Everyday cybercrime -- and what you can do about it

Rollback to version 2

0:01 - 0:03

I'm going to be showing some of the cybercriminals'
0:03 - 0:05

latest and nastiest creations.
0:05 - 0:07

So basically, please don't go and download
0:07 - 0:10

any of the viruses that I show you.
0:10 - 0:13

Some of you might be wondering what a cyber-security specialist looks like,
0:13 - 0:15

and I thought I'd give you a quick insight
0:15 - 0:17

into my career so far.
0:17 - 0:19

(Laughter)
0:19 - 0:21

It's a pretty accurate description.
0:21 - 0:23

This is what someone that specializes
0:23 - 0:25

in malware and hacking looks like.
0:25 - 0:27

So today, computer viruses and trojans,
0:27 - 0:30

designed to do everything from stealing data
0:30 - 0:33

to watching you in your webcam
0:33 - 0:36

to the theft of billions of dollars.
0:36 - 0:38

Some malicious code today goes as far
0:38 - 0:42

as targeting power utilities and infrastructure.
0:42 - 0:44

Let me give you a quick snapshot
0:44 - 0:47

of what malicious code is capable of today.
0:47 - 0:50

Right now, every second, eight new users
0:50 - 0:52

are joining the internet.
0:52 - 0:59

Today, we will see 250,000 individual new computer viruses.
0:59 - 1:05

We will see 30,000 new infected websites.
1:05 - 1:07

And, just to kind of tear down a myth here,
1:07 - 1:09

lots of people think that when you get infected
1:09 - 1:14

with a computer virus, it's because you went to a porn site.
1:14 - 1:16

Right? Well, actually, statistically speaking,
1:16 - 1:19

if you only visit porn sites, you're safer.
1:19 - 1:21

People normally right that down, by the way.
1:21 - 1:22

(Laughter)
1:22 - 1:24

Actually, about 80 percent of these
1:24 - 1:26

are small business websites getting infected.
1:26 - 1:29

Today's cybercriminal, what do they look like?
1:29 - 1:31

Well, many of you have the image, don't you,
1:31 - 1:33

of the spotty teenager sitting in a basement,
1:33 - 1:36

hacking away for notoriety.
1:36 - 1:38

But actually today, cybercriminals
1:38 - 1:41

are wonderfully professional and organized.
1:41 - 1:44

In fact, they have product adverts.
1:44 - 1:46

You can go online and buy a hacking service
1:46 - 1:48

to knock your business competitor offline.
1:48 - 1:50

Check out this one I found.
1:50 - 1:52

Salesman (Video): So you're hear for one reason,
1:52 - 1:54

and that reason is
1:54 - 1:56

is because you need your business competitors,
1:56 - 1:59

rivals, haters, or whatever the reason is, or who,
1:59 - 2:01

they are to go down.
2:01 - 2:03

Well you, my friend, you've came to the right place.
2:03 - 2:06

If you want your business competitors to go down,
2:06 - 2:08

well, they can.
2:08 - 2:11

If you want your rivals to go offline, well, they will.
2:11 - 2:14

Not only that, we are providing a short-term to long-term
2:14 - 2:16

DDOS service or scheduled attack,
2:16 - 2:20

starting five dollars per hour for small personal websites
2:20 - 2:22

to 10 to 50 dollars per hour.
2:22 - 2:24

James Lyne: Now, I did actually pay
2:24 - 2:27

one of these cybercriminals to attack my own website.
2:27 - 2:30

Things got a bit tricky when I tried to expense it at the company.
2:30 - 2:32

Turns out that's not cool.
2:32 - 2:35

But regardless, it's amazing how many products
2:35 - 2:38

and services are available now to cybercriminals.
2:38 - 2:41

For example, this testing platform,
2:41 - 2:43

which enables the cybercriminals
2:43 - 2:45

to test the quality of their viruses
2:45 - 2:47

before they release them on the world.
2:47 - 2:49

For a small fee, they can upload it
2:49 - 2:51

and make sure everything is good.
2:51 - 2:53

But it goes further.
2:53 - 2:55

Cybercriminals now have crime pacts
2:55 - 2:57

with business intelligence reporting dashboards
2:57 - 3:01

to manage the distribution of their malicious code.
3:01 - 3:05

This is the market leader in malware distribution,
3:05 - 3:07

the Black Hole Exploit Pact,
3:07 - 3:10

responsible for nearly one third of malware distribution
3:10 - 3:12

in the last couple of quarters.
3:12 - 3:15

It comes with technical installation guides,
3:15 - 3:17

video setup routines,
3:17 - 3:20

and get this, technical support.
3:20 - 3:22

You can email the cybercriminals and they'll tell you
3:22 - 3:26

how to set up your illegal hacking server.
3:26 - 3:30

So let me show you what malicious code looks like today.
3:30 - 3:33

What I've got here is two systems,
3:33 - 3:36

an attacker, which I've made look all Matrix-y and scary,
3:36 - 3:40

and a victim, which you might recognize from home or work.
3:40 - 3:42

Now normally, these would be on different sides
3:42 - 3:45

of the planet or of the internet,
3:45 - 3:47

but I've put them side by side
3:47 - 3:49

because it makes things much more interesting.
3:49 - 3:51

Now, there are many ways you can get infected.
3:51 - 3:54

You will have come in contact with some of them.
3:54 - 3:56

Maybe some of you have received an email
3:56 - 4:00

that says something like, "Hi, I'm a Nigerian banker,
4:00 - 4:02

and I'd like to give you 53 billion dollars
4:02 - 4:04

because I like your face."
4:04 - 4:06

Right?
4:06 - 4:08

Or funnycats.exe, which rumor has it
4:08 - 4:12

was quite successful in China's recent campaign against America.
4:12 - 4:14

Now there are many ways you can get infected.
4:14 - 4:17

I want to show you a couple of my favorites.
4:17 - 4:19

This is a little USB key.
4:19 - 4:22

Now how do you get a USB key to run in a business?
4:22 - 4:25

Well, you could try looking really cute.
4:25 - 4:28

Awww.
4:28 - 4:30

Or, in my case, awkward and pathetic.
4:30 - 4:34

So imagine this scenario: I walk into one of your businesses,
4:34 - 4:37

looking very awkward and pathetic, with a copy of my C.V.
4:37 - 4:39

which I've covered in coffee,
4:39 - 4:42

and I ask the receptionist to plug in this USB key
4:42 - 4:44

and print me a new one.
4:44 - 4:47

So let's have a look here on my victim computer.
4:47 - 4:50

What I'm going to do is plug in the USB key.
4:50 - 4:52

After a couple of seconds,
4:52 - 4:55

things start to happen on the computer on their own,
4:55 - 4:57

usually a bad sign.
4:57 - 4:59

This would of course normally happen
4:59 - 5:01

in a couple of seconds, really, really quickly,
5:01 - 5:03

but I've kind of slowed it down
5:03 - 5:06

so you can actually see the attack occurring.
5:06 - 5:09

Malware is very boring otherwise.
5:09 - 5:11

So this is writing out the malicious code,
5:11 - 5:15

and a few seconds later, on the left-hand side,
5:15 - 5:19

you'll see the attacker's screen get some interesting new text.
5:19 - 5:21

Now if I place the mouse cursor over it,
5:21 - 5:23

this is what we call a command prompt,
5:23 - 5:27

and using this we can navigate around the computer.
5:27 - 5:30

We can access your documents, your data.
5:30 - 5:32

You could turn on the webcam.
5:32 - 5:34

That can be very embarrassing.
5:34 - 5:36

Or just to really prove a point,
5:36 - 5:38

we can launch programs like my personal favorite,
5:38 - 5:40

the Windows Calculator.
5:40 - 5:43

So isn't it amazing how much control
5:43 - 5:45

the attackers can get with such a simple operation.
5:45 - 5:47

Let me show you how most malware
5:47 - 5:49

is now distributed today.
5:49 - 5:52

What I'm going to do is open up a website
5:52 - 5:54

that I wrote.
5:54 - 5:57

It's a terrible website. It's got really awful graphics.
5:57 - 6:00

And it's got a comments section here
6:00 - 6:03

where we can submit comments to the website.
6:03 - 6:06

Many of you will have used something a bit like this before.
6:06 - 6:08

Unfortunately, when this was implemented,
6:08 - 6:11

the developer was slightly inebriated
6:11 - 6:13

and managed to forget
6:13 - 6:15

all of the secure coding practices he had learned.
6:15 - 6:17

So let's imagine that our attacker,
6:17 - 6:21

called Evil Hacker just for comedy value,
6:21 - 6:24

inserts something a little nasty.
6:24 - 6:26

This is a script.
6:26 - 6:28

It's code which will be interpreted on the webpage.
6:28 - 6:31

So I'm going to submit this post,
6:31 - 6:34

and then, on my victim computer,
6:34 - 6:36

I'm going to open up the web browser
6:36 - 6:38

and browse to my website,
6:38 - 6:42

www.incrediblyhacked.com.
6:42 - 6:44

Notice that after a couple of seconds,
6:44 - 6:46

I get redirected.
6:46 - 6:48

That website address at the top there,
6:48 - 6:51

which you can just about see, microshaft.com,
6:51 - 6:54

the browser crashes as it hits one of these exploit pacts,
6:54 - 6:58

and up pops fake anti-virus.
6:58 - 7:03

This is a virus pretending to look like anti-virus software,
7:03 - 7:06

and it will go through and it will scan the system,
7:06 - 7:08

have a look at what is popping up here.
7:08 - 7:09

It creates some very serious alerts.
7:09 - 7:12

Oh look, a child porn proxy server.
7:12 - 7:14

You really should clean that up.
7:14 - 7:16

What's really insulting about this is
7:16 - 7:19

not only does it provide the attackers with access to your data,
7:19 - 7:22

but when the scan finishes, they tell you
7:22 - 7:25

in order to clean up the fake viruses,
7:25 - 7:28

you have to register the product.
7:28 - 7:31

Now I liked it better when viruses were free.
7:31 - 7:34

(Laughter)
7:34 - 7:36

People now pay cybercriminals money
7:36 - 7:39

to run viruses,
7:39 - 7:41

which I find utterly bizarre.
7:41 - 7:45

So anyway, let me change pace a little bit.
7:45 - 7:48

Chasing 250,000 pieces of malware a day
7:48 - 7:50

is a massive challenge,
7:50 - 7:52

and those numbers are only growing
7:52 - 7:56

directly in proportion to the length of my stress line, you'll note here.
7:56 - 7:58

So I want to talk to you briefly
7:58 - 8:01

about a group of hackers we tracked for a year
8:01 - 8:03

and actually found,
8:03 - 8:06

and this is a rare treat in our job.
8:06 - 8:08

Now this was a cross-industry collaboration,
8:08 - 8:11

people from Facebook, independent researchers,
8:11 - 8:13

guys from Sophos.
8:13 - 8:15

So here we have a couple of documents
8:15 - 8:18

which our cybercriminals had uploaded
8:18 - 8:22

to a cloud service, kind of like Dropbox or Skydrive,
8:22 - 8:25

like many of you might use.
8:25 - 8:28

At the top, you'll notice a section of source code.
8:28 - 8:31

What this would do is send the cybercriminals
8:31 - 8:35

a text message every day telling them how much money
8:35 - 8:37

they'd made that day,
8:37 - 8:40

so a kind of cybercriminal billings report, if you will.
8:40 - 8:43

If you look closely, you'll notice a series
8:43 - 8:46

of what are Russian telephone numbers.
8:46 - 8:49

Now that's obviously interesting,
8:49 - 8:52

because that gives us a way of finding our cybercriminals.
8:52 - 8:54

Down below, highlighted in red,
8:54 - 8:56

in the other section of source code,
8:56 - 8:58

is this bit "leded:leded."
8:58 - 9:00

That's a username,
9:00 - 9:02

kind of like you might have on Twitter.
9:02 - 9:04

So let's take this a little further.
9:04 - 9:06

There are a few other interesting pieces
9:06 - 9:09

the cybercriminals had uploaded.
9:09 - 9:11

Lots of you here will use smartphones
9:11 - 9:13

to take photos and post them from the conference.
9:13 - 9:16

An interesting feature of lots of modern smartphones
9:16 - 9:18

is that when you take a photo,
9:18 - 9:22

it embeds GPS data about where that photo was taken.
9:22 - 9:24

In fact, I've been spending a lot of time
9:24 - 9:26

on internet dating sites recently,
9:26 - 9:29

obviously for research purposes,
9:29 - 9:32

and I've noticed that about 60 percent
9:32 - 9:35

of the profile pictures on internet dating sites
9:35 - 9:39

contain the GPS coordinates of where the photo was taken,
9:39 - 9:41

which is kind of scary
9:41 - 9:43

because you wouldn't give out your home address
9:43 - 9:45

to lots of strangers,
9:45 - 9:47

but we're happy to give away our GPS coordinates
9:47 - 9:51

to plus or minus 15 meters.
9:51 - 9:54

And our cybercriminals had done the same thing.
9:54 - 9:57

So here's a photo which resolves to St. Petersburg.
9:57 - 10:00

We then deploy the incredibly advanced hacking tool.
10:00 - 10:03

We used Google.
10:03 - 10:06

Using the email address, the telephone number,
10:06 - 10:08

and the GPS data, on the left you see an advert
10:08 - 10:13

for a BMW that one of our cybercriminals is selling,
10:13 - 10:18

on the other side an advert for the sale of sphinx kittens.
10:18 - 10:21

One of these was more stereotypical for me.
10:21 - 10:25

A little more searching, and here's our cybercriminal.
10:25 - 10:29

Imagine, these are hardened cybercriminals
10:29 - 10:31

sharing information scarcely.
10:31 - 10:33

Imagine what you could find
10:33 - 10:35

about each of the people in this room.
10:35 - 10:37

A bit more searching through the profile
10:37 - 10:39

and there's a photo of their office.
10:39 - 10:40

They were working on the third floor.
10:40 - 10:42

And you can also see some photos
10:42 - 10:44

from his business companion
10:44 - 10:47

where he has a taste in a certain kind of image.
10:47 - 10:51

It turns out he's a member of the Russian Adult Webmasters Federation.
10:51 - 10:55

But this is where our investigation starts to slow down.
10:55 - 10:59

The cybercriminals have locked down their profiles quite well.
10:59 - 11:01

And herein is the greatest lesson
11:01 - 11:05

of social media and mobile devices for all of us right now.
11:05 - 11:09

Our friends, our families, and our colleagues
11:09 - 11:14

can break our security even when we do the right things.
11:14 - 11:16

This is MobSoft, one of the companies
11:16 - 11:19

that this cybercriminal gang owned,
11:19 - 11:21

and an interesting thing about MobSoft
11:21 - 11:23

is the 50 percent owner of this
11:23 - 11:25

posted a job advert,
11:25 - 11:28

and this job advert matched one of the telephone numbers
11:28 - 11:30

from the code earlier.
11:30 - 11:33

This woman was Maria,
11:33 - 11:35

and Maria is the wife of one of our cybercriminals.
11:35 - 11:38

And it's kind of like she went into her social media settings
11:38 - 11:41

and clicked on every option imaginable
11:41 - 11:45

to make herself really, really insecure.
11:45 - 11:48

By the end of the investigation,
11:48 - 11:50

where you can read the full 27 page report at that link,
11:50 - 11:53

we had photos of the cybercriminals,
11:53 - 11:55

even the office Christmas party
11:55 - 11:57

when they were out on an outing.
11:57 - 12:01

That's right, cybercriminals do have Christmas parties,
12:01 - 12:03

as it turns out.
12:03 - 12:05

Now you're probably wondering what happened to these guys.
12:05 - 12:07

Let me come back to that in just a minute.
12:07 - 12:10

I want to change pace to one last little demonstration,
12:10 - 12:14

a technique that is wonderfully simple and basic,
12:14 - 12:17

but is interesting in exposing how much information
12:17 - 12:19

we're all giving away,
12:19 - 12:24

and it's relevant because it applies to us a TED audience.
12:24 - 12:26

This is normally when people start kind of shuffling in their pockets
12:26 - 12:29

trying to turn their phones onto airplane mode desperately.
12:29 - 12:31

Many of you all know about the concept
12:31 - 12:34

of scanning for wireless networks.
12:34 - 12:37

You do it every time you take out your iPhone or your Blackberry
12:37 - 12:41

and connect to something like TEDAttendees.
12:41 - 12:43

But what you might not know
12:43 - 12:48

is that you're also beaming out a list of networks
12:48 - 12:50

you've previously connected to,
12:50 - 12:54

even when you're not using wireless actively.
12:54 - 12:56

So I ran a little scan.
12:56 - 12:59

I was relatively inhibited compared to the cybercriminals,
12:59 - 13:01

who wouldn't be so concerned by law,
13:01 - 13:04

and here you can see my mobile device.
13:04 - 13:06

Okay? So you can see a list of wireless networks.
13:06 - 13:12

TEDAttendees, HyattLB. Where do you think I'm staying?
13:12 - 13:15

My home network, PrettyFlyForAWifi,
13:15 - 13:17

which I think is a great name.
13:17 - 13:20

Sophos_Visitors, SANSEMEA, companies I work with.
13:20 - 13:23

Loganwifi, that's in Boston. HiltonLondon.
13:23 - 13:25

CIASurveillanceVan.
13:25 - 13:27

We called it that at one of our conferences
13:27 - 13:29

because we thought that would freak people out,
13:29 - 13:31

which is quite fun.
13:31 - 13:33

This is how geeks party.
13:33 - 13:35

(Laughter)
13:35 - 13:37

So let's make this a little bit more interesting.
13:37 - 13:39

Let's talk about you.
13:39 - 13:42

Twenty-three percent of you have been to Starbucks
13:42 - 13:45

recently and used the wireless network.
13:45 - 13:47

Things get more interesting.
13:47 - 13:49

Forty-six percent of you I could link to a business,
13:49 - 13:52

xyzemployee network.
13:52 - 13:55

This isn't an exact science, but it gets pretty accurate.
13:55 - 14:00

761 of you I could identify a hotel you'd been to recently,
14:00 - 14:04

absolutely with pinpoint precision somewhere in the globe.
14:04 - 14:08

234 of you, well, I know where you live.
14:08 - 14:10

Your wireless network name is so unique
14:10 - 14:12

that I was able to pinpoint it
14:12 - 14:15

using data available openly on the internet
14:15 - 14:19

with no hacking or clever, clever tricks.
14:19 - 14:21

And I should mention as well that
14:21 - 14:23

some of you do use your names,
14:23 - 14:25

"James Lyne's iPhone," for example.
14:25 - 14:29

And two percent of you have a tendency to extreme profanity.
14:29 - 14:31

So something for you to think about:
14:31 - 14:35

as we adopt these new applications and mobile devices,
14:35 - 14:37

as we play with these shiny new toys,
14:37 - 14:40

how much are we trading off convenience
14:40 - 14:44

for privacy and security?
14:44 - 14:46

Next time you install something,
14:46 - 14:49

look at the settings and ask yourself,
14:49 - 14:52

"Is this information that I want to share?
14:52 - 14:55

Would someone be able to abuse it?"
14:55 - 14:57

We also need to think very carefully
14:57 - 15:01

about how we develop our future talent pool.
15:01 - 15:04

You see, technology's changing at a staggering rate,
15:04 - 15:07

and that 250,000 pieces of malware
15:07 - 15:10

won't stay the same for long.
15:10 - 15:12

There's a very concerning trend
15:12 - 15:17

that whilst many people coming out of schools now
15:17 - 15:20

are much more technology-savvy, they know how to use technology,
15:20 - 15:23

fewer and fewer people are following the feeder subjects
15:23 - 15:28

to know how that technology works under the covers.
15:28 - 15:32

In the U.K., a 60 percent reduction since 2003,
15:32 - 15:36

and there are similar statistics all over the world.
15:36 - 15:39

We also need to think about the legal issues in this area.
15:39 - 15:42

The cybercriminals I talked about,
15:42 - 15:44

despite theft of millions of dollars,
15:44 - 15:46

actually still haven't been arrested,
15:46 - 15:50

and at this point possibly never will.
15:50 - 15:53

Most laws are national in their implementation,
15:53 - 15:56

despite cybercrime conventions, where the internet
15:56 - 16:00

is borderless and international by definition.
16:00 - 16:03

Countries do not agree, which makes this area
16:03 - 16:07

exceptionally challenging from a legal perspective.
16:07 - 16:11

But my biggest ask is this:
16:11 - 16:13

you see, you're going to leave here
16:13 - 16:16

and you're going to see some astonishing stories in the news.
16:16 - 16:18

You're going to read about malware doing incredible
16:18 - 16:21

and terrifying, scary things.
16:21 - 16:25

However, 99 percent of it works
16:25 - 16:29

because people fail to do the basics.
16:29 - 16:33

So my ask is this: go online,
16:33 - 16:35

find these simple best practices,
16:35 - 16:38

find out how to update and patch your computer.
16:38 - 16:40

Get a secure password.
16:40 - 16:42

Make sure you use a different password
16:42 - 16:45

on each of your sites and services online.
16:45 - 16:47

Find these resources. Apply them.
16:47 - 16:50

The internet is a fantastic resource
16:50 - 16:52

for business, for political expression,
16:52 - 16:55

for art, and for learning.
16:55 - 16:57

Help me and the security community
16:57 - 17:01

make life much, much more difficult
17:01 - 17:03

for cybercriminals.
17:03 - 17:05

Thank you.
17:05 - 17:09

(Applause)

Title:: Everyday cybercrime -- and what you can do about it
Speaker:: James Lyne
Description:: more » « less
Video Language:: English
Team:: closed TED
Project:: TEDTalks
Duration:: 17:26

	Thu-Huong Ha approved English subtitles for Everyday cybercrime -- and what you can do about it
	Thu-Huong Ha edited English subtitles for Everyday cybercrime -- and what you can do about it
	Thu-Huong Ha edited English subtitles for Everyday cybercrime -- and what you can do about it
	Morton Bast accepted English subtitles for Everyday cybercrime -- and what you can do about it
	Morton Bast edited English subtitles for Everyday cybercrime -- and what you can do about it
	Joseph Geni edited English subtitles for Everyday cybercrime -- and what you can do about it
	Amara Bot edited English subtitles for Everyday cybercrime -- and what you can do about it

English subtitles

Revisions Compare revisions

Revision 4 Edited (legacy editor)

Thu-Huong Ha
Revision 3 Edited (legacy editor)

Morton Bast
Revision 2 Edited (legacy editor)

Joseph Geni
Revision 1

Amara Bot

	Revision Number	Author	Created
	4	Thu-Huong Ha
	3	Morton Bast
	2	Joseph Geni
	1	Amara Bot

Everyday cybercrime -- and what you can do about it

Revisions Compare revisions

Our website uses cookies

Operating cookies (Required)