Cyber Security

The owner and operator of an illegal gambling website in South Korea hired two cyber security experts to attack a competing gambling site.

South Korea’s National Police Agency stated that the owner of the illegal gambling site paid two men $911,000 (1 Billion South Korean Won) to attack the competitor. The cyber attack consisted of hacking into 12,000 computers located at six different banks. Once in control of those computers, the man directed them to commence a distributed denial of service (DDOS) attack on to the gambling website.

(Price to rent a botnet to DDOS a website.)

One of the men was the owner of his own security company, and the other man was his employee. The man told police that he accepted the illegal job due to his lack of income. The man was previously a computer science professor in South Korea.

Intelligence officials believe that there are over tens of thousands of players in South Korea who bets at illegal gambling websites.

Source:  Jung Min-ho, “Cyber security experts arrested for hacking gambling site,” Korea Times, March 3, 2015.

At the start of 2015, media reports place the average ransomware demand to be $500.

This figure is based upon several public sources.

The first source is based upon a writer in the New York Times who stated that her mother was a victim of ransomware. The authors mother had her computer locked up based on CryptoWall. After encrypting the computer, the malware demanded $500 to be paid by Bitcoins release the hold. If the amount wasn’t paid by the end of the week, then the demand would increase to $1,000.

The second source is from a report by The Economist. In its article, the magazine reports that the average ransom has fallen from $800 several years ago. It uses examples of extortion victims who paid $644 (€510) in Italy, and a sheriffs office in Tennessee that paid $572 to recover thousands of files that were encrypted. The Economist also states that between August and December 2014, around 16,000 people paid $7 Million (8 Million Australian Dollars) after their computers were encrypted with ransomware.

The owner of the Bitcoin wallet that received the ransom in Italy received up to $109,400 worth of bitcoins in following 8 days after the ransomware was discovered.

Source:  Alina Simone, “How My Mom Got Hacked,” New York Times, January 2, 2015.

Source:  “Your money or your data,” Economist, January 15, 2015.

According to security reporter Brian Kerbs, hackers are selling computer programs that automatically click on competitors advertisements in order to drain their budget.

The service automotates bots that commit click fraud throughout the Google Adsense network. By having bots click on the ads, a business can quickly drain their competitors ads to prevent it from being seen.

The service is available for sale on underground Russian forums and has both subscription and flat rate options. For $100, buyers of the service can target 3 to 10 ad units for up to 24 hours. For a flat rate of $1,000, small businesses can drain the ads of a handful of competitors and prevent them from being seen indefinitely.

Fees are paid upfront with the use of virtual currencies such as WebMoney.

(More prices of underground hacking services.)

Source:  Brian Kerbs, ” Hacker service drains Google AdWords budgets,” Sydney Morning Herald, June 28, 2014


A report by the Center for Strategic and International Studies and computer security company McAfee reported that up to$445 Billion a year is being lost globally to cybercrime activities.

Online crime, hacking and the theft of intellectual property could cause up to 200,000 jobs being lost in the United States and up to 150,000 jobs in Europe.

A reported 50 million people in the United States had their personal identification stolen within the past year.

Source:  Chris Strohm, “Cybercrime Remains Growth Industry With $445 Billion Lost,” Bloomberg, June 9, 2014

According to a report by CNN, the cost to buy the malware called Blackshades on the cyber black market can be as little as $40.

The software is sued to remotely take over computers and can be used to access the computer’s hard drive, log key strokes in order to capture passwords, and can even turn on the webcam without the computer user’s knowledge.

The United States Federal Bureau of Investigation stated that cyber criminals have used Blackshades to extort computer users and commit bank fraud. In 2013, a user of Blackshades was convicted in California for using the program to turn on the webcam and spy on Miss Teen USA.

(More prices of online hacking tools and computer fraud.)

Source:  Even Perez and Shimon Prokupecz, “More than 100 people nabbed in global hacker crackdown,” CNN, May 19, 2014.

Interpol and cyber crime officials in the Philippines broke up an industrial-style extortion ring that as blackmailing hundreds of people around the world through online channels.

According to security agencies, the 58 people who were arrested in May 2014 would contact people through social media. After establishing a relationship, the group would obtain intimate or sexual pictures from the victim. Once in possession of the images, they would then demand payment or else the images would be released to the public.

Interpol stated that the average “sextortion” demand was between $500 to $15,000. Some victims paid on several occasions before going to the police.

(More illegal job earnings and revenue.)

Source:  AFP, “Dozens held in Philippines over global ‘sextortion’ ring,” Global Post, May 2, 2014.

In a translated account published in Tech in Asia, the operations and financial earnings of a hacking group in China that targets online games was broken down.

The group targets online games in China due to its low levels of security. Due to the costs to harden its servers, game developers in China choose not to invest in this area. The companies are believed to have made a decision that the security of its servers and database is not an area where a gamer will make his decision on whether to play the game or not. In addition, many of the Internet users in China has not developed the habit of using security tools. For example, even if two-step authentication is available, many game players choose not to use them.

Hackers in China have noticed these security vulnerabilities and have thus started targeting these websites. Due to the high number of users and popularity of games, the hackers have been able to create a profitable enterprise by hacking the game servers.

The group is organized on three levels, according to the report. The first level consists of the elite hackers. These are the most technically skilled hackers who are responsible for penetrating into the databases in order to obtain usernames and passwords. The second level consists of hackers who are responsible for collecting valuable information from the databases by scanning the sites. The third tier is responsible for selling the goods that were found. This can include game-play items such as armor, weapons and in-game currency.

On average, hackers involved in this group can make as much as $16,000 (100,000 RMB) a month.

(More earnings from illegal jobs.)

In another incident, a hacker reportedly got access to an online game’s entire database. The hacker then sold it to a third party for $820,000 (5 Million RMB). The third party uses this access in order to place itself between the gamer and the game server when gamers are attempting to add money to its account. By placing itself in the middle, all funds that gamers submit would be intercepted by the third party. Although the breach would be quickly noticed, a popular game with many payments could easily recoup the initial investment.

(Prices of hacking services and other online fraud.)

Source:  C. Custer, “Hacking China’s online games for profit: an interview with a Chinese hacker,” Tech in Asia, May 2, 2014.

A threat intelligence report by McAfee has found that many cyber criminals are using online gambling sites to launder money that they have earned from ransomware and other cyber crimes.

According to internet security researchers, criminals use VPNs and online currency such as Bitcoins to fund their accounts at online gambling sites. Due to the high volume, lack of regulations, and using Tor, criminals are able to wash their money and cash out the proceeds from cyber crime.

Back in 2003, online gambling sites paid out $9.1 Billion in winnings. By 2013, the amount of cash paid out by online sites increased to $32.7 Billion.

Although the number of online gambling sites fluctuate due to closures, there are at least over 25,000 online gambling sites in operation around the world, according to McAfee.

(More illegal gambling statistics.)

Source:  Teri Robinson, “Online gambling provides cover for money laundering, study says,” SC Magazine, April 25, 2014.

Criminals are using exploiting holes in wireless security to steal passwords and account details from ATM machines without the need installing skimming devices.

Criminals conduct this activity by placing a “skimming” device over the card reader of a legitimate ATM and install a pin pad over the keys. When a customer would use the ATM, the skimming machine would be able to capture the customers account data as well as the pin code. Once the machine was recovered, then the criminal would  have the information needed to breach the account.

Internet security experts state that criminals are now attempting to access debit card pin numbers and account information without installing the devices by targeting the machines through the internet.

In its 2014 Data Breach Investigation Report, Verizon studied 130 incidents of ATM skimming cases in 2013. Most of the ATM breaches took place at ATM machines and at gas pumps, where many customers use their debit cards to purchase gas. According to the report, the country with the most ATM skimming cases was Bulgaria, followed by Armenia, Romania, Brazil and the United States.

Source:  Jordan Robertson, “What Happens When the ‘Internet of Things’ Comes to ATM Skimmers,” Bloomberg, April 22, 2014.

According to security agents in Mexico, hackers, extortionists and other cyber criminals generated $3 Billion in revenue from various forms of cybercrimes in Mexico in 2013.

Criminal justice programs in the country handled 23,543 cases of cybercrime in 2013.

The director of the Scientific Police Division in Mexico stated that when hackers take over a computer system, they force the computer owner to pay an extortion fee in order to relinquish control of the computer. On average, the extortion fee ranges between $2,000 to $3,000 and is paid through electronic means to a bank account.

(More internet crimes and hacking services online.)

Source:  “Mexico: Computer hacking becoming form of extortion,” Infosurhoy, April 11, 2014.