Fatal System Error (38 page)

Read Fatal System Error Online

Authors: Joseph Menn

Tags: #Business & Economics, #General, #Computers, #Security, #Viruses & Malware, #Online Safety & Privacy, #Law, #Computer & Internet, #Social Science, #Criminology

BOOK: Fatal System Error
3.42Mb size Format: txt, pdf, ePub
173
he could tell if it was true:
Sources for the material on Thomas include his own comments on various Web pages, a podcast interview available at
http://smallworldpodcast.com/?p=41
, and an excellent
Wired
article by Kim Zetter, “I Was a Cybercrook for the FBI,” at
www.wired.com/politics/onlinerights/news/2007/01/72515
.
173
effectively of the governments themselves:
Sources include numerous law enforcement officials in the U.S., U.K., and Russia, as well as Zenz’s VeriSign report.
175
“Will pay with Western Union”:
Chat witnessed by the author.
175
a payment processor owned by the Royal Bank of Scotland:
Press accounts include
http://voices.washingtonpost.com/securityfix/2009/02/data_breach_led_to_multi-milli.html?wprss=securityfix
.
175
that a CarderPlanet guru named BigBuyer had ordered from
Outpost.com
:
The Zetter article in
Wired
noted above.
176
rippers who stole from other thieves:
Sources include interviews with Mularski and Shawn Henry.
177
with more than fifty others in multiple countries:
For more on Cha0, see “Turkish Police Arrest Alleged ATM Hacker-Kidnapper,”
www.wired.com/threatlevel/2008/09/turkish-police/
.
178
an executive of a top encryption firm:
Interview with Phil Dunkelberger, chief executive of PGP Corporation. The T.J. Maxx indictments came in Boston, against Gonzalez and others, and San Diego, against Yastremskiy and others,
www.usdoj.gov/usao/ma/Press%20Office%20-%20Press%20Release%20Files/Aug2008/TJXPressRelease.html
.
178
persuaded authorities there to make an arrest:
Interviews with U.S. law enforcement.
178
He had gone by both Soupnazi and Segvec:
An engaging account of Gonzalez’s multifaceted career appeared in Brad Stone’s
New York Times
story “Global Trail of an Online Crime Ring,” at
www.nytimes.com/2008/08/12/technology/12theft.html?
.
CHAPTER 10
181
high-ranking officials in the area:
Major sources for this chapter include Crocker for events before the SOCA takeover of his agency, Pohamov, U.K. and Russian documents, the judge’s ruling, and Russian law enforcement.
186
“the papers will disappear”:
Interview with Pohamov. Crocker wouldn’t comment on anything after the point in the trial when he began working for SOCA.
191
“Absolutely,” Barrett said:
According to Lyon.
193
brought no
changes: Interviews with U.K. law enforcement and private security experts. Some of the complaints were aired in public, and SOCA’s travails have been reported in the British press.
193
the ending of Raiders of the
Lost Ark:
According to people Crocker confided in.
CHAPTER 11
196
as high as possible, at King Arthur:
Sources include Pohamov, others in Russian and U.K. law enforcement, and Lyon.
196
a man in his early twenties living in the Russian republic of Dagestan:
A U.S. official with another federal agency confirmed that identification for its publication here, as did a colleague of Crocker’s at the NHTCU.
196
signaling an end to the subject:
Crocker described this scene to colleagues.
196
The committee never pursued the case:
Interviews with Russian law enforcement.
198
much to Andy’s amusement:
Sources for this section include Lyon and another person at the party.
199
give his country another chance:
Interview with Pohamov.
200
had to be numbered by hand:
Crocker described the Russian format when discussing previous submissions. Other details are from Crocker’s law enforcement allies.
200
including Milsan:
U.S. law enforcement sources.
201
within days of its release:
According to security firm Commtouch.
201
Small businesses were increasingly targeted in account transfers:
See such Brian Krebs articles on the topic as
http://voices.washingtonpost.com/securitynx/2009/09/more_business_banking_victims.html?
.
201
far less than half of 1 percent of the perpetrators:
The Gartner study by Litan.
202
the top country for hacking:
Interviews with Zenz, Henry, and others.
203
“political protection at a very strong level”:
Interviews with U.K. and U.S. law enforcement, private researchers including Jart Armin, Paul Ferguson, David Bizeul, Don Jackson, and Zenz, along with written reports from those five and others. Some say the key protector is not Flyman’s father but his uncle.
204
the Soviet government’s anti-organized crime bureau:
Interviews with Serio and his book,
Investigating the Russian Mafia.
For more on organized crime and the government, see
Darkness at Dawn
by David Satter and
Godfather of the Kremlin
by murdered
Forbes
journalist Paul Klebnikov.
206 one researcher who was able to log onto the home site: Jackson. For more on Gozi and the evolution to hacking as a service, see Scott Berinato’s “Who’s Stealing Your Passwords?” in
CIO Magazine,
at
www.cio.com/article/135500/Who_s_Stealing_Your_Passwords_Global_Hackers_Create_a_New_Online_Crime_Economy
.
206
the biggest American identity thief ever accused:
As of October 2009.
206
“They have had many opportunities”:
Interviews with Jackson and the prosecution source.
206
including identity-theft tools:
The Bank of India hack was described in multiple places. A good account was provided by Sunbelt Software.
207
security firm Secunia:
Available at
http://secunia.com/blog/37/
.
207
half a million bank credentials:
According to a report from security firm RSA. See
www.rsa.com/blog/blog_entry.aspx?id=1378
.
208
evade blocking:
A description of the Asprox alliance by RSA is at
www.rsa.com/blog/blog_entry.aspx?id=1338
.
209
police officials as the most corrupt:
Both findings were cited in Zenz’s report.
210
centralizing corruption:
See the books by Satter and Klebnikov.
210
ATM cards en masse as well:
Peretti interview.
211
attempted coup there:
The
CompSec
story is available at
www.compseconline.com/analysis/040121419fraud.html
.
211
was directed from Russian computers:
The
LATimes
article, “Cyber-attack on Defense Department Computers Raises Concerns,” appears at
http://articles.latimes.com/2008/nov/28/nation/na-cyberattack28
.
212
“it was state sponsored”:
Interviews with Schmidt and McConnell.
212
all foreign Internet traffic:
Interview with lives. The Estonian attack received substantial press coverage.
213
“cybercrime to cyberwarfare”:
Alexander spoke at the 2009 RSA security conference in San Francisco.
213
RBN operatives Alexander Boykov and Sergey Smirnov:
McQuaid interview and his written report at
http://securehomenetwork.blogspot.com/2008/09/rbn-operatives-part-ii.html
. Such bogus security software was one of the fastest-growing criminal markets in 2009.
214
“some of the attacks”:
Jackson interview and his blog postings. The nonprofit U.S. Cyber Consequences Unit at Tufts University produced a more than one hundred-page analysis of the Georgia attack on its first anniversary, though it has distributed only a less sensitive summary to the members of the press. That summary concludes that organized crime and ordinary citizens conducted the attack but had “advance notice of Russian military intentions.”
214
knocked the popular messaging site Twitter offline:
A
Financial Times
story on the attack is at
www.ft.com/cms/s/0/e21434ac-83b0-11de-a24e-00144feabdc0.html
.
215
shot in the head:
Evloev’s death was reported on by
Kommersant
at
www.kommersant.com/p1018915/Evloev_killed/
. Zenz and Rohozinski spoke in interviews.
215
DDoS attacks on Palestinian sites:
Press accounts include this one,
www.theregister.co.uk/2009/01/09/gaza_conflict_patriot_cyberwars/
, in
The Register.
216
worthy of respect:
The FSB statement was reported in Russian media and at
www.rferl.org/content/article/1142607.html
.
216
redirecting traffic to anti-Chechen
sites: Some of Soldatov’s findings are summarized in English at
http://windowoneurasia.blogspot.com/2007/05/window-on-eurasia-fsb-encourages-guides.html
.
216
“not become any less productive”:
A photo of Kuryanich’s proclamation is in Zenz’s report.
217
would likely continue:
Jim Lewis of the Center for Strategic and International Studies, who was also on the panel, described the comments in an interview.
217
a means of raising funds:
As reported in the
Washington Post
in a story available at
www.concordmonitor.com/apps/pbcs.dll/article?AID=/20041216/REPOSITORY/412160328/1003/BUSINESS
.
217
cashed out the winnings:
Krebs recounted al-Daour’s exploits in “Three Worked the Web to Help Terrorists,”
www.washingtonpost.com/wpdyn/content/article/2007/07/05/AR2007070501945_pf.html
.
217
“soft ribs and strategic weaknesses”:
Wang Huacheng’s paper was cited on page 166 of the 2008 U.S.-China Economic and Security Review Commission report to Congress, available at
www.josephmenn.com/FatalSystemError
.
218
contained in the Library of Congress:
Titan Rain was exposed in a 2005
Time
magazine article available at
www.time.com/time/magazine/article/0,9171,1098961,00.html
.
218
“even detect the efforts”:
U.S.-China Economic and Security Review Commission report.
218
knock it offline for months:
Congressional testimony by, and interview with, Joe Weiss. Other experts have issued similar warnings, and the
Wall Street Journal
reported deep penetration of the power grid by Chinese reconnaissance.
219
some of the mostimportant organizations:
VeriSign and others have produced in-depth reports on the evolution of Chinese hacking.
219
the hand of Chinese government:
Interviews with Hypponen, Rohozinski, Tethong, and others.
220
3322.org
:
The Booz Allen Hamilton anecdote comes from
Business Week,
“The New E-Spionage Threat,” at
www.businessweek.com/magazine/content/08_16/b4080032218430.htm
.
220
earning enough to leave school:
The report by iDefense is available from its corporate parent VeriSign. Former iDefense expert Ken Dunham elaborated on it in an interview.

Other books

Philida by André Brink
Juneteenth by Ralph Ellison
DYING TO SURVIVE (Dark Erotica) by Hildreth, Scott, Hildreth, SD
I Like It Like That by Ziegesar, Cecily von
Destiny Bewitched by Leia Shaw
Monster by Steve Jackson
Suited to be a Cowboy by Nelson, Lorraine
Scent of a White Rose by Tish Thawer
Tainted Love by Lockhart, Cate
Above Suspicion by Lynda La Plante