en
en

The global strategy of computer hacking

Whoever operates on the Web and has even interesting or relevant data sooner or later will always be hacked by someone or by some organizations.

Usually “economic” hackers take the data of interest from the victim’s network and resell it in the dark web, i.e. the system of websites that cannot be reached by normal search engines.

Currently, however, after the Bayonet operation of July 2017 in which many dark web areas were penetrated, we are witnessing a specialization of the dark web and an evolution of web espionage methods against companies and States.

These operations which, in the past, were carried out by web amateurs, such as youngsters at home, are currently carried out by structured and connected networks of professional hackers that develop long-term projects and often sell themselves to certain States or, sometimes, to some international crime organizations.

As often happens in these cases, the dark web was born from research in the military field. In fact, in the 1990s, the Department of Defense had developed a covert and encrypted network that could permanently protect the communications of the U.S. espionage “operatives” who worked abroad.

Later the secret network became a non-profit network that could be used for the usual “human rights” and for protecting privacy, the last religion of our decadence.

That old network of the State Department then intersected with the new TOR Network, which is the acronym of The Onion Router, the IT “onion” covering communication with different and often separable encryption systems.

TOR lives on the Internet edge and it acts as the basic technology for its dark web.

Like the “Commendatore” vis-à-vis Don Giovanni in Mozart’s opera.

TOR, however, is a free browser that can be easily extracted from the Web.

Obviously, the more the anonymity of those who use TOR and go on the dark web is covered by effective encryption systems, the more unintentional signals are left when browsing the dark web.

Moreover, the farther you have to go, the more pebbles you need to go back, as in the Thumbelina fairy tale.

TOR and the Dark Web were born to allow the communications of U.S. secret agents, but were later downgraded to “free” communication system to defend Web surfers from “authoritarian governments”. Currently the dark web hosts a wide underground market where drugs, stolen identities, child pornography, jihadist terrorism and all forms of illegal business are traded.

Moreover, if these dark web services are paid with uncontrollable cryptocurrencies, it is very difficult to track any kind of dark web operations.

Nowadays, about 65,000 URLs operate in the dark web, which means Internet websites and Universal Resource Locators that operate mainly via TOR.

A recent study of a company dealing with cybersecurity has demonstrated that about 15% of all dark web URLs facilitate peer-to-peer communication between users and websites usually by means of chat rooms or websites collecting images, pictures and photos, which are often steganographic means and transmit hidden and concealed texts, but also for the exchange of real goods via specialized websites for peer-to-peer trading that are also encrypted, as can easily be imagined.

Moreover, a further study conducted by a U.S. communication company specialized in web operations has shown that at least 50% of the dark websites is, in fact, legal.

This means they officially deals with things, people, data and pictures that, apparently, also apply to “regular” websites.

In other words, the dark websites have been created by means of a regular request to the national reference office of ICANN, which grants the domains and registers the permitted websites, thus communicating them to the Californian cooperative that owns the web “source codes”, although not in a monopolistic way.

Currently all the large web organizations have a dark “Commendatore” in the TOR area, such as Facebook, and the same holds true for almost all major U.S. newspapers, for some European magazines but also for some security agencies such as CIA.

Nevertheless, about 75% of the TOR websites listed by the above stated IT consultancy companies are specialized URLs for trading.

Many of these websites operate only with Bitcoins or with other types of cryptocurrencies.

Mainly illegal pharmaceuticals or drugs, items and even weapons are sold in the dark web. Said weapons are often advanced and not available in the visible and overt networks.

Some URLs also sell counterfeit documents and access keys for credit cards, or even bank credentials, which are real but for subjects other than those for whom they were issued.

In 2018 Bitcoin operations were carried out in the dark web to the tune of over 872 million US dollars. This amount will certainly exceed one billion US dollars in late 2019.

It should be recalled that the total amount of money “laundered” in the world accounts for almost 5% of the world GDP, equal to 4 trillion US dollars approximately.

Who invented the Bitcoin?

In 2011, the cryptocurrency was used for the first time as a term of trade only for drug traffickers operating in the dark web, mainly through a website called Silk Road.

The alias used for those exchanges was called Satoshi Nakamoto, that was also filmed and interviewed, but was obviously another.

We should also recall web frauds or blackmails: for example, InFraud, a U.S. organization specialized in the collection, distribution and sale of stolen credit cards and other personal data.

Before being discovered, InFraud had illegally made a net gain of 530 million US dollars.

Another group of illegal operators, Fin7, also known as Carbanak, again based in the United States, has collected over a billion US dollars on the web and has put in crisis, by blackmailing them, some commercial organizations such as Saks Fifth Avenue and Chipotle, a widespread chain of burritos and other typical dishes of Mexican cuisine.

Obviously the introduction of new control and data processing technologies, ranging from 5G to biometric sensors, or of personal monitoring technologies, increases the criminal potential of the dark web.

Hence the dark web criminals will have an even larger mass of data from which to derive what they need.

The methods used will be the usual ones, such as phishing, i.d. the fraudulent attempt to obtain or to deceive people into sharing sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication possibly with a fake website, or the so-called “social engineering”, which is an online scam in which a third party pretends to be a company or an important individual in order to obtain the sensitive data and personal details of the potential victim,  in an apparently legal way, or blackmail by e-mail and finally the manipulation of credentials.

With a mass of additional data on their “customers”, the web criminals will be able to perfect their operations, thus making them quicker and more effective. Or the new web technologies will be able to accelerate the time needed for blackmail or compromise, thus allowing a greater number of frauds for more victims.

Biometrics certainly expands the time for the use of data in the hands of cybercriminals. Facial detection or genetic and health data are stable, not to mention the poor security of data held by hospitals. Or we have to do with the widespread dissemination of genetic research, which will provide even more sensitive data to web swindlers.

According to some recent analyses carried out by the specialized laboratories for the Web, 56% of the data most used by web criminals comes from the victims’ personal data, while 44% of the data used by swindlers comes from financial news.

Moreover, specific types of credit cards, sold by geographical area, commercial type and issuing bank, can be bought in the dark web.

85% of them are credit cards accredited for a bank ceiling, while 15% of “customers” asks for debit cards.

The web scammers, however, always prefer e-mail addresses even to passwords.

Furthermore, less than 25% of the 40,000 dark web files have a single title.

In the “dark” web there are over 44,000 manuals for e-frauds, available for sale and often sold at very low prices.

The large and sometimes famous companies are the mainly affected ones. In 2018 the following companies were the target of cyberattacks in the United States: Dixus, a mobile phone company which was stolen 10 million files; the Cathay Pacific airline, with 9.4 million files removed, but also the Marriott’s hotel chain (500 million data/files removed) and finally Quora, a website of scientific documents and generic data. Over 45 million files were removed from Quora.

How can we know whether we are the target of an attack from the Dark Web? There is certainly the presence of ransomware, such as the recent Phobos, which uses the Remote Desktop Protocols (RDP) that allow to control computers remotely.

Then there is the Distributed Denial of Service (DDoS), which is a temporary block of the Web, apparently accidental, and finally there is the traditional malware, the “malicious” software that is used to disrupt the victims’ computer operations and collects the data present on their computers.

However, the Dark Web ambiguity between common crime and the defence of “human rights” and safe communications in “authoritarian regimes” always remains.

The United States, Iran, China and other countries have already created a “fourth army”, composed only of hackers, that operates with cyberattacks against the enemies’ defence and civilian networks.

The US Cyber Command, for example, is estimated to be composed of as many as 100,000 men and women, who operate 24 hours a day to hit enemy servers (and also allies’ ones, when they contain useful information).

Just think also of the private group Telecomix, which supported the 2011 Arab rebellions and, often, also the subsequent ones.

Also in these months both Telecomix and Anonymous are working to permit the free use of the Syrian computer network.

There is often an operative interface between these groups and the Intelligence Agencies, which often autonomously acquire data from private networks, which, however, soon become aware of the State operations.

There is also cyber-rebellion, which tries – often successfully – to strike at the victims’ data stored, by deleting them.

DDoS, the most frequent type of attack, often uses a program called Low Orbit Ion Cannot (LOIC) which allows a large number of connections to be established simultaneously, thus leading to fast  saturation of the enemy server.

The attacking computers can be used remotely and some groups of hackers use thousands of computers simultaneously, called “zombie machines”, to hit the database in which they are interested to delete it or to remove its files.

This type of “fourth army” can inflict greater damage on a target country than a conventional armed attack. The faster the attack, the easier is to identify the origin of the operation.

It is currently estimated that the “zombie” computers in the world are over 250 million – a greater network than any other today present in the military, scientific and financial world.

Hence a very dangerous military threat to critical infrastructure or to the economic resources of any country, no matter how “advanced” it is technologically or in terms of military Defence.

There have been reports of hackers linked to global drug organizations, especially Mexican cartels, and to jihadist or fundamentalist terrorist groups.

Financial hacking, which often supports all these initiatives, remains fundamental.

The South Korean intelligence services’ operative Lim was found “suicidal” after having purchased a program from the Milanese Hacking Team.

A necessary tool for these operations is often a briefcase containing circuits which mimic the towers of cellular repeaters and store in the briefcase itself all the data which is transferred via cetel or via the Internet Network.

The Central Bank of Cyprus, the German CDU Party and many LinkedIn accounts – a particularly favourite target of hackers – some NATO websites and, in Italy, some business and financial consultancy companies were attacked in this way.

It is a completely new war logic, which must be analysed both at technical and operational levels and at theoretical and strategic levels.

Giancarlo Elia Valori