1
00:00:01,910 --> 00:00:08,700
Let's now set aside the issue of online privacy I hope that I've managed to convince you that there's

2
00:00:08,720 --> 00:00:15,870
a lot of information available on the Internet that should be treated as confidential.

3
00:00:15,880 --> 00:00:21,190
There's a new approach towards privacy that has emerged recently and this approach directly affects

4
00:00:21,190 --> 00:00:24,150
the shape of our security and the security of our systems.

5
00:00:25,830 --> 00:00:26,910
Cyber criminals

6
00:00:29,840 --> 00:00:32,670
of refrained from using the word hacker in this course.

7
00:00:34,530 --> 00:00:37,210
It's been so overused that ceased to mean anything

8
00:00:40,230 --> 00:00:43,440
cyber criminals should be defined by two characteristics.

9
00:00:44,690 --> 00:00:48,540
Their motivation and their skills.

10
00:00:48,570 --> 00:00:50,630
Where do hackers fit in this graph.

11
00:00:52,890 --> 00:01:00,140
With equal probability a hacker could be a script kid an unskilled individual who scans a computer and

12
00:01:00,140 --> 00:01:02,770
launches a pre-made exploit out of curiosity.

13
00:01:04,680 --> 00:01:06,920
Or an expert who wants to make money.

14
00:01:09,140 --> 00:01:17,340
The read portion of the market is growing the fastest and it's the most dangerous.

15
00:01:17,370 --> 00:01:21,200
You need to gird yourself against these criminals.

16
00:01:21,230 --> 00:01:23,130
Let's find out if this is really true.

17
00:01:24,350 --> 00:01:30,720
I'll give you a couple of real stories in chronological order.

18
00:01:30,740 --> 00:01:38,630
The first is a story of a gentleman known as Bhola a criminal working in the 90s who set up a Web site

19
00:01:38,630 --> 00:01:41,750
that offered credit card numbers for sale at a good price.

20
00:01:44,850 --> 00:01:50,310
At its peak the Web site had a selection of one hundred fifty four thousand stolen credit card details

21
00:01:53,450 --> 00:01:58,300
the credit card numbers were stolen from large international corporations.

22
00:01:58,310 --> 00:01:59,680
How is this possible.

23
00:02:03,060 --> 00:02:06,290
Well when his partners did not use any exploits for their attacks

24
00:02:09,190 --> 00:02:12,660
they instead struck a deal with Marriott Hotels porters and other people.

25
00:02:14,690 --> 00:02:18,740
Or sent one of their men to take a job in a company when it searched for a skilled worker.

26
00:02:20,390 --> 00:02:27,830
A simple and efficient method was eventually arrested in Cyprus and extradited to the U.S..

27
00:02:30,570 --> 00:02:37,230
He was charged with defrauding over $2.5 billion.

28
00:02:37,290 --> 00:02:41,850
It was revealed during the investigation that he was also engaged in a Cyprus based money laundering

29
00:02:41,850 --> 00:02:43,620
company that washed billions

30
00:02:46,980 --> 00:02:48,710
there's a happy ending in the story.

31
00:02:49,920 --> 00:02:56,520
Bo and his partners Igor and the totally terrorist Sinko and others were arrested.

32
00:02:56,570 --> 00:03:04,550
What's relevant for us is that their fraud did not involve electronic intrusions into computer systems.

33
00:03:04,570 --> 00:03:07,330
This is why it brought such great results.

34
00:03:09,710 --> 00:03:15,330
If we want to paint a fuller picture of cyber criminals we need to mention the attack that hit Blue

35
00:03:15,330 --> 00:03:17,010
security in 2005

36
00:03:20,370 --> 00:03:27,790
loose security announced the release of a new product and anti-spam filter this filter was not like

37
00:03:27,790 --> 00:03:32,460
any of the anti-spam filters we use today.

38
00:03:32,500 --> 00:03:35,270
It didn't block spam.

39
00:03:35,480 --> 00:03:41,290
The tool instead detected the spammers address and sent back a complaint thanks.

40
00:03:41,340 --> 00:03:45,090
I don't want to receive spam from you.

41
00:03:45,110 --> 00:03:47,470
The system utilized a retaliation mechanism

42
00:03:50,220 --> 00:03:54,150
a server that sent a lot of spam messages received a lot of answers.

43
00:03:55,620 --> 00:04:01,940
It was successfully attacked and the attack resulted in a denial of service.

44
00:04:01,970 --> 00:04:06,460
The story of Blue Security is quite interesting.

45
00:04:06,510 --> 00:04:13,050
You can see here a message that was e-mailed to users of the tool that blue security provided.

46
00:04:13,120 --> 00:04:18,930
It was written and sent by pharma master a Russian online seller of fake Viagra.

47
00:04:20,770 --> 00:04:24,850
As you see pharma master obtained e-mail addresses of blue security users

48
00:04:27,650 --> 00:04:32,850
the attackers broke into the blue security system and extracted a database with user's addresses.

49
00:04:35,230 --> 00:04:39,670
In the message form a master warns users that blue security is the real spammer.

50
00:04:41,580 --> 00:04:43,680
To give more weight to the email from a master.

51
00:04:43,680 --> 00:04:45,360
Also send it to blue security

52
00:04:48,170 --> 00:04:54,300
sending spam to spammers in this way it was large scale as a Blue Security user.

53
00:04:54,550 --> 00:04:57,350
You're in for a backlash from furious internet communities.

54
00:04:59,930 --> 00:05:04,020
If you don't get rid of the tool your address will be put on the spamming list.

55
00:05:04,050 --> 00:05:05,790
There can be other trouble as well.

56
00:05:07,400 --> 00:05:15,050
As you see reading the email uninstalling the system won't be for your benefit don't install it ever

57
00:05:15,050 --> 00:05:15,790
again.

58
00:05:16,740 --> 00:05:23,490
Apart from attacking blue security users the servers of the company were also targeted.

59
00:05:23,580 --> 00:05:30,420
The first step was to block foreign access to the Israeli company's servers next to global access was

60
00:05:30,420 --> 00:05:37,740
cut off transporting services to servers of an external provider that specialized in guarding against

61
00:05:37,740 --> 00:05:47,370
denial of service attacks did not help the attackers one this time Blue Security withdrew the blue frog

62
00:05:47,370 --> 00:05:49,230
project and fold it soon after

63
00:05:52,000 --> 00:05:56,850
the release the official statement the company said that it did not want to escalate the war.

64
00:05:59,290 --> 00:06:06,040
The stories of Roman Bo Veiga and the attack on Blue Security show that cyber criminals aren't just

65
00:06:06,040 --> 00:06:09,970
bored script kids who try to launch some program they found on the Internet after school.