Friday, May 11, 2012

An interview with a cybercriminal

There's a thread on reddit.com where a cybercriminal operating a botnet of more than 10,000 nodes utilizing the Zeus banking trojan, DDoS capabilities and the ability to mine bitcoin takes questions from the reddit community.

 http://www.reddit.com/r/IAmA/comments/sq7cy/iama_a_malware_coder_and_botnet_operator_ama/

A few take away's from this thread are as follows:

  • He's an engineering student potentially in the United States. His English is good and he makes references to American movies. 
  • He's aware of the law, cyberlaw in particular, in the way he doesn't use the credit card data, but only sells it. This doesn't mean that he's not stealing, but he does mention the loose laws in other countries, Spain in particular, in which cybercrime is easier to operate.
  • The criminal mentions the utter uselessness of anti-virus and ways that he gets around them. He did however plug Kapersky in being paranoid and giving him a hard time.
  • During questions he does understand that its wrong and he admits he's stealing, but he continues to grasp at straws to try and convince himself that its okay. This is greed.
  • He also admits to hacking other companies under the guise of "Anonymous". Which goes out of the realm of cybercrime and more along the line of mischief. This shows that he's not scared of authority and is fine with flexing his "cyber muscle".
  • He relies on encryption and polymorphic code to keep hidden.
  • His advice on how not to become a victim is very good, especially the use of a LIVE cd. 
All in all this is very interesting look into the mind of a cybercriminal, how they operate and their mindset on how they justify what they do. I'd highly recommend reading it.

No comments:

Post a Comment