The National Academies Press

Currently Skimming:

Appendix C: Illustrative Criminal Cyberattacks
Pages 350-355

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 350... ... When analyzed, the evidence -- lists of credit cards numbers, Perl scripts for manipulating e-mail and auction accounts, and other hacking tools -- showed a complex scheme involving the creation of fake anonymous e-mail accounts and fake eBay seller and PayPal customer accounts, all fueled by the stolen financial information they possessed. They would Department of Justice, "Russian Computer Hacker Sentenced to Three Years in Prison," 2002, available at http://www.usdoj.gov/criminal/cybercrime/gorshkovSent.htm. Read the entire page →
From page 351... ... Russian rocket scientists at 2003 salary rates. The Israeli Trojan Horse Industrial Espionage Case In 2005, a couple were arrested in Britain on charges of creating a T rojan horse key logger and installing it on systems at dozens of sites by way of CD-ROMs containing what was purported to be a business proposal. This has been described as the largest industrial espionage case in Israeli history. Read the entire page →
From page 352... ... In this case, the goal was to compromise the confidentiality of business records by means of unauthorized access and data exfiltration from compromised computers. The 100 items of equipment seized by authorities were probably development hosts, file servers that received exfiltrated files, and perhaps processing hosts that would assist in sifting through the files collected by the Trojan horse malware. Read the entire page →
From page 353... ... The three were accused of using these botnets to steal credit card numbers and other personal data and to blackmail online businesses. • In June 2007, the FBI reported an event of similar size in the United States, part of "Operation Bot Roast," involving over 1 million personal computers. Arrested were three individuals, two accused of performing DDOS attacks and one reported to be one of the most prolific spammers at the time.10 In all of these cases, small groups of relatively young people with skills in programming and computer system administration were able to successfully compromise and control over a million personal comput Department of Justice, "Criminal Complaint: United States of America v. Read the entire page →
From page 354... ... These are just the proverbial tip of the iceberg in terms of online crime using distributed intruder tool networks, including botnets. A migration is beginning to take place, away from the easier to detect and mitigate IRC botnets and toward the use of heavily encrypted peer-topeer malicious programs for distributed command and control. Read the entire page →
From page 355... ... 12 The SEC Form 10-K filing by TJX claims that, in general, track 2 data -- all data, including the PIN number on debit cards, necessary to clone the card -- was either masked off with asterisks or stored in encrypted form. TJX does, however, state that, "despite our masking and encryption practices on our Framingham system in 2006, the technology utilized in the Computer Intrusion during 2006 could have enabled the Intruder to steal payment card data from our Framingham system during the payment card issuers' approval process, in which data (including the track 2 data) Read the entire page →

From page 350...

... When analyzed, the evidence -- lists of credit cards numbers, Perl scripts for manipulating e-mail and auction accounts, and other hacking tools -- showed a complex scheme involving the creation of fake anonymous e-mail accounts and fake eBay seller and PayPal customer accounts, all fueled by the stolen financial information they possessed. They would Department of Justice, "Russian Computer Hacker Sentenced to Three Years in Prison," 2002, available at http://www.usdoj.gov/criminal/cybercrime/gorshkovSent.htm.

Read the entire page →

From page 351...

... Russian rocket scientists at 2003 salary rates. The Israeli Trojan Horse Industrial Espionage Case In 2005, a couple were arrested in Britain on charges of creating a T rojan horse key logger and installing it on systems at dozens of sites by way of CD-ROMs containing what was purported to be a business proposal. This has been described as the largest industrial espionage case in Israeli history.

Read the entire page →

From page 352...

... In this case, the goal was to compromise the confidentiality of business records by means of unauthorized access and data exfiltration from compromised computers. The 100 items of equipment seized by authorities were probably development hosts, file servers that received exfiltrated files, and perhaps processing hosts that would assist in sifting through the files collected by the Trojan horse malware.

Read the entire page →

From page 353...

... The three were accused of using these botnets to steal credit card numbers and other personal data and to blackmail online businesses. • In June 2007, the FBI reported an event of similar size in the United States, part of "Operation Bot Roast," involving over 1 million personal computers. Arrested were three individuals, two accused of performing DDOS attacks and one reported to be one of the most prolific spammers at the time.10 In all of these cases, small groups of relatively young people with skills in programming and computer system administration were able to successfully compromise and control over a million personal comput Department of Justice, "Criminal Complaint: United States of America v.

Read the entire page →

From page 354...

... These are just the proverbial tip of the iceberg in terms of online crime using distributed intruder tool networks, including botnets. A migration is beginning to take place, away from the easier to detect and mitigate IRC botnets and toward the use of heavily encrypted peer-topeer malicious programs for distributed command and control.

Read the entire page →

From page 355...

... 12 The SEC Form 10-K filing by TJX claims that, in general, track 2 data -- all data, including the PIN number on debit cards, necessary to clone the card -- was either masked off with asterisks or stored in encrypted form. TJX does, however, state that, "despite our masking and encryption practices on our Framingham system in 2006, the technology utilized in the Computer Intrusion during 2006 could have enabled the Intruder to steal payment card data from our Framingham system during the payment card issuers' approval process, in which data (including the track 2 data)

Read the entire page →

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

Appendix C: Illustrative Criminal Cyberattacks Pages 350-355

Appendix C: Illustrative Criminal Cyberattacks
Pages 350-355