Ted is a political professor at a local university. He is also running for the office of mayor in the upcoming election. Ted is a busy man he and his wife Nancy have three lovely daughters. Ted and Nancy have been married for 18 years. This week Nancy is taking her daughters to a southern state to visit her mother. Ted can’t make it because he cannot miss work. It is now Wednesday night Ted has finished working and is sitting home alone bored and lonely. So Ted turns on his computer and goes to a Yahoo chat room called Family and Health. Ted engages in some conversations with various other people when a new nickname comes into the room called Cynthia. Ted immediately receives a Private message from Cynthia asking him if he would like to see her picture and there is a hyperlink posted along with the message. Ted is home alone no ones around, he is lonely and thinks, “Oh well who can it hurt”. He clicks on the hyperlink which brings him to a webpage. The webpage is called my pictures by Cynthia and a pop up window pops up. The pop up window says that Ted must download xyz picture viewer in order to see Cynthia’s pictures the pop up resembles a certificate and Ted clicks ok. Upon doing so the whole window disappears, and the browser that Ted was viewing at the time. Ted thinks nothing of this and continues chatting with others for a few hours and then goes to sleep.
Two or three weeks go by and Ted is sitting at his office making out bills when he opens his phone bill he notices that the phone bill is for 300$. Ted further examines it and finds calls made to a 900 number called SEX4U located in the Netherlands. Ted has invested a lot of money in his campaign for office and knows that this may ruin it all so he reluctantly pays it without mentioning it to anyone. Time goes on and the election is drawing closer and Ted now campaigns in chat rooms when he has time telling everyone about him running for office. All this campaigning is getting to Nancy so she decides to go to her mothers for another visit. The night before she leaves Ted is in a chat room telling his friends that Nancy will be out of town and he will probably chat more often while she is away. The next day goes by and Nancy is away at her mothers. Once again Ted is chatting with his friends in yahoo chat rooms when Cynthia appears again. This time she sends Ted a private message and talks to him for along time in private. Ted has been drinking a little that night and his defenses are low. Cindy invites him to a private room where they can cam. Ted commences to go there and play show and tell with her on cam engaging in various sexual positions naked. When he is finished he tells her goodbye and sleeps off his booze never giving it a second thought. Weeks go by and Ted is sitting in his office one afternoon when he receives a phone call from Cynthia telling him that she has sent him something special in the mail. He takes his mail locks the door to his office and opens up the envelope addressed to him. In it is a note and a CD .The note says to play the CD in private. Ted pops in the CD in his computer and it opens with windows media player. Ted sees a movie clip of him naked from the night he had that episode with Cynthia complete with sound. After the movie clip plays, a notepad file opens with a letter telling Ted that unless he sends 20,000$ to a post office box in the Netherlands that the video will be posted on the Internet and copies of the movie mailed to the news media. Ted has spent more money than this on his campaign already and after considering his relationship with his wife, his family and his career his makes out a travelers check and mails it to the location. Ted is now sweating wondering what will happen next and if he should tell authorities. He goes home to examine his computer to see if any evidence is left on it. He turns it on and finds that the operating system is no longer there. As a matter of fact nothing is, the machine has mysteriously been formatted.
After that Ted never again hears from Cynthia and no longer chats in Yahoo or anywhere else for that matter. Ted will now live the rest of his life in fear never knowing when Cynthia may pop up her head again.
Now what went on in the background that Ted didn’t know was that he was duped by a hacker named Andre who operated in a portion of the Netherlands that had no laws against Internet fraud or hacking. Andre had written a program called a bot named Cynthia to troll chat rooms and post that hyperlink. At this point in time that’s all Cynthia was, just a computer program designed to appear to be a real person and post that hyperlink.
What else that happened that Ted was unaware of was that that hyperlink was designed to install a program called a Trojan horse when he clicked on the URL. Although Ted did not see it happen when he clicked that ok button several software programs were installed on his machine. The first one was a Trojan called a dialer and when Ted was away it dialed out to that 900 number racking up his phone bill. It also installed a key logger that logged everything Ted typed and mailed it to the hacker. They hacker had also installed software to remotely turn Ted’s web cam and microphone on and watch what he did and said. After observing Ted for weeks Andre hired a woman to pose as Cynthia on the day that he knew Ted’s wife would be away and set up software to capture the video and sound from the session he was planning. The whole plan went perfectly. Andre is a professional hacker. He isn’t greedy he uses greed and lust to trap others and realizes that it could trap him. This is why he only ask for an amount of money that he knew Ted could come up with without making Ted look too suspicious himself. As soon as Andre knew that the check was mailed he remotely triggered the rest of the software that he placed on Ted’s machine so that the drive would be formatted and André would leave no tracks. This is what makes Andre a professional. Andre has no pride and does not want to make the news media he is in it for the money and that’s all. Andre will never brag about this to others in chat rooms or anywhere else. You’ll never know he exists he lurks in the shadows.
This sort of scenario in all likelihood goes on everyday somewhere in the world. You will rarely hear of this making the news as the hacker is elusive and the victim is ashamed. Therefore it is nearly impossible to estimate the number of this type of hacker that is presently performing such exploits. We can ascertain that money is one reason hackers hack, it is a motivating factor. There is defiantly money to be made by hacking.
Not all hackers need to use the high tech programs that Andre did some use simple social engineering and low tech tactics very effectively. Jo Best describes this in a news article posted in ZDnet UK. Jo says this,” While criminal gangs are more widely associated with threatening denial of service attacks unless they get a kickback of thousands of pounds, it seems some are taking a more small-scale approach to extortion: now average PC users are being targeted.
Instead of £50,000, the criminals are making demands by email of a mere £50. Unless they're paid off, they threaten to tell the police about the child pornography they've installed on your machine.
There's no pornography there, obviously, but the threat and the (relatively) small amount of money involved will no doubt get a few people who haven't been exposed to the usual internet scams to reach for their wallets.
The 'child pornography' threat email follows the pattern of a scam of a few years ago where the criminals would threaten to take over a network or install a virus on it unless they were given $20 or $30.”(Best)[1]
This simple scam described by Jo may occur daily somewhere in the world. Her article may also reveal a tendency for hackers to operate in gangs. Using blackmail and extortion is not new by any means but the way that it is being used today is .In my introduction I wrote about the fast pace of today’s technology and how that speed is a factor in poor security that we have today.
On Thursday, November 13, 2003 CNN published a news article from Reuters called Blackmail latest scam for hackers. This is what the article stated,” As more homes connect to faster delivery systems, their computers are becoming vulnerable to hackers and virus writers who can turn them into "zombie" machines, ready to carry out any malevolent command.
Favorite targets for the extortionists -- many thought to come from Eastern Europe -- have been casinos and retailers.
"At the end of the day, this is old-fashioned protection racket, just using high-tech," a spokeswoman for Britain's Hi-Tech Crime Unit said.
On Wednesday, British cybercrime cops made a plea to companies to report attacks against their Internet businesses after a recent string of incidents with the blackmailing trademark.
Police have seen an increase in the number of distributed denial-of-service attacks targeting online businesses.
In some cases, the attacks, which can cripple a corporate network with a barrage of bogus data requests, are followed by a demand for money.
Online casinos appear to be a favorite target as they do brisk business and many are in the Caribbean, where investigators are poorly equipped to tackle such investigations.
In 2001, cyber forensics expert Neil Barrett said his company, Information Risk Management, was working with Internet casinos to shore up their defenses against a spate of attacks.
At the time, he said the denial-of-service barrages were followed by demands to pay up or the attacks would continue. He said the attacks appear to have come from organized criminal groups in Eastern Europe and Russia.
Police said because of a lack of information from victimized companies, they are unsure whether these are isolated incidents or the start of a new crime wave.
Whatever the motive, denial-of-service attacks are on the rise, coinciding with the proliferation of broadband deployment in homes. Security experts believe the increasing number of unsecured home PCs may be a major culprit.
New Internet- and e-mail-borne computer infections are hitting home computers, turning them into zombie machines.
Such infected machines can be told to send e-mail spam or even be used to initiate or participate in a denial of service attack against another computer.
"Home broadband computers are going to be the launching point for a majority of these," said Richard Starnes, director of incident response for British telecoms company Cable & Wireless and an adviser to Scotland Yard's Computer Crime Unit.”(Reuters)[2]
The article posted in CNN describes this dilemma very well by showing the consequences of a high speed technology coupled with hackers who work for syndicated crime organizations. If Al Capone were alive today he would more than likely use a broadband Internet connection and employee hackers instead of g-men.