24 replies to this topic

[totallyAunti]

Article :

Are Hackers Working for the Mob? A British study found organized crime is behind the vast majority of hacking attacks

Just wondering if this is some article to make hackers look "more evil". I mean really. Has anyone here ever been approached by the mob wanting your skills, or anyone you know for that matter? I'm thinking it could be more "news" meant to paint hackers as evil........

There's so much fake news out there, so I'm skeptical. Personally, I haven't seen evidence for this at all.

I mean, I've never seen nor heard of anyone in the mob approaching anyone at a DefCon meet, have you all? And it would seem to me if the mob were so "into recruitment", DefCon and such would be a prime hunting ground, don't you think?, yet I've seen NADA.

[cruisefx]

Article :

Are Hackers Working for the Mob? A British study found organized crime is behind the vast majority of hacking attacks

Just wondering if this is some article to make hackers look "more evil". I mean really. Has anyone here ever been approached by the mob wanting your skills, or anyone you know for that matter? I'm thinking it could be more "news" meant to paint hackers as evil........

There's so much fake news out there, so I'm skeptical. Personally, I haven't seen evidence for this at all.

I mean, I've never seen nor heard of anyone in the mob approaching anyone at a DefCon meet, have you all? And it would seem to me if the mob were so "into recruitment", DefCon and such would be a prime hunting ground, don't you think?, yet I've seen NADA.

There was a bit about young hackers working for the mob in Wired magazine once (sorry I don't have any citations). The United States is a miserable place for stuff like this to happen. Go to a country where things are more chaotic, say, Estonia, and you might be able to peddle your skills if you're reliable and good enough...

[nyphonejacks]

from wikipedia:

Organized crime or criminal organizations is a transnational grouping of highly centralized enterprises run by criminals for the purpose of engaging in illegal activity, most commonly for the purpose of generating a monetary profit. The Organized Crime Control Act (U.S., 1970) defines organized crime as "The unlawful activities of [...] a highly organized, disciplined association [...]".

organized crime does not mean the mafia, although that is what is commonly thought of when people hear the term. it could just as easily be any group of people who work together to engage in criminal activity, such as a group of crackers, or software pirates...

i think its use is used to sensationalize the article, and make it seem more dangerous and scary then it really is... like when they say that the terrorists fund them self from bootleg cigarettes... whether that is true or not that problem would not exist if a pack of cigarettes cost less than $10 a pack...

[totallyAunti]

Here's an example article off CNET but it only mentions 1 guy who "thought of himself as a member". Here's the pasted text :

How tied to organized crime are they?

One of the guys, "ChaO," kidnapped someone. He viewed himself as a traditional organized crime member. He was connected with organized crime groups in Turkey and they resorted to violence when they kidnapped someone who was talking too much about the operations. We're seeing more of that, especially in Romania. Also in Russia.

I got the above from an article I saved.

After researching some on the internet I'd have to conclude :

1. A lot of exaggeration is going on.
2. A person or two who considers themselves mob members doesn't make the whole hacker outfit one.
3. Several articles called "the new organized crime" groups of hackers committing crimes together.

[cruisefx]

After researching some on the internet I'd have to conclude :

1. A lot of exaggeration is going on.
2. A person or two who considers themselves mob members doesn't make the whole hacker outfit one.
3. Several articles called "the new organized crime" groups of hackers committing crimes together.

Here's that Wired article.

[totallyAunti]

After researching some on the internet I'd have to conclude :

1. A lot of exaggeration is going on.
2. A person or two who considers themselves mob members doesn't make the whole hacker outfit one.
3. Several articles called "the new organized crime" groups of hackers committing crimes together.

Here's that Wired article.

That made for good reading. Wow.

This dude in the article volunteered to work with them. For the life of me I don't know why I thought I heard somewhere some or many were being forced into it, go figure - must've just been me.

Thanx for the article btw.

[cyberscan]

I was approached by what I perceived to be organized criminals twice. Once it happened in college where I majored in electronics and was showing off a couple of hacks and the second time when I was harassing people who were spamming me. The second time I was given a URL and was told I could make 10 cents for every computer that I would provide them access to. Both offers seemed pretty credible, but I'm a hacker and not a criminal. I passed on both offers.

Edited by cyberscan, 30 December 2009 - 12:31 AM.

[GRiNCH]

from wikipedia:

Organized crime or criminal organizations is a transnational grouping of highly centralized enterprises run by criminals for the purpose of engaging in illegal activity, most commonly for the purpose of generating a monetary profit. The Organized Crime Control Act (U.S., 1970) defines organized crime as "The unlawful activities of [...] a highly organized, disciplined association [...]".

organized crime does not mean the mafia, although that is what is commonly thought of when people hear the term. it could just as easily be any group of people who work together to engage in criminal activity, such as a group of crackers, or software pirates...

you hit it on the head right there...gangs are alive and well in our nation, and many of them have strong ties across our borders and overseas. the traditional "mob" is not the only game in town anymore. Here in Fresno CA USA I personally know some CRAZY "mobsters" - and you could well be surprised at the extent to which our governmental approach to our drug problem has created a prison culture, forcing many "organizations" of sorts to evolve within and then extend beyond the walls, out into our communities.

The meth epidemic here in Fresno creates an endless need for more money for drugs, and most people with a habit are pretty creative when it comes to finding a way to "come up" and get something for nothing; the pop culture thought of what a "hacker" is leads to a lot of people trying to approach anyone with an ounce of computer knowledge and "hack" something. It's damn near ridiculous, but what do I expect, living in not only the meth no also the identity theft capital of our nation...

I work in computer networking/telecommunications, and have performed security audits for a number of local companies and have seen instances where an employee with a nasty drug habit thinks that they can use the data from their employer to barter for drugs, as well as one business within 2 minutes of looking at their network, I saw that someone had obtained the SAM for the domain and nightly around 2 or 3AM, was attempting to brute force hack every single user and machine account on the Windows 2000 Domain Controller. What's more , it was always 1 attempt less than the lockout threshold, then again 1 second after the timeout on retries expired, going on until around 4, 4:30AM (about a half hour before the first employee might arrive). Turned out that a employee of the company that set up the network had gotten himself all spun out, gotten into identity theft, and was installing backdoors on servers and exceptions in policies and firewalls for himself to go back later and try and get sensitive customer data that he then took to his different "connections" to trade for dope and money, who would intern scam on the vics, draining bank accounts, tapping out credit cards, applying for loans and such, all to fund the purchases of more drugs, weapons, and the "gangster" lifestyles of the dealers.

The "Mob"? Maybe not, our maybe just "Mob 2.0"...

[jeremy_]

I've been approached various times online and in person by people with highly lucrative offers. I declined all of them, and most of these were offered before I was 18. I found the idea of having some crazy adventure highly appealing, though.

One example of this is MySpace phishing. In 2005, 2 guys from Australia helped myself and a guy from Kansas with a concept we came up with as a way to phish social networks. We embedded a 1px by 1px fash file in a bulletin that would redirect the user upon loading the flash file to a fake login page. The login page had a cookie that the flash file would read, so that if you went to the site once, then the flash file wouldn't redirect you again. The login script, upon you entering your credentials, would save the user/pass in a text file and then redirect you back to the home screen on MySpace. At the time, MySpace was pretty buggy and would log people out all the time, so this was perfect.

Well, we tried it and it worked... a little too well. The 2 Aussies wanted to use the script to spam accounts with, but the guy from Kansas and I did not. We thought about writing an article on it, but we decided that it would be best for our concept not to be used by phishers so we kept silent. I regret that now, because as we all know, that ended up being a highly annoying problem.

I've also met many ex-cons that learned how to program and about network security while in prison and were trying to exploit systems when they are released. They wanted my assistance. I've even had offers from the police to do things they weren't allowed to do. All I can say is, I'm glad I never got tied up in any of that, because the ones I know that did aren't in good places today.

[resistor X]

I had something interesting happen to me a long time ago.

I once had a visit from someone from security at a phone service provider who said he'd been "watching me" and I thought "Yeah right". Then he tried to commit extortion saying he could use my good skills to his advantage and if I didn't comply "something bad would happen to me". Then I informed him I had recorded the visit and it meant his extortion attempt was also recorded, so he backed off, left and never bugged me again.

Point of me posting this? It goes to show there are nuts around but it doesn't have to be "the mob".

This only happened once, btw.

[GRiNCH]

I was approached by what I perceived to be organized criminals twice. Once it happened in college where I majored in electronics and was showing off a couple of hacks and the second time when I was harassing people who were spamming me. The second time I was given a URL and was told I could make 10 cents for every computer that I would provide them access to. Both offers seemed pretty credible, but I'm a hacker and not a criminal. I passed on both offers.

lemmee try this again...spent a half hour the other day typing out a post, and near the end the damned left ctrl key on my kb got stuck and the sentence which would have been my last became a string of commands that lost the text of my post into the binary void forevermore....to summarize:

I was referred a job once by a female I know, and the initial work was pretty smooth and simple...I reloaded WinXP from the OEM restore CD on a Dell laptop which had apparently been purchased overseas - Korea, I believe...the middle-aged Armenian gentleman said that a relative of his purchased a number of them and shipped them to him here in the US, apparently he was able to save himself a few hundred bucks on the deal, whatever's clever, it's kind of irrelevant anwyayz. It was the second service call I did for him when he called me back a couple of weeks later that made it's mark on my memory.

He asked me to come out to his home in a semi-rural area 10-20mins north of town to help him with a few minor problems - a printer which wouldn't print, a broadband connection that was working fine for the hardwired clients but nada for the wireless nodes, and some sort of a problem he was having installing some software on one of his laptops. He didn't flinch at the $$ I quoted him just to come and check things out, and I needed the money that week so whatever, yeah?

Get to his place and he insists that we drink a beer or two first while we wait for his cousin to arrive with the laptop and software which were giving him issues, and since there are few things I enjoy more than being paid to drink free beer, no problem with me. While we sit out on his front lawn, I figured I would save myself some time by digging out the details that most users breeze over the first two or three times that they talk to you about a problem - I assume this is a universal experience -...is the printer in question connected to the machine that is trying to print directly, or across the LAN, have all physical connections been checked, were the drivers installed before installing the hardware, and so on...I manage to catch a few details that I figure will speed things along, and am ready to get at it by the time his cousin arrives. They exchange a few remarks in their native tongue while I finish my second corona, and we head into the house.

I go for the printing problem first, as I'm pretty sure I know what needs to be done from our conversation out front, and a quick download of some drivers from the manufacturers website gets things moving along. I comment on what a top-end printer he's got - about a $6-8K (retail) wide carriage dye-sublimation - you could print a full size, full color, knock-your-socks off poster for your door with this bad boy, the 6 "crayons" that it uses for inks cost at least $300-$400 per color for each of the 6 colors (cyan, magenta, yellow, black, teal, fuscia/hot pink)...he grins, agreeing that it is probably overkill, but what the hell, he was deducting the entire cost anyway. No biggie. On to the broadband, about as simple as it gets - i pull the power to the wireless router, wait a few seconds, then plug it back in, reboot the clients, done.

So moving on to the software problem....He pulls out a HUGE (like, 5000 discs) binder, and selects a number of hand labeled, burned CD's and passes them to me...Photoshop CS2 w/every imaginable add-in module...I raise an eyebrow (or maybe I started to drool) at the binder, and with a sheepish grin he passes it to me to peruse as the software installs. Front to back, this binder is full of every I mean EVERY commercial program you can think of, every one of them burnt onto cd-r...I make a comment about how intelligent he was to keep backup copies of all his original media, at which he guffaws and explains that he purchased all of the programs in singapore for $5 a disc, and that if I can get his problem squared away he will gladly offer me the same price for any title I can think of.

The install goes off without a hitch, which doesn't surprise him, apparently the problem he was having was with loading a template that his cousin had given him to work from on a business contract....He duplicates the errors for me, and I explain to him that what is happening is that photoshop is complaining about a few missing fonts and some missing image files which a layer or two of the .psd files reference. It takes a minute, but after rewording my explanation a couple of times, he seems to understand, and is sure that his "no good, lazy son of a b**** cousin" just didn't properly copy all of the appropriate files over, and that he can handle it now that he knows what the problem is.

I collect my fee, and go on about my life, and probably wouldn't really have thought of it again except that about 3 months later I see the house that I was at on the local news, with the gentleman who paid me being led out in handcuffs by federal agents. Apparently he and his "family" were creating documentation for some of the migrant workers in the area, supplying them with birth certs, ssn cards, and ID's instead of their regular wages...........

What a trip! Seemed kind of fishy to me when I was there, but when I'm being paid good cash money for my time, I try not to over-think things. Glad I didn't get any more involved than I did though....

[Pi_2.0]

Credit Card fraud is pretty big in Europe, Romanians actually have a system where they'll drive to western European countries such as Germany and attach card readers to the front of an ATM, the readers are wifi/cellphone capable and wirelessly send the data back to Romania. Usually when the armored car driver comes to fill up the machine they notice it's been tampered with but by that time the Romanians have already scored hundreds of valids. Card fraud is supposedly big in Russia too, but most of their numbers come from hacking small online retailers.

I've read stories about American gangs like the Outlaws MC getting into identity fraud, but have never heard of it first hand. I don't see why most gangs would even bother with it when the profits from drugs are so much larger, card fraud is pretty low risk but it's time consuming.

[resistor X]

I was approached by what I perceived to be organized criminals twice. Once it happened in college where I majored in electronics and was showing off a couple of hacks and the second time when I was harassing people who were spamming me. The second time I was given a URL and was told I could make 10 cents for every computer that I would provide them access to. Both offers seemed pretty credible, but I'm a hacker and not a criminal. I passed on both offers.

lemmee try this again...spent a half hour the other day typing out a post, and near the end the damned left ctrl key on my kb got stuck and the sentence which would have been my last became a string of commands that lost the text of my post into the binary void forevermore....to summarize:

I was referred a job once by a female I know, and the initial work was pretty smooth and simple...I reloaded WinXP from the OEM restore CD on a Dell laptop which had apparently been purchased overseas - Korea, I believe...the middle-aged Armenian gentleman said that a relative of his purchased a number of them and shipped them to him here in the US, apparently he was able to save himself a few hundred bucks on the deal, whatever's clever, it's kind of irrelevant anwyayz. It was the second service call I did for him when he called me back a couple of weeks later that made it's mark on my memory.

He asked me to come out to his home in a semi-rural area 10-20mins north of town to help him with a few minor problems - a printer which wouldn't print, a broadband connection that was working fine for the hardwired clients but nada for the wireless nodes, and some sort of a problem he was having installing some software on one of his laptops. He didn't flinch at the $ I quoted him just to come and check things out, and I needed the money that week so whatever, yeah?

Get to his place and he insists that we drink a beer or two first while we wait for his cousin to arrive with the laptop and software which were giving him issues, and since there are few things I enjoy more than being paid to drink free beer, no problem with me. While we sit out on his front lawn, I figured I would save myself some time by digging out the details that most users breeze over the first two or three times that they talk to you about a problem - I assume this is a universal experience -...is the printer in question connected to the machine that is trying to print directly, or across the LAN, have all physical connections been checked, were the drivers installed before installing the hardware, and so on...I manage to catch a few details that I figure will speed things along, and am ready to get at it by the time his cousin arrives. They exchange a few remarks in their native tongue while I finish my second corona, and we head into the house.

I go for the printing problem first, as I'm pretty sure I know what needs to be done from our conversation out front, and a quick download of some drivers from the manufacturers website gets things moving along. I comment on what a top-end printer he's got - about a $6-8K (retail) wide carriage dye-sublimation - you could print a full size, full color, knock-your-socks off poster for your door with this bad boy, the 6 "crayons" that it uses for inks cost at least $300-$400 per color for each of the 6 colors (cyan, magenta, yellow, black, teal, fuscia/hot pink)...he grins, agreeing that it is probably overkill, but what the hell, he was deducting the entire cost anyway. No biggie. On to the broadband, about as simple as it gets - i pull the power to the wireless router, wait a few seconds, then plug it back in, reboot the clients, done.

So moving on to the software problem....He pulls out a HUGE (like, 5000 discs) binder, and selects a number of hand labeled, burned CD's and passes them to me...Photoshop CS2 w/every imaginable add-in module...I raise an eyebrow (or maybe I started to drool) at the binder, and with a sheepish grin he passes it to me to peruse as the software installs. Front to back, this binder is full of every I mean EVERY commercial program you can think of, every one of them burnt onto cd-r...I make a comment about how intelligent he was to keep backup copies of all his original media, at which he guffaws and explains that he purchased all of the programs in singapore for $5 a disc, and that if I can get his problem squared away he will gladly offer me the same price for any title I can think of.

The install goes off without a hitch, which doesn't surprise him, apparently the problem he was having was with loading a template that his cousin had given him to work from on a business contract....He duplicates the errors for me, and I explain to him that what is happening is that photoshop is complaining about a few missing fonts and some missing image files which a layer or two of the .psd files reference. It takes a minute, but after rewording my explanation a couple of times, he seems to understand, and is sure that his "no good, lazy son of a b**** cousin" just didn't properly copy all of the appropriate files over, and that he can handle it now that he knows what the problem is.

I collect my fee, and go on about my life, and probably wouldn't really have thought of it again except that about 3 months later I see the house that I was at on the local news, with the gentleman who paid me being led out in handcuffs by federal agents. Apparently he and his "family" were creating documentation for some of the migrant workers in the area, supplying them with birth certs, ssn cards, and ID's instead of their regular wages...........

What a trip! Seemed kind of fishy to me when I was there, but when I'm being paid good cash money for my time, I try not to over-think things. Glad I didn't get any more involved than I did though....

Ok........

I read that and expected to see somewhere that it was related to hackers or hacking, but it's not. It turned out they were simply using their computers to supply fake documents (I presume they used their computers for this, actually this story doesn't actually say how they did it) - this is not hacking nor does it make them hackers.

Hackers/hacking wasn't even involved in this story.

What a waste to read all that for nothing.

[dinscurge]

Ok........

I read that and expected to see somewhere that it was related to hackers or hacking, but it's not. It turned out they were simply using their computers to supply fake documents (I presume they used their computers for this, actually this story doesn't actually say how they did it) - this is not hacking nor does it make them hackers.

Hackers/hacking wasn't even involved in this story.

What a waste to read all that for nothing.

most "hacking" isnt "hacking" anyways. i mean using wireshark/kismet/aircrack/metasploit w.e. none of thats hacking its all just using a well documented process the same as those guys making fake id's/papers.i mean most hacking thats in the mob is pretty low tech like stealing identitys/forging new ones, other than the few that break into specific systems/sell zero days/botnets. there isnt any money in cracking wep/rooting random unpatched windows 2k computers.

[resistor X]

Ok........

I read that and expected to see somewhere that it was related to hackers or hacking, but it's not. It turned out they were simply using their computers to supply fake documents (I presume they used their computers for this, actually this story doesn't actually say how they did it) - this is not hacking nor does it make them hackers.

Hackers/hacking wasn't even involved in this story.

What a waste to read all that for nothing.

most "hacking" isnt "hacking" anyways. i mean using wireshark/kismet/aircrack/metasploit w.e. none of thats hacking its all just using a well documented process the same as those guys making fake id's/papers.i mean most hacking thats in the mob is pretty low tech like stealing identitys/forging new ones, other than the few that break into specific systems/sell zero days/botnets. there isnt any money in cracking wep/rooting random unpatched windows 2k computers.

This just brings up the topic of people calling something "hacking" that's really not and people who call themselves "hackers" though they're really not, like script kiddies as one example.

Well then, this is my point - everyone who is doing so should stop loosely defining hacking to mean things which are not hacking at all.

I mean, I could instruct my Uncle on how to use Photoshop to create a fake I.D., but does it make my uncle a hacker for being able to take my instruction and make the I.D.? No way - it only means he can follow instructions. If people keep loosely defining things this way, now my uncle will be a hacker! - that'll surprise him!

[Seal]

Approaching people doesn't get you the best price for most types of illicit activity. That's why so many criminals prefer to defer to a system whereby the blackhats bid on work. The one whose able to deliver the most for the cheapest wins.

Take this posting for instance:
http://www.getafreel...unt-rental.html

If you read between the lines, the more facebook accounts are hacked, the more money you make.

[nyphonejacks]

What a waste to read all that for nothing.

i disagree.. i found it an enjoyable story worth sharing...

This just brings up the topic of people calling something "hacking" that's really not and people who call themselves "hackers" though they're really not, like script kiddies as one example.

i think that you are confusing hacking with cracking, or blackhat... hacking is using or modifying software or hardware for uses other than its intended use... hackers are the people who tinker with hardware/software...

i do not claim to be a hacker or cracker... but your limited understanding of the term(s), which seems has been interpreted more from the media or movies makes you appear like a script kiddie... i am not calling you that, it is just what it makes you sound like by defining hackers, or hacking as black hat only...

[resistor X]

What a waste to read all that for nothing.

i disagree.. i found it an enjoyable story worth sharing...

This just brings up the topic of people calling something "hacking" that's really not and people who call themselves "hackers" though they're really not, like script kiddies as one example.

i think that you are confusing hacking with cracking, or blackhat... hacking is using or modifying software or hardware for uses other than its intended use... hackers are the people who tinker with hardware/software...

i do not claim to be a hacker or cracker... but your limited understanding of the term(s), which seems has been interpreted more from the media or movies makes you appear like a script kiddie... i am not calling you that, it is just what it makes you sound like by defining hackers, or hacking as black hat only...

You have misunderstood me.

First, I wasn't defining hackers as "black hat only" - where you got that from, who knows.

Secondly, don't assume someone who is new to binrev must have limited information about hacking and therefore means "They probably have an image of hacking which was derived from movies or the media".
Fact is, I was around hacking, hackers, phreakers, crackers long before the media ever heard the term and way before any movie came out, before the first computer crime law went on the books - that's how old I am.

Edited by resistor X, 20 January 2010 - 08:56 PM.

[nyphonejacks]

i knew you were going to take it as an insult.. which i was not attempting... for that my apologies...

just IMO it sounded like the way you were describing or defining hacker appeared to me to be very narrow and limited to those who were involved in computer related crimes...

i in no way meant to imply because you have a low post count that any thing that you contribute is any less valid than anything posted by anyone else... i do not know enough about you, or your skills to make an assumption about your skills or experiences...

while the OPs story did not have much to do with "hacking" so much it could be considered to relate to organized crime and computers, so i feel that his story was relevant to this thread... and i did enjoy reading about his experience..

[resistor X]

i knew you were going to take it as an insult.. which i was not attempting... for that my apologies...

just IMO it sounded like the way you were describing or defining hacker appeared to me to be very narrow and limited to those who were involved in computer related crimes...

i in no way meant to imply because you have a low post count that any thing that you contribute is any less valid than anything posted by anyone else... i do not know enough about you, or your skills to make an assumption about your skills or experiences...

while the OPs story did not have much to do with "hacking" so much it could be considered to relate to organized crime and computers, so i feel that his story was relevant to this thread... and i did enjoy reading about his experience..

I wasn't taking it as an insult, believe it or not. I just thought I should mention I wasn't new to hacking so therefore wasn't getting any definitions from media or movie.

So, no need for an apology since you meant nothing by it anyway.

Upon thinking about what you said above in your last paragraph, I'd have to say I agree - I guess I missed that point, so in that case my apology to GRiNCH for the undeserved critique of the post. My bad.