred to me and I will
send you the information for accessing the accounts, which will complete the

Hacker (1:45 PM) So Svetlata, did you understand? Write back as soon as you

Hacker (2:07 PM): Svetlana...

Svetlana (2:07 PM) Ok I signed up. However, $600 is big money, how would I
know FOR SURE that you will send them to me? Can you give me some kind of

Hacker (2:11 PM): I told you, Egold works with me, write him, he serves as
the guarantee during transactions. He is also the forum's moderator on which
you made the announcement. This is guarantee in itself. Believe me, I am not
a fraud, I am a salesperson of accounts. I make money from this, I have no
reason to ruin my reputation, especially since you are paying me good money
and there is no point to lose you as a client, which I have to find anyway.

Hacker (2:13 PM): My nickname is koloxxxx, he knows.

Hacker (2:38 PM): Svetlana, did you make the transaction, or am I
misunderstanding something?

Hacker (2:40 PM): For proof, I can send you one small account. Look and
understand that I am a real seller, this is my fraud-free business.

Svetlana (2:50 PM): I can not find the person's name and SSN# on this

Hacker (2:54 PM): Ok this is just with Ameritrades, Fidelity has them. Make
the transfer and I will send you the rest, then we will talk in detail.

Hacker (2:56 PM): Fidelity has the SS #.

Svetlana (3:02 PM): So Ameritrades never have SSN#'s? I need the people's
names and their SSN#'s.

Hacker (3:11 PM): Ok Svetlana you wrote: "I need to access Schwab, E-trade,
TD Ameritrade accounts. I do not need credit cards -- only savings accounts
or 401(K)s. Pay good money, willing to make a deal. Write back asap, or
email me at Sveta.xxxx@gmail.com". So I showed you an account,
Ameritrade...unfortunately it lacks the information you need, specifically
the name of the owner, but on the Fidelity I have that information plus the
SS#. I also have us.etrade.com where the person's information can be seen. I
am completing my part of the deal, and am awaiting the same on your part.
Svetlana, what do you want from me, let's make the exchange and and I will
send you your accounts, or consequently I will open them up for sale. Make a

Hacker (3:31 PM): Do you need them or not?

Hacker (3:37 PM): Svetlana, are you still there?

Svetlana (3:47 PM): Yes, I need them but I will not have the money till
Monday (I am awaiting a transfer), can you wait till then? If not, will you
have anything remaining or will you have anything new on Monday?

Hacker (3:51 PM): Of course, and I will keep this material for you. It would
be nice if you would send me at least $50 as a sort of a guarantee for me.
If not then not...I will keep the accounts till Monday and I will be online
at that time so feel free to write me. Good luck Svetlana.

Svetlana (4:06 PM): I would rather send you the total amount on
Monday...thank you very much for your patience...talk to you soon!!

Hacker (March 12, 11:44 AM): Hello Svetlana! How are you today? Are you able
to make the transfer to the purse? As I promised I left you those accounts
and I also have 6-8 new fidelity each valued at $20-40k. Of course each has
a SS# and FIO of the owner as you needed. Write back as soon as you get

Svetlana (11:54 AM): Hello! Yes I have the money, but how do I extract the
money from these accounts?

Hacker (12:01 PM): Svetlana I merely sell the accounts, the people that
purchase them they do everything as they wish and I have nothing to do with
it...You asked me to find accounts and I found them for you, will you be
buying those for $600?

Svetlana (12:08 PM): Sergey, actually I work for ABC News in New York. We
are doing a report on hackers that break into accounts. What you showed me
is very interesting, and we would like to interview you about your business.

Hacker (12:11 PM): ) Best of luck to you.

This exchange was translated from Russian to English.

Copyright 2007 ABC News Internet Ventures

Posted by iang at April 1, 2007 04:51 PM | TrackBack

There is no fix since the accounts seem to be easily broken into and robbed. Investigators aside the whole lot should have been thrown out once it was known to be flawed. As is the case with credit cards the acceptable loss is passed on the owner of the account with no rolling back liability to the service provider. It stands to logic that pirates will grow in numbers, becoming highly specialized without the need to sell the accounts. The consolidation of pirates is our only hope, it will make for an easy one stop bribe. Now thats the ticket a bribe market that liasions with the pirates . So kind of an alert service with a ransom for accounts rescued from the pirates. It could prove to be a robust market with trusted ransom experts working with the best pirates.

Posted by: Jimbo at April 1, 2007 10:01 PM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.