Revealing the security habits of cyber criminals
Cyber crime is big business and that means the people behind it face many of the same challenges as legitimate organizations.
This includes operational security (OPSEC), a key tactic used by commercial and military organizations to protect privacy and anonymity. Research from cyber situational awareness specialist Digital Shadows reveals that criminals are using OPSEC as a means to an end -- avoiding detection, maintaining availability of their attack infrastructure, and retaining access to environments they have compromised.
Just as with other enterprises, criminals stand to lose from poor OPSEC. For example, Dridex botnet operator Andrey Ghinkul associated his nickname -- "Smilex" -- with his real name, providing law enforcement with a valuable clue in their investigation. And of course defenders can exploit weak attacker OPSEC to gain insight into the people, process and technology used by their adversaries.
As always security is a balance, cyber crime forum operators for example need to offset staying under law enforcement radar with the ability to market their products. As with the Dridex example above, human error can lead to exposure.
Writing on the Digital Shadows blog Rick Holland, the company's vice president of strategy says, "It is critical to note that OPSEC will fail if people and process aren't taken into account. There are no technology silver bullets when it comes to OPSEC. Lapses in OPSEC can have significant implications for defenders and attackers alike. All too often organizations unknowingly expose confidential information that significantly increases the risks to their organization".
The report reveals that attackers use a range of technologies including secure operating systems such as WHONIX and TAILS, instant messaging tools like OTR or Jabber, anonymization networks like Tor, private email services such as SIGAINT and of course digital currencies including Bitcoin and WebMoney.
It shows that they're willing to innovate too, examples of this include Bitcoin 'tumbling' -- using a third-party service to break the connection between sending and receiving Bitcoin addresses, making it harder to track transactions through the blockchain.
You can find out more in the full report which is available from the Digital Shadows website.