by Marc Goodman
LIVE CHILD RAPE
Like Dante’s Inferno, the Dark Web has its own ninth circle of hell, and here is where you will find the most abominable acts of violence against the youngest and most vulnerable members of our society. In a deeply disturbing report issued by Europol—the European Union’s police agency—law enforcement officials noted the growing number of underground Web sites now providing live-streaming videos of the abuse and rape of children. Crime, Inc. and pedophile networks are actually organizing pay-per-view child rape on demand. Organized criminal networks in Asia in particular provide pedophiles with the ability to connect live via Tor to video feeds with built-in instant messaging functions where users around the world can direct the rapists who have abducted the children to carry out specific acts of abuse. Yes, nauseatingly, they do take requests. In one incident investigated by police, those connecting via Tor could order a group of men to rape an eight-year-old girl, directing their actions in real time, all for about $100. Because these activities take place on the Dark Web and because the video images are streamed instead of downloaded, evidence to prove the crimes is not recorded anywhere, save for in the permanent and traumatic memories of the victims who survive the depraved brutality of their fellow man.
All of these illicit goods and services offered for sale in the digital underground drive tremendous profits to Crime, Inc., a trend that is accelerating thanks to new forms of illicit finance that greatly facilitate its clandestine business operations.
Dark Coins
Bitcoin’s got its issues. But it is not competing with perfection.
DAN KAMINSKY, SECURITY RESEARCHER
Technology is enabling new forms of money, and the growing digital economy holds great promise to provide new financial tools, especially to the world’s poor and unbanked. These emerging virtual currencies are often anonymous and none have received quite as much press as Bitcoin, a decentralized peer-to-peer digital form of money. Bitcoins were invented in 2009 by a mysterious person (or group of people) using the alias Satoshi Nakamoto, and the coins are created or “mined” by solving increasingly difficult mathematical equations, requiring extensive computing power. The system is designed to ensure no more than twenty-one million Bitcoins are ever generated, thereby preventing a central authority from flooding the market with new Bitcoins. Most people purchase Bitcoins on third-party exchanges with traditional currencies, such as dollars or euros, or with credit cards. The exchange rates against the dollar for Bitcoin fluctuate wildly and have ranged from fifty cents per coin around the time of its introduction to over $1,240 in November 2013.
People can send Bitcoins to each other using computers or mobile apps, where coins are stored in “digital wallets.” Bitcoins can be directly exchanged between users anywhere in the world using unique alphanumeric identifiers, akin to e-mail addresses, and there are no transaction fees. Anytime a purchase takes place, it is recorded in a public ledger known as the “blockchain,” which ensures no duplicate transactions are permitted. Bitcoin is the world’s largest crypto currency, so-called because it uses “cryptography to regulate the creation and transfer of money, rather than relying on central authorities.” Bitcoin acceptance is growing rapidly, and it is possible to use Bitcoins to buy cupcakes in San Francisco, cocktails in Manhattan, and a Subway sandwich in Allentown. They can also be used to purchase a new Tesla Model S, to pay your DIRECTV bill, to sign up with OkCupid, or even to book a ticket on Richard Branson’s upcoming Virgin Galactic space flight.
Because Bitcoin can be spent online without the need for a bank account and no ID is required to buy and sell the crypto currency, it provides a convenient system for anonymous, or more precisely pseudonymous, transactions, where a user’s true name is hidden. Though Bitcoin, like all forms of money, can be used for both legal and illegal purposes, its encryption techniques and relative anonymity make it strongly attractive to criminals. Because funds are not stored in a central location, accounts cannot readily be seized or frozen by police, and tracing the transactions recorded in the blockchain is significantly more complex than serving a subpoena on a local bank operating within traditionally regulated financial networks. As a result, nearly all of the Dark Web’s illicit commerce is facilitated through alternative currency systems. People do not send paper checks or use credit cards in their own names to buy meth and child sexual abuse images. Rather, they turn to anonymous digital and virtual forms of money such as Bitcoin.
In the days of Al Capone’s Prohibition-era racketeering, the Feds’ mantra became “Follow the money,” and it was ultimately tax evasion charges, not murder convictions, that brought down the world’s biggest crime boss of the 1930s. Though “follow the money” has been the core credo in law enforcement ever since, cops may soon have to find a new motto. There are now more than seventy virtual crypto-currency competitors to Bitcoin, such as Ripple, Litecoin, and Dogecoin, and it is estimated nearly $10 billion in virtual currencies were transacted in 2013 alone. Given the vast sums at play, it should come as no surprise that criminals are not only transacting Bitcoin but also targeting the crypto currency for theft. Hackers have been able to steal millions and millions of dollars in virtual money from one another, with the largest attack to date directed against Mt. Gox, a Tokyo-based Bitcoin exchange that had $470 million pilfered from its digital coffers in early 2014. This is undoubtedly the future of bank robbery, and, no, FDIC insurance will not cover you for your Bitcoin losses.
Beyond crypto currencies, there are numerous other forms of electronic payment favored by Crime, Inc., including Liberty Reserve, E-gold, and WebMoney. Just one of these companies, Liberty Reserve, is accused of laundering more than $6 billion over several years, according to federal prosecutors. Known as the “PayPal for criminals,” with no personal account details required, Liberty Reserve facilitated a broad range of Crime, Inc.’s activities across the Dark Web, including “credit card fraud, identity theft, investment fraud, computer hacking, child pornography, and narcotics trafficking.” It is also thought to have played a central role in the previously noted $45 million crowdsourced ATM heist that took place over a ten-hour time frame in 2013. Though Liberty Reserve, like Silk Road, was ultimately taken down by the FBI and its founder arrested, many competitors have sprung up in its place, and these new marketplaces generally have decentralized peer-to-peer structures and favor next-generation iterations of crypto currencies. They promise not just pseudonymity as recorded publicly in the Bitcoin blockchain but completely untraceable anonymity. One such new currency, Darkcoin, can be viewed as the ultrasecret shadowy cousin of Bitcoin, created specifically to obfuscate users’ purchases by combining any single transaction with those of other users so that payments cannot be tied to any particular individual. The popularity of Darkcoin is increasing rapidly, and its value has skyrocketed from seventy-five cents a coin to almost $7 shortly after its introduction.
Another tool, Darkwallet, created by an organization referring to itself as unSYSTEM, aims to take Bitcoin back to its libertarian roots by enabling “hyper-anonymized” transactions. Operating under the motto “Let there be dark,” Darkwallet “aims to be the anarchist’s Bitcoin app of choice,” and its creators explicitly describe it as “money laundering software.” By combining and encrypting user payments, Darkwallet “enables practically untraceable flows of money” across the digital underground. Armed with these new financial tools, criminals are primed and ready to go shopping, and there is much to buy.
Crime as a Service
With an untraceable illicit monetary system in place, crime is no longer something that you just commit; it is something you can buy. Crime as a Service (CaaS) is the new business model and allows all or part of an offense to be carried out by others, while the crime-trepreneur who organized and invested in the scheme is ensured the profit. Just as large corporations are increasingly using Software as a Service to carry out their enterprise operations beyond their core competencies, so too are criminals.
One of the m
ost oft-purchased services is that of IT infrastructure—the technological guts and pipes required to run any successful modern enterprise. But Crime, Inc. has special technological infrastructure needs, specifically for what has become an exceeding rare commodity these days: privacy and anonymity. Criminals have flocked to the Dark Web because it allows them the best chance to evade both the surveillance business models popularized by Facebook and Google and the state-level capabilities disclosed by Edward Snowden. Because both their livelihood and their lives depend on assuring this anonymity, members of Crime, Inc. dedicate significant resources to preserving their privacy prior to attacking their targets or selling their contraband.
Practically, this means that illicit actors in the digital underground make extensive use of virtual private networks (VPNs) and proxy servers that hide their Internet protocol addresses and conceal their locations. They also rely heavily on so-called bulletproof hosting services, companies that provide Web hosting in jurisdictions such as Russia or Ukraine and welcome all illicit content, make no attempts to know their customers’ true identities, accept anonymous payments in Liberty Reserve and Bitcoin, and routinely ignore subpoena requests from law enforcement. One such CaaS company, Freedom Hosting, was the largest Web host on the Tor network and was accused by the FBI of being the most prolific facilitator of child sexual abuse images in the world, supporting more than 95 percent of the world’s child pornography. Hundreds of crime-trepreneur purveyors of child sexual abuse images paid Freedom Hosting to anonymously host their underground Web sites, with each of these individual sites having thousands of registered users.
In addition, just as companies have rapidly adopted cloud computing to store their files on services such as Google Drive and Amazon, so too has Crime, Inc. In an interesting turn of events, not only are hackers targeting the data you’ve stored in the cloud, but they are increasingly benefiting from the ease of its use to store their own less sensitive files online. The cloud is particularly well suited to the computing needs of the members of Crime, Inc. who use stolen credit cards, fake identities, and front companies to rent space with legitimate companies in order to host malware on their servers. By using reputable firms to host their crimeware, hackers are much less likely to have their traffic blocked or detected by third parties. The trend is accelerating, and a 2013 study suggested that 16 percent of the world’s malware distribution channels were hosted in the Amazon Cloud while another 14 percent emanated from GoDaddy’s servers.
Moreover, the cloud puts tremendous computing power at the disposal of legitimate users and hackers alike. As a result, we’ve entered the age of weaponized computing, where literally anybody with a few dollars to spare can have access to previously unimaginable levels of computing power to use for good or ill. For example, the hackers who broke into the Sony PlayStation Network used the vast computing power of Amazon’s cloud-computing services to break several of Sony’s encryption keys, providing access to hundreds of thousands of user accounts and credit card details. This “cloud cracking” significantly reduces the time it takes to break even the strongest passwords and in the process leaves us all less secure. Today, using the distributed computing power of the cloud and tools such as CloudCracker, you can try 300 million variations of your potential password in about twenty minutes at a cost of about $17. This means that anyone could rent Amazon’s cloud-computing services to crack the average encryption key protecting most Wi-Fi networks in just under six minutes, all for the paltry sum of $1.68 in rental time (sure to drop in the future thanks to Moore’s law).
Just as legitimate companies can hire computer coders to help them build Web sites and write software, so too can Crime, Inc. A firm such as CrimeEnforcers (a play on the term “law enforcers”) describes itself as a “private organisation for your special developing requests …[i]f you need special hardwares [sic]…[or] software that can not be done or even discuss [sic] in your Country … We are offering absolutely anonymous & offshore developing [sic] for your projects. We dont [sic] care what you want to do with hardwares and softwares you requested to be done by us.” No questions asked in the world of criminal software development. Other Crime, Inc. firms can be hired to break into any system of your choosing and may have powerful capabilities to do so. For example, China’s Hidden Lynx organization comprises up to a hundred professional cyber thieves known to have penetrated systems belonging to Google, Adobe, Lockheed Martin, and others. Frighteningly, the membership of Hidden Lynx includes military and intelligence officers working for the Chinese government during the day to carry out offensive cyber operations on behalf of the state. Off duty, however, many of these officials supplement their income considerably by moonlighting as cyber fraudsters and hackers for hire, distinguishing themselves for their advanced skill sets far beyond those of the average hacker. Welcome to the world of cyber mercenaries, now available as one of the many CaaS offerings in the digital underground.
In addition to hacker-for-hire services, Crime, Inc. subcontracts out for a wide variety of administrative services such as banking, translation, travel, and call center operations.
For instance, companies such as CallService.biz fill a niche in the digital underground by providing on-demand English-, French-, and German-speaking stand-ins to help crooks contravene bank security measures required to initiate wire transfers, unblock hacked accounts, or change address contact information with the banks. Staffed 24/7, the multilingual crime call center will play any duplicitous role you would like, including providing job and educational references, for a mere $10 per call. Just about any professional service a crime-trepreneur might need can be found in the digital underground. Increasingly, however, these services are being bundled, packaged, and sold in the form of criminal software, widely available in the depths of the Dark Web.
Crimeazon.com
The economy of the digital underground is a complex one. Not only do criminals sell directly to consumers (drugs, fake driver’s licenses, pirated content, and so on), but they also sell in bulk directly to one another. While much of Crime as a Service is about maintaining the support infrastructure and anonymity required to keep the crime factory humming, the underground economy has been bolstered as members of Crime, Inc. began to offer prepackaged tools for phishing, spam, fraud, DDoS, and data theft.
Top-notch criminal coders have recognized that the offensive hacking tools they have created for themselves can bring additional profits when sold to their criminal brethren—short on time or expertise—to launch their own attacks. As a result, less skilled criminals can simply buy the tools they need on demand to identify system vulnerabilities, commit identity theft, compromise servers, and steal data—crime at the click of a mouse.
The Dark Web has thus become a virtual “Crimeazon.com”—the world’s largest online marketplace where criminals go to shop. There they will find a Turkish bazaar of forbidden fruits, all neatly arranged for purchase. Like other purveyors of e-commerce, Crime, Inc. has created Dark Net–product storefronts complete with online shopping carts, checkout management systems, coupon codes, payment processing, technical support, live customer service chats, and escrow services. Vendors offer one-stop shopping, and you can leave your American Express card at home; they gladly accept Bitcoin.
As an example, the malware responsible for the massive invasion of Target’s point-of-sale system in late 2013 was perpetrated by a crimeware tool kit known as BlackPOS. Some of the most popular criminal software tool kits for sale in the digital underground include the following:
Zeus Builder: Ranging in price from $5,000 to $7,000, the program has many functions ranging from surreptitiously capturing a user’s keystrokes to the theft of digital encryption certificates required for online banking. Over the years, Microsoft has estimated the Zeus Trojan has infected more than thirteen million computers worldwide and been used to steal more than $100 million.
Bugat: Priced at a mere $1,000, Bugat specializes in spoofing bank account and wire transfer r
equests. In 2010, Bugat was used in a phishing e-mail sent to tens of millions of LinkedIn users with an “update your account” message. When they did, the Bugat Trojan installed malware in their Web browsers in under four seconds, lying stealthily in wait to steal their financial details the next time they logged on to their bank accounts.
SpyEye: For just $500, SpyEye offered all the features of Zeus and more. Its introduction in late 2009 set off a crimeware pricing war, and its market share grew rapidly. In a fascinating turn of online gang warfare, the inventors of SpyEye actually included an antivirus module to detect the presence of the rival Zeus Trojan on the infected machines of users in the general public. Once it found it, SpyEye would happily remove the competitor Zeus threat and repair the point of entry to ensure SpyEye remained the only malware operating on the targeted machine. Like its rival Zeus, SpyEye is believed to have generated hundreds of millions of dollars in proceeds for its architects.
The software tool kits sold on Crimeazon.com are continually developed, and Crime, Inc. sells updates to their “latest versions” to ensure the most current computer exploits are included in its programs. Of course, there is also Crimeazon Prime, a program that offers fellow thugs the opportunity to “subscribe and save” on their purchases. Once such example is the Blackshades tool kit available on an ongoing rental basis, providing users with unlimited free updates and technical support. The tool, perhaps one of the world’s most popular and notorious malware exploit kits, combines remarkable technical agility with a highly evolved business model that could have come straight out of a Harvard Business School case study.