CHAPTER 1: BACKGROUND

The software that is used to disrupt, steal, or manipulate is often referred to as malware, crimeware, or hackware. In this pocket guide these terms will be used interchangeably.

In recent years there has been an influx of commercially available “attack toolkits” to help wannabe hackers create and propagate their own malware without much technical knowledge of computer programming. The underground environment promotes entrepreneurship and allows buyers to subscribe to attack services or buy attack toolkits in bulk, using online shopping carts and paying via Western Union and PayPal.⁶

Attack toolkits are usually bundles of software libraries that can be used to put together an attack application. The pre-written code in these toolkits exploits new vulnerabilities found in commercial software (aka “Zero Day” vulnerabilities), as well as provides various tools to customize and automate attacks on networked computers, such as command-and-control (C&C) stealth server administration tools.⁷ Attack kits are used to enable the theft of financial information and intellectual property information using bots,⁸ as well as to convert compromised computers into a network of bots (aka botnet) in order to conduct additional attacks. These kits are advertised and sold on online underground forums that trade stolen information and services.⁹ The real strength of botnets lies in their ability to generate massive amounts of Internet traffic against specific targets. This is known as a distributed denial of service (DDoS) attack. Some well-known examples of DDoS attacks are Russian attacks against Estonia and Georgia, effectively shutting down all aspects of online life in these countries.¹⁰ Of course, these attacks did not happen by themselves, but were allegedly initiated by Russian hacktivists.

Hacktivism is the act of hacking, or breaking into a computer system, for a politically or socially motivated purpose. The individual who performs an act of hacktivism is said to be a hacktivist.

A hacktivist uses the same tools and techniques as a hacker but does so in order to disrupt services and bring attention to a political or social cause.¹¹

The danger of commercially available malware kits is that anyone can purchase them. What used to be the domain of the technically savvy is now open to anyone with an agenda to cause harm. Hacktivists can grow in numbers exponentially, because now they have the tools.

Creating malware, such as bots, is inexpensive and relatively easy. The business of buying and selling malware follows a well-established commercial model. Botnets are valued based on the structure of the botnet, past use/abuse of the botnet, location of the botnet’s victims, and robustness of a malware agent.¹² The sellers go as far as to guarantee damage, “or your money back.”¹³ YouTube even has tutorials on how to create the malware, deliver the bot agents, manage the C&C, and turn the stolen data into real money.¹⁴

Intentionally malicious software programs are not the only software that can be used for malicious purposes. Many mainstream, publicly available software applications can be utilized to steal or manipulate important data, and since everything these days is about cutting costs and implementing the least expensive solution, even military organizations can fall victim to clever use of the COTS software.

For example, in order to cut costs military satellite communications (SATCOM) adopted commercial satellites, and these assets are not protected from network and radio frequency (RF) attacks by adversaries using open-source and publicly available resources.¹⁵ Both digital and analog signals can be captured, manipulated, and/or transmitted using open-source programs downloaded by hobbyists, or provided by equipment vendors and hacker websites complete with documentation and other resources.¹⁶

⁶ “Malware becoming increasingly commercialised, says CoreTrace.” InfoSecurity. February 2, 2011. www.infosecurity-magazine.com/view/15623/malware-becoming-increasingly-commercialised-says-coretrace/ (accessed May 10, 2011).

⁷ “Report on Attack Toolkits and Malicious Websites.” Symantec. www.symantec.com/about/news/resources/press_kits/det ail.jsp?pkid=attackkits&om_ext_cid=biz_socmed_twitte r_facebook_marketwire_linkedin_2011Jan_worldwide_a ttacktoolkits (accessed May 27, 2011).

⁸ “A bot worm is a self-replicating malware program that resides in current memory (RAM), turns infected computers into zombies (or bots) and transmits itself to other computers.” From: SearchSecurity. http://searchsecurity.techtarget.com/definition/bot-worm (accessed 30 November 2011).

⁹ “Report on Attack Toolkits and Malicious Websites.” Symantec. www.symantec.com/about/news/resources/press_kits/det ail.jsp?pkid=attackkits&om_ext_cid=biz_socmed_twitte r_facebook_marketwire_linkedin_2011Jan_worldwide_a ttacktoolkits (accessed May 27, 2011) and “Malware becoming increasingly commercialised, says CoreTrace.” InfoSecurity. February 2, 2011. www.infosecurity-magazine.com/view/15623/malware-becoming-increasingly-commercialised-says-coretrace/ (accessed May 10, 2011).

¹⁰ Carr, Jeffrey. Inside Cyber Warfare: Mapping the Cyber Under world. O'Reilly Media, 2009. p.18.

¹¹ SearchSecurity. http://searchsecurity.techtarget.com/definition/hacktivis m) (accessed May 27, 2011).

¹² Ollmann, Gunter. “How Criminals Build Botnets for Profit.” Central Ohio InfoSec Summit, Columbus, OH. 2011.

¹³ Ibid.

¹⁴ Ibid.

¹⁵ Rohret, David, and Jonathan Holston. “Exploitation of Blue Team SATCOM and MILSAT Assets for Red Team Covert Exploitation and Back-Channel Communications.” Proceedings of the International Conference on Information Warfare & Security. 2010. 288–298. International Security & Counter-Terrorism Reference Center™, EBSCOhost^® (accessed May 14, 2011).

¹⁶ Ibid.