Tuesday, October 14, 2008

The Cost of Anonymizing a Cybercriminal's Internet Activities

What would the perfect traffic anonymity service provider targeting cybercriminals consist of? A service operating in Russia that is on purposely not logging any of its user's activities, next to allowing direct spamming from the socks servers, automatic rotation of the VPN servers which they operate in a RBN style hosting provider, or a service using actual malware infected hosts as VPN tunnels not only securing the cybercrime traffic, but also, forwarding the responsibility for the malicious activities to the end user?

Long gone are the days of socks chaining, the practice of automatically connecting to multiple malware infected hosts in order to use them as stepping stones, in between the rest of the malicious activities going on their behalf.

The possibilities for building point-to-point or server-to-multiclient encrypted tunnels between malware infected hosts by using already available Socks5 functions has always been there. As of August, the coders behind a relatively popular web based malware originally started as a DDoS kit, but later on started introducing new features on a "module basis", they have started offering a BETA module for building a VPN network of malware infected hosts, including an admin panel for reselling access to these hosts in order to better monetize their botnet.

This VPN-owning of malware infected hosts is not only resulting in improved anonymity for botnet masters and anyone else having access to the network, but is also contributing to the growth of VPN services designed specifically to be accessed by cybercriminals created on the foundatiosn of such admin panels offering easier reselling of access to the network.

So, what's the cost of anonymizing a cybercriminal's Internet activities? Starting from $40 and going to $300 for a quarter of access, with the price increasing based on the level of anonymity added.