[ISN] RP computer hackers turning into syndicates

From: InfoSec News (alerts@private)
Date: Thu Jun 05 2008 - 00:25:47 PDT


http://www.abs-cbnnews.com/storypage.aspx?StoryId=120632

By David Dizon
abs-cbnNews.com
2007 Newsbreak Investigative Writing Fellow
6/5/2008

Authorities have been monitoring certain e-groups or "societies" that 
could be behind big, transnational cyber crimes, and these suspects 
could be your tech-savvy neighbors or seatmates at an Internet café.

Online identity thieves, who used to prefer working alone, have in 
recent years begun organizing as criminal syndicates, usually in 
connivance with foreign hacker groups, according to Alex Ramos, a 
computer forensics specialist of the Philippine National Police.

"They don’t fit the typical profile of a criminal. They’re not 
neglected. Some do it for the fun of hacking and earning a little 
something. There is also a group of crackers, college boys, who only 
focus on getting credit card information," Ramos says. Some members 
being enticed to join these societies are as young as 14 years old, he 
says.

One of the earliest monitoring of hackers’ groups that Ramos conducted 
started in 1999. It led to some minor arrests, but the core of the 
syndicate—run by foreigners, in turned out—was busted only in 2007.

It turned out, too, that the crime was affecting telecommunications 
networks worldwide, and would be the biggest to be thwarted by local 
authorities since the E-Commerce Law was passed in 2000. Ramos earned 
for it the 2007 Timothy Fidel Memorial Award from organizers of the 
Computer Enterprise Investigations Conference.


Unwitting teen-agers

Ramos says the syndicate committed phreaking, which exploited security 
loopholes to obtain free access to telephone calls at the expense of 
customers of the Philippine Long Distant Telephone (PLDT). The process 
involves using a "war dialer" to call different phone numbers and then 
guessing the pincodes to those numbers in order to freely access the 
system to make long distance calls.

Foreign law enforcers contacted the Philippine government in 2001 about 
an upsurge in online anomalies hitting foreign telecoms. "These telecoms 
had been monitoring the increase in unauthorized calls and they made a 
projection that if this thing continued to happen at that rate, there 
would be denial of service. No one in the Philippines would be able to 
call anyone in the US," he recalls.

Ramos said the first police raid concerning phreaking didn’t make the 
news in 2001 because it involved minors. It was a rude awakening for 
local law enforcement after seeing that children were being used 
unwittingly to commit cyber crimes.

"We used 200 men—SWAT, PNP, NBI—all fully armed because we didn’t know 
what we were up against. Even the house was located at a known hotspot 
of criminal activity. And then when we raided the house, we couldn’t 
file a case against the suspects; they were 14-year-old kids. In the 
list of the hottest phreakers in the country, they were at the top," he 
says.


Foreign mastermind

After questioning the teenagers, Ramos was convinced that the children 
were unwitting accomplices of a foreign mastermind. "They didn’t know 
that what they were doing was illegal. All they knew was they were given 
instructions to punch these numbers in the computer. They weren’t even 
paid. It was just for kicks."

Ramos says it was the absence of the money trail that bewildered law 
enforcement at first. Foreign law enforcers would later reveal that the 
syndicate was wiring money to local hackers in the Philippines to 
continue the phreaking operation.

Police made subsequent raids against suspected syndicate members in the 
following years, but it was in March 2007 that the police was able to 
dismantle the core group. Twenty-four Jordanian nationals of Palestinian 
descent and seven Filipinos were arrested in separate raids in Caloocan, 
Valenzuela, Parañaque, and Las Piñas.

Ramos says telecom companies lost an estimated $350 million in stolen 
revenue as a result of the phreaking syndicate. He says police 
investigation of the phreaking case is still ongoing. "We know it is 
being done by a foreign group. There are still phreaking activities 
happening here but they’re minor, it’s not as big as before," he says.

Police said there are at least 100 Manila-based hackers in the phreaking 
syndicate composed of Filipinos, Palestinian-Jordanian nationals, 
Pakistani nationals, and Italians with Middle East origins.


Bad for e-commerce

Abe Olandres, a tech blogger, says one security threat that law 
enforcers should focus on is the stealing of passwords and credit card 
information from online users. This, he says, is the reason why 
e-commerce rollout in the Philippines remains slow.

YES Limited, a Hong Kong-based IT company launched in 2003, was 
victimized by credit card fraud, which led to the arrests of several 
suspects. YES Limited allows overseas Filipinos to send money to their 
loved ones in the Philippines by creating an online account in their 
Yespinoy.com website, which is then topped up with funds from a credit 
card. The relative of the overseas Filipino can withdraw the money using 
a Smart Money ATM card.

YES Limited monitored that a number of Yespinoy.com members were sending 
money to just one account. Money from the account was later withdrawn 
from an ATM in Quezon City. When contacted, the Yespinoy members denied 
sending any money to the account, while others denied registering for 
membership in the site.

The company contacted the National Bureau of Investigation (NBI), which 
conducted an entrapment operation, netting two suspected credit card 
fraudsters using stolen account information.

Olandres says www.godaddy.com, an Internet domain registration site, 
refused to service the Philippines four years ago because of the high 
incidence of credit card fraud and malicious attacks by local hackers. 
He said the site had to resort to manual checking of users who wanted to 
register domains.


Private help needed

He says that while the E-Commerce Law was passed in 2001, none of the 
proposed bills on cybercrime have moved. "Congress has to act quickly 
because computer crimes are becoming more complicated. It’s 
counterproductive to have all this progress without the legislation 
needed to protect online users," he says.

Ramos says there is also a need to equip law enforcers to go after cyber 
criminals. He says only a few units under the PNP and NBI are dedicated 
to fighting computer crime.

"You cannot centralize the skills, the knowledge. We have to spread the 
knowledge about how cyber crime works. That way, people would be able to 
see when it’s happening and report it," he explains.

He also lauds the private sector, particularly the IT community, for 
helping law enforcers in pursuing criminals in cyberspace.

"Government does not have all the resources and skills. That is why it 
is a must that we work together with the private sector. We have to 
build a network of friends in the IT industry and we need an organized 
system that would help in the free flow of information between the 
private sector and the government units handling cyber crime," he says.



_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Thu Jun 05 2008 - 00:46:27 PDT