Tag: criminals

Where cyber criminals store their data?

July 8, 2021 /

Tracking hackers is not a fast and straightforward activity these days. Yes, most governments’ monitoring and data analytics capabilities are indeed becoming better and better. However, the privacy tools are becoming better and better, as well. There is a constant debate whether people must give more of their online privacy for safety. On the other side giving more power to centralized authorities can lead to dystopian states and not functional societies.

One scientific branch helping the governments to catch cybercriminals is cyber criminology. As a discipline, cyber criminology encompasses a multidisciplinary field of inquiry – criminology, sociology, psychology, victimology, information technology, and computer/internet sciences. But in short, its primary goal is to standardize the way we catch cybercriminals. As we can see, most of these disciplines are coming from the social criminology world, and they are primarily used to make a psychological profile of the attacker. On the other side, the technical aspects are crucial if we want to catch the hacker and how he/she managed to hack the system. Without cyber forensics and, most notably, computer science, we don’t have a proper way to understand what happened and how to catch hackers.

One of the main ways to hit criminal organizations properly is to target and track their infrastructure. Without a decent infrastructure, one can not do much in cyberspace. Sure, a hacker attack can steal a lot of data and create havoc, but they need computers, servers, and other equipment for all of this. The stolen data must be stored somewhere, analyzed, and eventually used for blackmail or released to the public. Like cloud providers, hackers need backup and retention plans for the stolen data, and nothing is for free.

One interesting case for such infrastructure is a former NATO bunker used to host Dark Net websites. The German police stormed the place allegedly used to host websites offering drugs, child pornography, and devices to breach computers. Over 600 police personnel were involved in the raid on what they termed a “cyber bunker data center” in the western German city of Traben-Trarbach. Seven people were arrested, with 13 more sought, although none were taken into custody at the site. The arrests occurred at a local restaurant and in the town of Schwalbach, near Frankfurt. Other raids co-occurred in Poland, the Netherlands, and Luxembourg.

This case is quite interesting because cybercriminals usually do not have so many resources to create a whole data center. Hacking has an asymmetric nature, and most of the time, attackers have fewer resources than the defenders. And these smaller criminal cells are targeting SMEs. In that case, a significant criminal group, most probably part of the mafia, owned a whole data center.

You can see how a standard privacy-oriented user would store their data in the cloud on the diagram. Criminals use the same techniques to ensure everything stored in the cloud is adequately encrypted and hard to track

In conclusion, we should track and hit cybercriminals by finding their data infrastructure and destroy it. Acquiring infrastructure is one of the most expensive parts of a hacker operation. It can take months to years to accumulate it. And here comes the cyber criminology value. We can use this interdisciplinary field to find where the infrastructure is located and destroy it.

Are hackers used in guerilla warfare?

June 3, 2021 /

Once the top interest of the state was its national integrity and the protection of its borders, that no more seem like the top priority with the rise of globalization. The world has now turned into a global village, and everyone is interconnected. We no longer base the international policy on the principle of expansionism but more on soft and indirect interventions. Cyber-attacks have become very common these days to steal sensitive data or block a critical infrastructure of any country by targeting its vital computer systems. State governments sponsor part of these cyber-attacks to penetrate rival states. Criminals execute another piece for the sake of financial gains.

State-Sponsored Cyber Soldiers:

Despite having conventional solid militaries, many countries are putting efforts into arranging training programs for cyber soldiers who are getting themselves ready for cyber warfare. They are picking up the best people from network exploitation, malware, or firmware reverse engineering. It is essential to understand that cyber warfare usually has asymmetric nature. A small unit attacks a relatively bigger target in terms of resources. That’s the reason these people receive additional training in guerilla warfare by top military specialists.

On the diagram, you can see how different hacker cells secure themselves during different types of communication. Security during operations and internal group communications is with the highest guarantee.

Everyone is welcome to the party:

Almost every country now has a position regarding cybersecurity. And every country confirms that it has or wants to have highly developed cyber warfare systems. Although most countries are strictly against the use of military cyber systems to access the sensitive data of any other country, they keep on developing their cybersecurity platforms. An analysis of cyber capabilities of one relatively big country from 2009 to 2015 showed seven major cyberattacks origin from it. The hacker group tried to hack everything, starting from simple data theft from technological companies to hacking a Personnel Management office of a government agency.

Unofficial cyber attacks:

Not all cyber attacks are for getting to know the secrets of other nations. Sometimes cyber attacks are used to gain access to critical infrastructure and gain leverage during war actions. Cybersecurity is vital during these wartime operations, keeping in mind that now almost everything is digital and modern armies use more and more information systems to increase their efficiency on the battlefield. 

There are several other examples where unaffiliated groups were involved in violating cyberspace. Most cases even show that the state government is well aware of these groups but does not act against them. These attacks bring betterment for the state, so as long as they benefit the government, it does not interfere in their matters but even shields the hacker groups. If they use their skills to steal money, the money comes to the home state, which is beneficial for state economics. That is why governments often allow such hackings in their territory. 

Many unofficial and unethical cybercriminals are the silent pupils of state-sponsored cyber actors. They learn the tricks from the big boys but use them for other malicious reasons and financial gains. It is essential to understand that these days everyone is a target. Especially having in mind that many states manufacture and use military-grade malware. Later this malware can be recycled by criminals and used versus non-state level organizations or even small and medium businesses.