Hacking in a Foreign Language A Network Security Guide to Russia Kenneth Geers Black Hat Amsterdam 2005 Briefing Outline 1 2 3 4 Russia as a threat Russia as a resource Crossing International Borders The International Political Scene Russia as a Threat Hacking Russian Perspective o Excellent technical education o Understanding of networks programming o 1980's hacked American software in order to make programs work in USSR o Now many skilled people too few jobs o Russian police have higher priorities Hacking Russian Perspective 2 o Desire for Internet access but it is expensive - Cheaper to steal access and services o Legit MS Office 2 months' salary o CD burner two weeks' salary o Russian outdoor markets - MS Operating System a few dollars o Hacking more social approval - Communal sharing culture Russia and Cybercrime o Russian hackers love financial crimes banks investment companies fraud piracy o Russian citizen Igor Kovalyev Here hacking is a good job one of the few good jobs left o Vladimir Levin in 1994-95 illegally transferred $10 million from Citibank - FBI NYC and Russian Telecoms traced activity to Levin's St Petersburg employer o October 2000 Microsoft traced attack to IP address in St Petersburg Russia Russia and Cybercrime 2 o High profits bring more investment - New techniques new revenue o FBI in 2001 millions of credit card numbers stolen by organized hacking groups in Russia and the Ukraine o Novarg MyDoom worm whole world impact o Russian MVD cyber crime doubled in 2003 11 000 reported cases o Arrests in 2004 - International gambling extortion ring - Russian student fined for spamming o o o o o o o o The international warez movement DoD SW piracy group founded in Russia 1993 Expanded internationally in the 1990's 1998-2001 over $50 million in warez 20 candy store FTP sites Godcomplex Sophisticated security includes encryption Operation Buccaneer Bandido and thesaint arrested Dmitry Sklyarov o Black Hat DefCon connection o First Indictment under Digital Millennium Copyright Act o Advanced eBook Processor AEBPR o Five Adobe copyright violations o Dmitry computer programmer and cryptanalyst o Long confession on FBI site o Cooperated in prosecuting Elcomsoft o Company acquitted o Victory for the EFF The Complete He-chsense GUIDE Fer Men Seeking A Russian Wife Social Engineering Russian St le Distance Relationships I'l' I ID 1 09 Name Maria Looking fora oantoer Age to 100 Black List Alphabetical Archive Scam-free search - - do the job for you Last month updates to the Black List HE-tread GUIDE - Read howto 51 read - arrested in 51 read Soviet Unions - How successful er Con rme prefil Age 32 Height 1 3 cm I 5' 8 Weight on ltgi 132lhs Color Grey Hair Color Light brown Hair Length Long Marital status Widow Children no ltids PEFSBHEIHW serious romantic tidy sense of humor caring economical Interests videos gardening che- listening to music trav We nt her email address It's only Russkii Virii o o o o o o o Internet access in Russia growing As is Russian malicious code Bagel Mydoom Netsky Motive money which Fuels other crime smuggling prostitution Keyloggers and Ebay Coreflood and Joe Lopez IIS Annihilation o Sophisticated HangUP Web attack o Compromises Microsoft IIS Internet Explorer o Appends malicious JavaScript onto each webpage on the infected site o Web surfers who viewed infected pages were invisibly redirected to a Russian hacker site o The Russian server 217 107 218 147 loaded backdoor and key logger onto victim o Snatched authentication info - eBay PayPal EarthLink Juno and Yahoo Russian Hacktivism o CHC Chaos Hackers Crew - Hit NATO in response to bombings in Yugoslavia with virus-infected email - Protest actions against White House and Department of Defense servers o RAF Russian Antifascist Frontier o Hacking your political adversary's sites morally justifiable Info War and Espionage o State-sponsored computer network operations o Robert Hanssen - - - - - - - veteran FBI CI agent C programmer Created a FBI field office teletype system Hacked FBI superior's account Mid-1980's encrypted BBS messages for handler Offered Russians wireless encryption via Palm VII Highly classified info for $ and diamonds Internal searches hanssen dead drop washington o National critical infrastructure protection Russia as a Resource Russian Hacker Sites RU PDFIITALDFFIU 5mm 5 31 Hacker Sites http thm h1 ru http ahteam org http cracklab narod ru http www geekru narod ru http hangup da ru http www xakep ru http www xakepxp by ru http www kibus1 narod ru http www hacker dax ru http hscool net http www xakepy ru http www cyberhack ru http www mazafaka ru http madalf ru http tehnofil ru http forum web-hack ru hscool net Civil Hackers' School FpamaHCRaa IHRona news in about school entrance exams Hosocrn mxone ELEMEHLI levels stndents Ia hacker gronEs 1-3 an WeHmca xsK_egcsoIe gt-Tum online education a links classes online ccsInsoI mi Knaccsr about Founder about webmaster good stuff iournal conference o5 DCHoBarene aeEiLracrepe xopomHe BEDIH Hartman site map some extra hacking run attestation entrance exam Hapra ca ra cnpsIr extra xser pal I actions ideas about site how to donate mones r sponsors banners arrecrauns assaMEH smut oIssIast ca re Haxnoxteprsoaars crLoHcopsI EaHHegsI School Fonncler cn on aTesu Ill ROSIE-I lira alca Ami the Hacker Haas alca Apart Easter DCHoaarenL founder of our sshsoi The date of our ZiaIa 9 nerta ps 1995 school foundation is - 9 dec 1995 Since Iona Toro nanEKoro Hubs this moment jra 1E71adimiro rich rules the - omit school update methodics of meronHBoI rquIepHH teaching and criterea of levels etc Ha onenjoomn s-EoseI-rs etc r3 Pa men rovn E-aa mineral I -am sum - HT mum in wan-123 1 5 I'll HEBHFELLHFI Li _ JLI a pu Ha CyberHaEIl - nop ln I'll HaonHTacb a ana Ha pacypca Ham unpo maT-apuanhl EEKFIETHHIE orr'gn Ha caps-an Ul 6 FnaaHan TpaHuua ELEEDEHHDE Ham 0 HPUEKTE u aaHthTaThm ApJ-ma CUD QEHuncnengwepa if 5 3DHEI Downlcad CTaThu CHCTEMB JarazuH AyqunH anym canzb Xaxepcme mni 'hl ncana EFFIDFD HuanEHue HepenTn achy LlaHTpaanhu'FI Exam 3 l'lpG Tll Exan a 30mg EQMIIHIIETDETCDEI EEHTE an DFHFI Ha cal-ha Elai aim-ET xansiaa ICQ - EEMH3HEHI-CL-1 danpw no MaTEpHanhI ma aaEmdsa Ha BaEMaL rapua MHIZIFDE npvroa Elhl HuxaTa Kai-C Hama Tar saparHL rpHp-DaaHthx nonszaaTana Tar MDHETE name BEHIEHEHIO Ha Hana-cm nop lna WE-menu IIEI Tana l-lDLlEl-lla DAIIH ll TST fl FE l'thEl xa epKy-Hnanu y neiu Remy EMEH scannamn Nienezn Kypcar Hanan auahk yu k mern Rendc hem Hun-em 25 144 31 menuuii 5 31 35 13 15 41 Rendn EBJUEIEDUE ESEDEIEDDE Rondo Rendc Rondo an EBEDEIEDDE Taicymn amp-04 Knm-Inr crpencrnu paapa Era-mu an Delphi CEILIilclar Visual I Visual Studio KD-avalnp pvrne fly-rem npurpaymm-una I Pascal Asaambl-ar PHP Java Perl HTML ' pvrne PEEynhTaTb 299 CHM-EUR SEEK www cyberhack ru motto Hackers Attack Defense Programming Beginners Warez Software Programs Site Map Main Training News Archive Resources Download Articles Search Discussions Forum Hacker Tools Port Scanner Anonymous Email DNS Informer Statistics Most Popular Friends Resources Free Stuff Articles by Topic Hacking Programming Defense Systems Warez Virology Intrusion Apxme CTaTel x I Archive of Articles EvberHackJ'IlU - Iil Hep-bl Hanan Balm-nil magnum-I Ba EuchT npnm BEE CEITIJH 3333373 333131333333 3333333 H3 IRIS H3333mu H3333 - 5 3 3 i3333333 1333T 33333333333133 3333333 3 33T3333 33333331 33133333331 F333333 3 3 333 - 33333333333 i33313 33 33r 133r3T3333 3 3333333 33333331 3333333I3 333 3133 4 333333E3T333 EIrutua MHT3333T KP 33 33 333333 H33 33333373 33 53333331 - 333Lu3 Hal-I MEI-I13 pi pas npuqmenu Eannhl 5 4 5 llaTa 2005-03-1 2DDE-D3-13 2005-03-13 2005-03-12 2005-03-10 2005-03-1D EDGE-DE-DB EDGE-DE-DE EDGE-DE-D3 EDGE-DE-ET 2005-02-2 2005-02-22 3335-33-31 3 Downloads Security Passwords Miscellaneous Trojans Defense Literature Attack Programming Scanners Top Ten Downloads The only tool above same name currently on the www insecure org Top 75 Network Security Tools is the Retina Scanner at #21 on 3 20 2005 Discussion Forums How to hack How to defend Social Engineering Phreaking Programming Operating Systems Off Topic Contact Info People White Black Lists Trinkets Buy and Sell Results for kremlin ru Port 80 Open Service HTTP Hacker Tools TCP Port Scanner Anonymous E-mail DNS Informer Big brother is always watching over you don't forget Administrators and Contact I1 pueme Drberh a dc RU nmaH I LlEfleJ EEDFIE no nal-Ian xaI-ca a TEN-axe mm xaI-cepna - ma DEMEHEI FIEBFIEIEDTHZEIMH Emu EI- naHHn aEnaL-m npucnenHHn Tecb H aann HEM Ha Hanane El Elhl Enema EVAETE H EHEHEIFI n- I xameprrayr Dpranuaa mpm nap- nal nupTana ninana Earl-c E-Mail E-Mail hulcd q-berhachru dark cyberhackmu HI 9mm HE HDHE-HT B- 4 4 1 454 nonbanaaTene 3a El nanbauaaTene Ha cairn unvE-nmcu-H-anu lEIl lEIl daa n-JB 2 Ehlnm-c 21 5 canEmEHH Ha 2 amp-2 05 ED HZEIHHEHTEFIHEE H Erwin-cam unpncam Ita nard saitnamt 1-1- 14 Coenam qapToBo 11 4 Flame ta Ta 1-1- FnaBHoe Hemo I'nasHan oToaHHLia Pasnenbl l'nasi tan D soobr HDOEHLTBI l laoTHeobi l'ooTesan KoHTaHzTisr HBC I'ilr'iLLiVT Pertnana Ha caiiTe NET ADD NET CosoaHue OTHETCIES l'loHuMai me SOAP Be ceoequi BB is Visual Basic NETFrarneworlc Visual 11 NET DNS is NEF CDM Assemblies o ooior 'Rernoting is NET ASPNET nouneoax Windows Forms XML E1 NET Visual Studio NET XAML t I'looneoHee Ha chooyne 1 anon dnopMaTe fume ErneitTooHHbie EBooks 1 l'loncnamme HEIH 1 UdpJr Buffer Size Bonpocsi no ceTsM 1 Trial DBLuue eonooter 1 4an Bo rland lC Builder 1 Timage Myneruneoua 1 l'loHorHTe PHP 1 HO Basaor ras nnomaob 1 Aspmet QSPNET 1 Ter spar-CH1 Line seE HatTeoa 1 Dopnbi nonbsoearenetsoro 1 SQL Server 20135 septum miner-131111 11 CTCIHMCICTI 1 oorpaMMHas DataGrid 1 PHP MononesoeaHHe VoaneHi ibm'rernote cba nos 1 Xoar rer me XML oaHHsix Sto ring XML Data l ioon ear me banner 1 VBto 1 0 1 Instrumentation Model Kit 1 1 1 Draclegi i loorparvirvmoosai me Ha sserme 1 Framework SDK Beta 1 X815 1 Wroy Professional I'looneoHHe Hosoom pan HonnepueCHHx aoanbo BeneTe nooroannutT saHHMaiomu cs oasoa omo nooroann omobinIn motion oEBaneT Motorola 11 eu_ie' 12 KonnaHu Heneraanon uononbsosannu Linus TosHee Ton Te uononeswor omobiwio DC nuueHsnu GPL no oHa 11 oatnootToaHseTos Hoopo r ree chow- Ia opener WEB Java VB DirectX DoenGL Pissernbler NET Framework HHTEDHET CETM lusai i i roacbuita Pasrosoobr Ceomcbusauus PowerBuilder Microsoft Df ce Heneso Codn' Konnunsropm 'Vnasosmumu orofHers B testers PeoaHTooerooa PeeCTo ' esonnunsToom 'addons exoens CosoaHuecnoaeHH usaooen neom Free Translation Services o www word2word com o www google com language_tools - non-Euro Japanese Korean Chinese o www babelfish altavista com - up to 150 words or a webpage o o o o www translate ru Russian site www freetranslation com www translation2 paralink com www foreignword com Tools transnow htm - 1600 language pairs Commercial Translation Software o o o o www lingvo ru Russian site www worldlingo com www tranexp com www babylon com - free trial version download o www allvirtualware com o www systransoft com o www languageweaver com - several prestigious awards Software and Translation o Natural Language Processing NLP the subfield of artificial intelligence and linguistics that studies the processing of NL English Dutch Russian etc - Devoted to making computers understand human languages o Machine translation MT computer translation of texts from one natural language to another - - - - - Considers grammatical structure Renders up to 80% accuracy Draft-quality not for literature or legal texts Humans still need to pre- and post-edit proof-read Goal is no human intervention Translation Software at Work 1 Smashing The Stack For Fun And Profit by Aleph One aleph1@underground org smash the stack C programming n On many C implementations it is possible to corrupt the execution stack by writing past the end of an array declared auto in a routine Code that does this is said to smash the stack and can cause return from the routine to jump to a random address This can produce some of the most insidious data-dependent bugs known to mankind Variants include trash the stack scribble the stack mangle the stack the term mung the stack is not used as this is never done intentionally See spam see also alias bug fandango on core memory leak precedence lossage overrun screw Translation Software at Work 2 smash aleph1@underground org stack -zavisimyx mankind scribble mung spam alias fandango lossage Babel Fish Translation Translation Software at Work 3 To break Stack For The fun I of the profit To alepyu one smash aleph1@underground org stack h programming n na many vstavk h as far as possible to korrumpirovat' the stack of the performance by way writing after the end of the automobile of that declared by block in the regime Code makes this they are said which breaks stack and it can cause return from the regime to the gallop to randomly the address This can produce some of the most insidious it is given zavisimyx cherepashok znannykh to mankind Versions vklyuayut trash stack scribble stack mangle stack term mung stack it is not used as this is never done prednamerenno See spam see also alias bug fandango on the core the leakage of memory lossage precedence the screw of overrun Russified Software EngliSh uer5inn 3 WHEN g f Hiaiggahmzugratrg PAC 'l a I a WindnwI ll - '1 i Rus'si-an Hal- 3H FAB at I Ital Crawch p-a maer Ban ytn-annmnu- nunnepm a pr nm l-l-aBD Cnmm Emarngap- mm Payeredby u anp Fan Hunt Russian pach Alt Gr Etrl Crossing International Borders in Cyberspace Four T Plan o Tribes - Anthropological history culture law o Terrain - Infrastructure publications traceroutes o Techniques - Hacker sites groups news malware o Translation - Leveling the playing field ray-on GT mm- atly I'm alfl'hil l'i ll Fm Honk-Jun Slaw Emma CLILal umul i 1 F Elmgr I I xii II - I - - I- Il'asilavs kiIr as Pusangar Seaman chuI'NIruuar-IN may-l I mr In r mnmquImgI-EI - #anan in mm 2 mmnu miu Ilu I I-ni'wr' I a Muf m -i ' um m mmu I I beurgs ya SIOIO - er fxi I_l 2 Lvne l I 3 II im is conslrunlmn asthma-11 1mm I luxnrs - Emma-33 - I WW Jununv uu warm-am mini-Min IL - lid menu ma-c i I- x AL - Russia IHI-IIJISII - HIE WHEN xhg'hv u g nomui' MI ISCUW Iliill'iI'I I'Ipyr A iI - -W-Ilw-u IIm-Iu-uu-p CW Ola- mum nun-unq- Ohm-hm Inn-mun 5 mm lawn lug- Wild Faun-tau Iran-Jung Briana- J Ion-mm PM mun hind-Inl- Amw man-mm 0W Rostelecom annen I mp em El trpeznmai n HEP-333M cpezmzi-Ift Ema-Juli npym-reme-re Panzer-EH E33311 Russian Telecommunications o Internet country codes ru su o Internet hosts 600 000 Users 6 million o Telephones 35 5 mil Cell 17 5 mil - digital trunk lines Saint Petersburg to Khabarovsk Moscow to Novorossiysk o International connections - three undersea fiber-optic cables - 50 000 digital call switches - satellite Intelsat Intersputnik Eutelsat Inmarsat Orbita - International Country Code 7 o o o o RUNET or Russian Net Russian cyberspace Everything Russian AND Internet All online content generated in Russian inside Russia o Aimed at Russian community worldwide o Includes not just the hackers but the 'stupid users' as well and donkey Internet Usage in Russia Dietributien ef the total number ef Internet users by the regions Tetei TGGEE 14 9 The Ureie 5% D 5 Neitiiweetern i 5% 2Centrei i Meecengi i re 2 5 Seutiiern i i Ueige Beein i 59E- 2 41 Siberian i 3% 1 9 Fer eetern dig-E D Sweden Netherlands Australia UK Germany Spain Italy France Elrazil RUSSIA Internet Usage by Country Percentage of Internet users in the following countries of population Note calculations for countries other then Russia made based on the Nielsenl'iNetratings Fourth Quarter 2002 data The sample includes those aged 16-1 and doesn t include those not having Fixed Telephone Line Germany UK Italy France Brazil Spain RUSSIA Australia Netherlands Sweden Number of Internet users in the following countries millions 1e 1s 11 9 5 15 Note Calculations for countries other then Russia made based on the Nielsenm'letratings Inc Fourth Quarter 2D03 data This data includes Internet users aged 15-1 and doesn t include those not having Fixed Telephone Line Rostelecom umbpoaan ceTb 0A0 Ha nepnon no 2005 ron a LMl-l -'rs BA Rum-100 90 an O'rlunonap-i 14am 6 A Mu mmnma Emeline nauua f H Mypuancu Honmua pu anruxa 1 Cunarnp ypr 1 OCOMDOMODCI Kan- hump I A How-pm armament- F gunmen 53 2f '65 55 Hepcxn Anaemia Bonouanu Kan-4m Ou nqnnun A Kan-men Kavaura Taintmup Fa Ed A Kauemu-I A Bonrouan Canexapn I praHHa He ot capu Knrancn nropo n own A ch-Kyira Aenwavc In Ksmumarw - I Junta Typu I Hononocc - 0 v I y I ay-mu Kpacn - Euavepuu ypr TIOMGN- yer Kn Conn Mai-mt I len uH-c u Munopnn 080w ODEHEVDF Kyprau rpya Nam-54m t In manna Fposnu CIDBDPOMND Commune unam- Mountain Ka3acha A3ep6a nxau Mm - nouu Kurau If HGIOMB Elm anamrmua almarmocnle Kan waumnma cr mum Kopea mu I Gym-cum nmnummuum Imy I 2000 r Wye-In numll ummno-omuacum a pumpanan nun-mu new a mum Q Cymocnmuo nun-um cranium Fr nammum scum man unn one A -yaen naturism-lacuna muuytaunu A usurp mm - cramull Golden Telecom GOLDEN TELECOM NETWORK TOPOLOGY CIS All channels Terrestrial channels Satcliim channels IP channels El - Evan-II m 4mm 11 mm m fir- mm Learning to Fish Traceroutes o o o o o o o o Maps the routes data travels across networks Gives physical locations of Web servers and routers Possible to plot these on a map Determines connectivity and efficiency of data flow Possible to determine who owns the network Possible to trace unwanted activity like spam Can help in finding contact information Can report type of remote computer running Szczecin Tracerouting Russia Report for 194 226 82 58 Lithuania 'Kaliningrad Poland 'Warsaw 'Kra kow Sl vakia 'Gr r Miskolc BEIHFUS Russia Location Russia Iatflon 55 45n S 42e source NETwhois ripe net type guess place-key ru capital city geo-lcey ru-moscow-e igatatgeoado 'Kiev 'Kharlrov Ukraine Dnepropetrovsk R88 Zaoorozh re 'Donetsk IP Address Node Name Location Network 182188 83 85 8 128 1 12 124 235 13 12123 8 42 12 122 11 12 12123 8 11 213 248 88 33 213 248 88 13 213 248 84 33 213 248 85 38 213 248 85 42 213 248 88 88 2121882228 185 181 2134 184 228 82 58 SboxST tbr2 p8t ggr2-pSt ash-I381-pos2-2-8 telia net nylr 882-pos8-3-8telianet s bb2 pos 8 8 telia net mow-ht-posl -1 telia net Wkremlinru 9 New Castle DE lulidclletown NJ USA Washington DC USA Washington DC USA Washington Russia private use Lamont Digital Systems Inc LDS ATSJWorIdnet Sewices ATSJWorIdnet Services 22-8-8 ATSTWorIdnet Services 22 8 8 Senrices 22-8-8 Telia International Carrier Telia International Carrier Telia International Carrier Telia International Carrier Telia International Carrier Telia International Carrier Rostelecom Internet Center 9 69999699999699 RUSSIAN STATE INTERNET Roundtri time to 21 T 1 882 228 auera-e 152ms min 148ms max 1T2ms -- 23 83 2885 22 28 22 CollaseTatJIe TraceReport bat tracert 303 shkola spb ru tracerpt txt tracert acorn-sb narod ru tracerpt txt tracert adcom net ru tracerpt txt tracert admin smolensk ru tracerpt txt tracert agentvolk narod ru tracerpt txt tracert alfatelex tver ru tracerpt txt tracert anarchy1 narod ru tracerpt txt Traceroute Map of Russia New York Stockholm Arkhangelsk Kaliningrad Sakhalin 12 123 3 x att net New York 193 10 68 x nordu net Stockholm Sweden 193 10 252 x RUN net Moscow Russia 193 232 80 x spb-gw runnet ru Federal Center for University Network 194 106 194 x univ kern ru Kaliningrad Russia Kaliningrad State University 62 84 193 x Sweden SE-COLT-PROVIDER 217 150 40 x transtelecom net Russia 213 24 60 x artelecom ru Russia 80 82 177 x dvinaland atnet ru Arkhangelsk Russia 80 82 178 x www dvinaland ru Arkhangelsk Russia 213 248 101 x telia net Telia International Carrier 217 106 5 x RTComm RU Russia 195 72 224 x sakhalin ru Sakhalin Russia UBTS Yuzhno-Sakhalinsk 195 72 226 x www adm sakhalin ru Sakhalin Russia Regional Admin of Sakhalin Island and Kuril's Major Russian IP ranges o o o o o o o o o o o o o o 193 124 0 0 - 193 124 0 255 EUnet RELCOM Moscow 193 125 0 0 - 193 125 0 255 Novosibirsk State Tecnical University 193 233 0 0 - 193 233 0 255 FREEnet NetworkOperations Center 194 67 0 0 - 194 67 0 255 Sovam Teleport Moscow Russia 195 161 0 0 - 195 161 0 255 Rostelecom Internet Center 195 209 0 0 - 195 209 15 255 Russian Backbone Net 195 54 0 0 - 195 54 0 255 Chelyabinsk Ctr Scientific and Tech Info 212 122 0 0 - 212 122 1 255 Vladivostok Long Dist and Int'l Telephone 212 16 0 0 - 212 16 1 255 Moscow State University 212 41 0 48 - 212 41 0 63 Siberian Institute of Information Tech 212 6 0 0 - 212 6 0 255 WAN and Dial Up interfaces 213 158 0 0 - 213 158 0 255 Saint Petersburg Telegraph 213 221 0 80 - 213 221 0 83 SOVINTEL SHH NET Moscow 217 114 0 0 - 217 114 1 255 RU SKYNET Offensive Russian IP Ranges o Bob's Block List BBL - Spammers mail ru ufanet ru hotmail ru nsc ru id ru all banner relcom ru o www spamcop net - no Russian IPs listed o The Spamhaus Project Russian Government Portal I 253mm mccn cmn mEnEFAm-m ncnonHMTenhI-J Fuccmc u mcm cm mmEFAunn menamum Puccn cxa mEnEFAumn menEPALu-m EHABTH k3 POCCHH - Mozilla Firefnx QIE Elle Edit Eiew Eu aakmarks Iaals Help - gal VI Ga E 9 Getting Started LU Late-3i Headlines Cara-nu ue rneur 3 l'luucx Kama nail-r5 English version i Poem-1H president of Russia - Mozilla Firefox r J Elle Edit Eiew Help reaidenthremlin @i Ga Cy abitwnnEHRR auuyMEHm nREaimEHr - direct speech HEPBDE imuo - SPEECHES Ha came - PRIORITIES PRESIDENT INSTITUTIONS ATTRIBUTES THE HEAD OFSTATE u SENDMETTER Mthe Eme _e ideni held 3 MEDIA meeting anihe liquid lion afihe r-a quer lithe taunami in South E Today is February 3 Thursday Search Site map Russian version 3 Flu enma 1-1 I l' l'l II '1 ALBLI All a w The Anni the Allied Landing in all updat 5 Russian Cyber Crime Office Understanding C Crime Information Protection Laws Anthology Information Security in Russia Computer Criminals C Crime Units SORM Send an E-mail Library Forum Cybernetic Police http www cyberpol ru cybercop@cyberpol ru Cybernetic Police Principles Objectives Goals Challenges Types of Threats Physical Threats Means Subjects Directions Official Russian Designations card - - phreacker - cracker - - C Crime Statistics to 1982 CTATHCITEICA EDMILBIG IIPECDILJEHEE P - rm Earn-ram H511 Pu Curl-1 51 Km HILIOTEPELLD Russian Cyber Crime Fighter - 1995 - 40 2 2 - 4 - 3 E-mail Vehov@avtlg ru Web www cyberpol ru - Dialogue with Top Cyber Cop Kenneth Geers - 89 89 divisions of a National central bureau of Interpol of Russia E-mail - Interpol - FBI USA - To whom should I direct questions on information assurance How should I send you suspicious network information Windows Linux Solaris Does this pose a threat to Windows Linux Solaris When is the last time you backed up your data Can you draw me a diagram of your network Do you think this threat was directed at me personally Regional Offices http ndki narod ru links MVD_online html Altay Kirov Mordoviya Kostroma Tatarstan Lipetsk Chuvashiya Nizhniy Novgorod Altay Orenburg Krasnoyarsk Samara Primorskiy Tambov Stavropol' Tula Ul'yanovsk Arkhangel'sk Chita Vladimir Voronezh - Khanty-Mansi International Law Enforcement Links at Cyber Criminals Most Wanted Website www ccmostwanted com for 67 countries cybercrime laws in place Andorra Argentina Australia Austria Belgium Brazil Brunei Canada Chile China Czech Republic Denmark Fiji Finland France Georgia Germany Greece Guam Hong Kong Hungary Iceland India Indonesia Iran Ireland Israel Italy Jamaica Japan Jordan Korea - North Korea - South Latvia Lebanon Liechtenstein Luxembourg Malaysia Malta Mexico Netherlands Nigeria New Zealand Norway Pakistan Peru Philippines Poland Portugal Puerto Rico Russia Singapore Scotland Slovenia South Africa Spain Sweden Switzerland Taiwan Thailand Trinidad Turkey Uganda Ukraine United Kingdom United States Uruguay Yugoslavia Links to UK websites include Child Pornography Consumer Protection Cramming Cyber Rights Civil Liberties Financial Services Authority Harmful or illegal website content Internet Police Internet Watch Foundation Missing Kids National Crime Squad Specialist Crime OCU Fraud Squad National Criminal Intelligence Service National High-Tech Crime Unit Nigerian Scams Pedophile Activity - Newsgroup Pedophile Activity - Website Pyramid Schemes Serious Fraud Office Victim Support NCW 1 0 Backdoor NCW Kaspersky BackDoor-FE McAfee Network Crack Wizard F-Prot Trojan PSW HackPass A-311 Death Backdoor Hackdoor b Backdoor Haxdoor for pdx32 sys Backdoor Haxdoor e Backdoor Haxdoor g FDar TrojanDownloader Win32 Fidar 10 BackDoorDownloader-CF trojan TrojanDownloader Win32 Fidar 11 a Secret Messenger BolsheVIK's Sec v1 Secret Messager AntiLamer Light Antilam Backdoor AJW Backdoor Antilam Dialer DQ Pa Trojan PSW AlLight 10 a Trojan PSW AlLight 10 b Trojan PSW AlLight 11 d Trojan PSW AlLig Trojan PSW AlLight 21 AntiLamer Backdoor Backdoor Antilam 11 Backdoor Antilam 12 a Back Antilam 12 b Backdoor Antilam 14 a Backdoor Antilam 14 c Backdoor Antilam 20 a Backdoor A Backdoor Antilam 20 k Backdoor Antilam 20 m Backdoor Antilam g1 BackDoor-AED trojan PW rojan Barrio Barrio Trojan Trojan PSW Barrio 305 Trojan PSW Barrio 306 Trojan PSW Barrio Trojan PSW Barrio 50 EPS E-Mail Password Sender Trojan PSW Eps 109 Trojan PSW Eps 15 Trojan PSW Eps 161 Trojan PSW Eps 165 Trojan PSW Eps 166 M2 Trojan jan Win32 M2 147 PSW Hooker g Trojan PSW M2 14 Trojan PSW M2 145 Trojan PSW M2 148 Trojan PSW M2 Trojan PSW M2 16 Zalivator Backdoor Zalivator 12 Backdoor Zalivator 13 Backdoor Zalivator Backdoor Zalivator 142 Naebi AntiLamer Toolkit Pro 2 36 Trojan PSW Coced 236 Trojan PSW Trojan PSW Coced 236 d Trojan PSW Coced 238 Trojan PSW Coced 240 Trojan PSW Coced System 2 3 Backdoor SpySystem 23 Backdoor SpySystem 23 Kaspersky Win32 Lom Kaspe Win32 Lom for server Backdoor Agobot Backdoor Agobot Kaspersky Backdoor Agobot cr Ka Backdoor Agobot gen Kaspersky Backdoor Agobot ik Kaspersky MS03-026 Exploit Trojan C Associates W32 HLLW Gaobot gen Symantec W32 Gaobot worm gen McAfee Win32 Agob Computer Associates Win32 Agobot NO Computer Associates Win32 Agobot 3 GG trojan E Win32 Agobot 3 LO trojan Eset Win32 Agobot IK trojan Eset Win32 Agobot NO Worm Comp Associates Digital Hand Backdoor DigitalHand 10 DigitA1 hAnd Lamers Death Backdoor Dea Death 22 Backdoor Death 23 Backdoor Death 24 Backdoor Death 25 a Backdoor Death 25 b Backdoor Death 25 e Backdoor Death 25 f Backdoor Death 25 g Backdoor Death 25 i Backdo Death 25 k Backdoor Death 26 Backdoor Death 26 c Backdoor Death 26 d Backdoor Death 26 Backdoor Death 26 f Backdoor Death 27 a Backdoor Death 27 b Backdoor Death 27 c Backdo Russian Malware Kaspersky Labs o Highly respected anti-virus lab o 15 years anti-virus and spyware R D o Accuracy and frequency of updates hourly wellregarded o Former Soviet military researcher o Say criminal elements now responsible for 90% of malicious code o Says more cyber crime from Brazil than Russia o The most hated man by Russian hackers o Connections to law enforcement AFTISPA ELRU Reading Email Headera W 5am5pade nrg cyberpnliCEJu netlaw ru CI 23 11 manna-3 121 nib Liam- 1 wasps Cl a KEITEIFIEIM rpaMUTHn pacexaablaaem IIFI HHTEDEEHEH CHI rEHepaLu-1L-1 mum ECTI npnaepmb cnun Cepaep anaan FFEIJJ bl Hagan EEIHEII cu FEM Fcepaepa ECTI am CHEM El Emu EH yawn 31' emu - 3n EGMDIIKBT Bax 3am MEI-EEG Gmpaan'rh Hm Hcamrh 113 pamamenna Ha Ea panama-3' HpaBIma iEaLu email npnemn npb e Homucamm EU HGHCE Ha ail-r Harem a Hip PRIME lilE mpgr mme u - ijlaedufcyberfcaaesfapam html Cme HbIe nena cnamepaa Knnuuemau nnucaHH cyne Hblx nan HEI cepaepe Hflpunuuecm eran Emma Mapmanna CnamammemmaHLu-m lml-IEI l 321151 53 3 15 English-Russian Hacker Lexicon English account banner blog browser ash cache chat domain e-mail flame host hosting java javascript hacker Internet P Pronunciation account banner blog browser ash chat domain elektronaya pochta flame host hosting zhaba zhabascript hacker internet English-Russian Hacker Lexicon English login nick patch programme screenshot server site spam tools user warez web zip P Pronunciation logeen neek patch programa proga screenshot server site spam toolza user vaarez veb zeep Local Cyber News o Reading the local newspapers - - - - - - - - http www gazeta ru http www lenta ru http www kommersant ru http www itogi ru http www izvestia ru http www mn ru http www mk ru Putin keen to set up IT park efforts underway to identify site potential for much cooperation with India One Word English German Italian Portuguese and Norwegian Hacker Russian Dutch De computerkraker hakker Arabic El Qursan 'Pirate' Hebrew Chinese Spanish pirata informatico Korean Japanese Greek French Fouineur bidouilleur The International Political Scene International Law o Currently ill-suited for cybercrime o Internet a borderless medium - Cannot apply nation-state style borders o Definitions of cybercrime vary - Likewise the punishments o Extradition of criminals - Difficult on many levels o Bounty hunting Microsoft o Tapping fan-base Half-Life 2 Extra-Territoriality and Cybercrime o o o o o o o Impossible to examine all foreign packets High level of anonymity on the Web Scarcity of good log data and expertise Digital information can be destroyed quickly Evidence should be secured ASAP Cultural linguistic and political barriers Traceback involves time lags The FBI Sting o 2000 FBI learns hackers cracking banks ISPs and other firms in U S o Activity traced to Russia o Failed to acquire Russian assistance o Took unilateral action with U S search warrant o Invited two Russians to Seattle for interviews o Sniffed keystrokes for usernames passwords o FBI officials never left their offices in U S o First FBI extra-territorial seizure European Cybercrime Convention o Global cybercrime task force like Interpol o Opposition concerns - Civil liberties abuse of data sharing - Poor relations between certain countries - Big obligations on ISPs - No cross-border searches even in hot pursuit - Need to consult with local officials - Universal consent safe havens Remote Search and Seizure o Inconsistent with international law o Reconnaissance often uses universal media for observation in other countries - Binoculars telescopes surveillance aircraft commercial satellites - personal interviews mass media o Network recon any different - No physical entry o Invasion or picture taking International Law The Future Voluntary participants need three things o Technological capability o Legal authority - Territorial Sovereignty o Willingness to Cooperate - Including ability language cultural political barriers o PRC CERT One person and he only speaks Chinese References Aleph One Smashing The Stack For Fun And Profit Phrack 49 Volume Seven Issue Forty-Nine File 14 of 16 Available http www insecure org stf smashstack txt Banisar David Cybercrime treaty still horrible SecurityFocus December 14 2000 8 00PM Available http www securityfocus com news 124 Billo Charles and Welton Chang Cyber Warfare An Analysis of The Means And Motivations of Selected Nation States Institute For Security Technology Studies Dartmouth College Revised December 2004 Blau John Viruses From Russia With Love IDG News Service Friday May 28 2004 Available http www pcworld com news article 0 aid 116304 pg 2 00 asp Brunker Mike FBI agent charged with hacking Russia alleges agent broke law by downloading evidence MSNBC August 15 2004 Available http www msnbc com news 563379 asp cp1 1 Delio Michelle Inside Russia's Hacking Culture March 12 2001 Available http www wired com news culture 0 1284 42346 00 html Federal Bureau of Investigation FBI Says Web 'Spoofing' Scams are a Growing Problem Press Release July 21 2003 Available http www fbi gov pressrel pressrel03 spoofing072103 htm Freeh Louis J Before 9 11 -- and After Op-Ed Wall Street Journal April 12 2004 Available http ctstudies com Document Freeh_WSJ_OPED_12APR04 html Gebhardt Bruce Deputy Director FBI Speech to the International Security Management Association Scottsdale Arizona January 12 2004 Available http www fbi gov pressrel speeches gebhardt011204 htm Goldsmith Jack The Internet and the Legitimacy of Remote Cross-Border Searches Public Law And Legal Theory Working Paper No 16 The Law School University of Chicago Available http www law uchicago edu academics publiclaw resources 16 JG Internet pdf Ilett Dan Russia's cybercrime-fighting Bond villain ZDNet UK January 13 2005 Available http www zdnet com au insight security 0 39023764 39177092 00 htm Key-loggers rip off eBay users ContractorUK January 18 2005 Available http www contractoruk com news 001903 html Kvarnstrom Hakan Attitudes toward computer hacking in Russia Lecture notes in Information Warfare in CyberCrime September 3 2001 Available http www cs kau se stefan IW CC_4-5 pdf Legelis Kim Combating Online Fraud An Update Symantec Corporation Available http informationintegrity com article cfm articleid 100 Leyden John Chinese puzzle hampers banks' phishing fight The Register November 3 2004 8 58AM Available http www securityfocus com news 9849 Leyden John Four charged in landmark UK phishing case The Register October 15 2004 7 54AM Available http www securityfocus com news 9731 Leyden John Gone Phishin' The Register October 30 2003 8 36AM Available http www securityfocus com news 7331 Leyden John IE patch 'imminent' The Register July 30 2004 7 41AM Available http www securityfocus com news 9245 Leyden John US credit card firm fights DDoS attack The Register September 23 2004 8 00AM Available http www securityfocus com news 9570 Mosnews Russian Anti-Virus Maker Kaspersky Lab Launches into U S Market Feb 2 2005 Available http www mosnews com money 2005 02 08 kaspersky shtml Most Web Users Safe As Major Net Attack Slows Available Available http www crn com sections breakingnews dailyarchives jhtml articleId 22102320 O'Flynn Kevin Canadian Helps Bust Bride Scam March 5 2005 Available http www themoscowtimes com stories 2005 03 05 012 html Orlowski Andrew Elcomsoft not guilty - DoJ retreats from Moscow The Register December 18 2002 6 51AM Available http www securityfocus com news 1867 Poulsen Kevin Spy suspect had skillz SecurityFocus February 22 2001 Available http www securityfocus com news 157 Rocich ru Available http rocich ru article 5 Rostelecom Russia Today Business and Economy Available http www russiatoday ru en biz business lead_com 3181 html Russian Apache Available http www web ru Resource Saytarly Timofey Russia cyber crime doubled in 2003 Computer Crime Research Center January 30 2004 Available http www crime-research org news 2004 01 Mess3004 html Sherriff Lucy Spam villains named and shamed The Register February 27 2004 8 21AM Available http www securityfocus com news 8143 Srinivasan Arun Combating Cyberterrorism How to avoid the scourge of a denial-of-service DOS attack Line 56 February 01 2005 Available http www line56 com articles default asp ArticleID 6315 Srinivasan Arun Combating Cyberterrorism How to avoid the scourge of a denial-of-service DOS attack Line 56 February 01 2005 Available http www line56 com articles default asp ArticleID 6315 The Internet in Russia The Public Opinion Foundation Database 7th Release Spring 2004 Available http bd english fom ru report map eo040701 U S Congress Senate Committee on Appropriations Cybercrime Testimony by Louis J Freeh Director FBI February 16 2000 U S Congress Senate Judiciary Committee and House Judiciary Committee Cybercrime al Testimony by Michael A Vatis Director National Infrastructure Protection Center FBI February 29 2000 U S Congress Senate Judiciary Committee Cybercrime Testimony by Louis J Freeh Director FBI March 28 2000 U S Congress Senate Judiciary Committee NIPC Cyber Threat Assessment October 1999 Testimony by Michael A Vatis Director National Infrastructure Protection Center FBI October 6 1999 U S Department of Justice Defendant Indicted in Connection with Operating Illegal Internet Software Piracy Group Press Release March 12 2003 Available http www cybercrime gov griffithsIndict htm U S Department of Justice Russian National Enters into Agreement with the United States on First Digital Millennium Copyright Act Case Press Release December 13 2001 Available http www cybercrime gov sklyarovAgree htm U S Department of Justice First Indictment Under Digital Millennium Copyright Act Returned Against Russian National Company in San Jose California August 28 2001 Available http www cybercrime gov Sklyarovindictment htm U S Department of Justice Operation Buccaneer Illegal 'warez' organizations and Internet piracy Last updated July 19 2002 Available http www cybercrime gov ob OBorg pr htm U S Department of Justice Valley Man Indicted in International Software Piracy Scheme Press Release November 26 2003 Available http www cybercrime gov stjohnIndict htm Volga to Ganga The Times of India January 28 2005 Available http timesofindia indiatimes com articleshow 1002829 cms Available http www rusyaz ru is ns                     National Security Archive    Suite 701  Gelman Library  The George Washington University    2130 H Street  NW  Washington  D C  20037    Phone  202 994‐7000  Fax  202 994‐7005  nsarchiv@gwu edu