As much as I hate hackers, there is a certain amount of heart-felt respect I have for them. Despite their intentions, their technical ability is at times simply astonishing. It seems nowadays that more and more hackers are becoming astute business people in one of the toughest environments imaginable; and their achieving this through creating worldwide botnets, with the nerve centre hidden using a technique known as 'fast-flux DNS.'
However firstly, the business acumen of these people seems to be something of growing significance. They have created pricing structures to sell off credit card details to bank account information to anyone who might be interested. Furthermore they cover their tracks through money laundering tens of thousandsĀ of dollars through bank accounts of vulnerable targets such as businesses in serious debt. The thing that is of interest though is the fact that their business network is loosley coupled, with relationships being built up and torn down in a very short space of time, making them very difficult to track.
So with the online black economy growing, how do the kingpins structure their empires? One of the most prevalant worms in 2007 has been Storm. Rearing it's ugly head on January 17, it's comprimised countless systems from personal PCs, to business, government, education, and even mililtary computers. The success of the worm has partially been due to a diverse hacker developer base who find new ways to create releases that side-step improvements to a system's security. Essentially the technical and business model operates in the following way:
Traditionally the botnets have been designed to receive commands from the Botnet Herder through IRC networks. From the defender's point of view, this single point of weakness has been relatively simple to disable, hence bringing down the threat quite easily.
However the growing trend now is to use what's called Fast-Flux DNS (this is broken down further into Single-flux and Double-flux). The idea behind fast-flux is to register a domain name, which resolves to a host that changes as quickly as every three minutes. This is achieved through a combination of Round Robin DNS, with a very short TTL. From a defender's point of view it's a nightmare, as you could be chasing down a certain IP, the DNS switches, and you're no longer dealing with a valid host.
Logically, you'd then assume that the single point of weakness would move to the domain registar, and you could simply take down the domain. Unfortunately registars are somewhat reserved in pulling down the name, as pulling down a valid site would spell catastrophe for them in terms of support calls from the owner of the domain, and the serious threat of severe legal action.
From my point of view, until the registars enforce some sort of mechanism to disable fast-flux, the botnet herders are going to sit quite safely behind a never-ending series of rotating doors. But like all good issues, nipping the problem in the bud is always the best way. So can the root cause of why people hack for profit be abolished, or will there forever be the game of catch-me-if-you-can?
Most of these hardcore profiteering hackers are the product of Eastern Europe, Russia and places like China. The problem is that the individual can be highly educated (through tertiary or self-study), but be located in an environment where they can not profit through their skillset. This is a perfect breeding ground for participants of the online black market. Even if they do get tracked down, are the authorities in their respective countries going to view it as a priority to arrest these people? I doubt they'd invest any significant amount of effort to do so.
The unfortunate part is that some great security models could be architected and tested through employing skills of such individuals. The two issues there are a) being able to find them and pull them into a corporate environment, and b) their willingness to leave their enormous botnets and substantial financial accumulations to become part of a salary-paying organisation. I guess there'll always be a black economy as it's human nature, be it in the real-world or virtual.