Thursday, December 20, 2007

Russia's FSB vs Cybercrime

In what looks like a populist move from my perspective, the FSB, the successor of the KGB, have "Pinch-ED" the authors of the DIY malware Pinch. A populist move mainly because the Russian Business Network is still 100% fully operational, the Storm Worm botnet was originally launched and is currently controlled by Russian folks, and the lack of any kind of structured response on who was behind Estonia's DDoS attack. Pinch-ing the authors is one thing, pinch-ing everyone that's now literally generating undetected pieces of malware through the use of the kit on an hourly basis is another :

"Today Nikolay Patrushev, head of the Federal Security Services, announced the results of the measures taken to combat cyber crime in 2007. Among other information, it was announced that it had been established who was the author of the notorious Pinch Trojan - two Russian virus writers called Ermishkin and Farkhutdinov. The investigation will soon be completed and taken to court. The arrest of the Pinch authors is on a level with the arrests of other well known virus writers such as the author of NetSky and Sasser, and the authors of the Chernobyl and Melissa viruses."

This event will get cheered be many, but those truly perceiving what's going on the bottom line will consider the fact that fighting cybercrime isn't a priority for the FSB, and perhaps even worse, they're prioritizing in a awkward manner. I once pointed out, and got quoted on the same idea in a related research, that, Pandora's box in the form of open source malware and DIY malware builders is being opened by malware authors to let the script kiddies generate enough noise for them to remain undetected, and for everyone to benefit from those who enhance the effectiveness of the malware by coming up with new modifications for it. I'm still sticking to this statement. If the authors behind Pinch weren't interested in reselling copies of the builder, but were keeping it to themselves, thereby increasing its value, they would have been the average botnet masters in the eyes of the FSB, but now that the builder got sold and resold so many times I can count it as a public one, the authors compared to the users got the necessary attention.

I'll be covering Pinch in an upcoming post, mainly to debunk other such populist discoveries of Pinch in 2007, given that according to an encrypted screenshot of its stolen data crypter, and many other indicators, Pinch has been around since 2005, yes, exactly two ago. Why is this important? It's important because if the industry is waking up on the concept of form-grabbing and TAN grabbing in respect to banking malware in 2007, the bad guys have been doing it for the last couple of years, whereas customers are finding it necessary to maintain another keychain entirely consisting of pseudo-random number generators pitched as layered authentication. The bad guys do not target the authentication process, or aim at breaking it - they bypass it as a point of engagement, efficiently.

Don't forget that a country that's poised for asymmetric warfare domination in the long-term, will tolerate any such asymmetric warfare capabilities in the form of botnets for instance, for as long as they're not aimed at the homeland, in order for the country's intell services to acquire either capabilities or "visionaries" by diving deep into the HR pool available. The rest is muppet show.

No comments:

Post a Comment