[ISN] Quebec police bust alleged hacker ring

From: InfoSec News (alerts@private)
Date: Wed Feb 20 2008 - 23:01:00 PST


http://www.nationalpost.com/news/story.html?id=322372

By Jan Ravensbergen
Canwest News Service 
February 20, 2008

MONTREAL -- Quebec provincial police said Wednesday they have dismantled 
what they called the largest and most damaging computer-hacking network 
ever uncovered in Canada.

During several action-packed early-morning hours Wednesday, provincial 
police and RCMP officers dismantled the latest hacking ring by 
successfully carrying out 17 lightning-fast raids in 12 towns small and 
large across Quebec, including Montreal.

They collared 17 hacking suspects aged 17 to 26. All are male except for 
one, a 19-year-old woman.

Some of the suspects were to appear in court Wednesday while others were 
released with the promise to appear.

Police raiding parties also sealed and carted away dozens of hard drives 
and other computer components from the homes of each of the suspects.

This hardware is believed to contain the smoking guns -- a bonanza of 
incriminating data to document the alleged ring, said SQ Capt. Frederick 
Gaudreau, lead investigator.

"This is a new form of organized crime," he proclaimed to reporters 
summoned to SQ headquarters in Montreal.

Savvy youngsters who've grown up with computers can take advantage of 
lax or inattentive users connected via broadband to the Internet.

That's what this ring did, Capt. Gaudreau alleged, adding that its 
operators extended their electronic tentacles from some of Quebec's 
smaller towns to seize control, via sophisticated remote-access 
software, of almost a million computers in more than 100 countries.

With so-called Trojan-horse and worm software, poorly protected 
computers can be hijacked and turned into so-called zombies, even while 
their users wonder why their Internet connection has slowed so 
dramatically.

The hackers, Capt. Gaudreau alleged, used these hijacking techniques to 
carry out identity theft, data theft of other kinds, spamming and 
denial-of-service attacks.

These acts caused an estimated $45-million in damages, Capt. Gaudreau 
added, to governments, businesses and individuals.

He refused to provide any further breakdown, such as an estimate of the 
volume of financial fraud committed.

The country's most notorious hacker to date was a 15-year-old Montrealer 
with the handle Mafiaboy.

The law provides a maximum of 10 years behind bars for illegal use of 
computer services -- but after crippling some of the world's most 
heavily trafficked Web sites eight years ago, Mafiaboy ended up with 
just eight months in youth detention.

Capt. Gaudreau issued repeated pleas for computer users to keep their 
anti-virus software up-to-date and to properly configure network 
firewalls.

Victims of the ring had neglected to do one or both -- opening the door 
for the ring's kingpins to plant malicious software programs with 
impunity, he alleged.

Each of the hackers detained Wednesday surreptitiously controlled an 
average of about 5,000 computers, Capt. Gaudreau alleged.

The victims were largely -- but not exclusively -- located outside 
Canada, he said.

The ring required "hundreds" of officers from the SQ and the RCMP to 
take down, he added.

The probe began in 2006, he said, following complaints from government 
agencies, businesses and individuals.

Painstaking forensic audits of thousands of gigabytes of computer data 
seized will now be required before provincial police can write the final 
chapter of this Internet saga.

Police expect the necessary evidence is likely to be served up on the 
dozens of computer hard drives confiscated Wednesday, Capt. Gaudreau 
said.

Many of the victims documented by investigators were located in Poland, 
Brazil and Mexico, he added.

Seven of those arrested Wednesday have been charged with illegally 
obtaining computer services, an offence that carries a maximum penalty 
of 10 years in prison.

Further charges against these seven could follow, Gaudreau said, 
depending on the data found on their computers.

Others were released after questioning, Gaudreau said, and haven't been 
charged but may face charges later.

The 17, communicating with each other largely via Internet, each 
operated with multiple computers, Capt. Gaudreau alleged, from 17 
locations in 12 cities, towns and hamlets across the province.

Copyright 2007 CanWest Interactive


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Wed Feb 20 2008 - 23:10:41 PST