Meet the Hackers with a Cause
Hacker groups that attack or steal -- some estimates say there are as many as 6000 of such groups online with about 50,000 "bad actors" around the world drifting in and out of them -- are a threat, but the goals, methods, effectiveness of these groups varies widely.
Malicious activity alert: Anonymous hack-school grads come online in 30 days
When they're angry, they hack into business and government systems to steal confidential data in order to expose information about their targets, or they simply disrupt them with denial-of-service attacks. These are the hackers with a cause, the "hacktivists" like the shadowy but well-publicized Anonymous or the short-lived Lulz Security group (which claimed to have just six members and just joined forces with Anonymous).
Over the years, Anonymous is believed to have hit targets that include the Church of Scientology, the Support Online Hip Hop website, the No Cussing Club website, and posted pornographic videos disguised as children's videos onto YouTube. It's said to have joined with Iranians protesting the results of the June 2009 Iranian presidential election. It's tied to taking down the Australian prime minister's website in 2009 because of the government's plans there to have ISPs censor porn on the Internet. Anonymous has taken up the cause of piracy activists fighting copyright law by launching denial-of-service attacks against anti-piracy groups and law firms. The group is supporting WikiLeaks, which publishes confidential information, including the U.S. State Department cables allegedly leaked by U.S. Army soldier Bradley Manning, now in a military jail awaiting trial.
Anonymous, perhaps tied to the Sony hacking incidents, has launched distributed DoS attacks against Amazon, PayPal, MasterCard, Visa and others when the card-payment groups refused to process donations to WikiLeaks. Anonymous has sprung into conflicts, such as this year's uprisings in the Mideast, hitting the websites of the Tunisian, Egyptian and Libyan governments. The group recently let the world know its chief focus these days is going to be targeting governments and corporations.
But hacktivists like Anonymous are just one type of hacker group. Others are out for financial gain, well-organized to steal payment-card numbers and personal financial data, or pillage bank accounts. And there are groups that focus on intellectual-property theft or steal valuable information for national interests, or money, or both.
Here's a look at what's known about some of them -- including the ones that unlike the hacktivists, seldom "Tweet" the world about what they do.
The Zeus gangs
The malware called ZeuS is designed to plunder victims' PCs to steal financial information and execute fraudulent high-dollar Automated Clearinghouse (ACH) transfers in corporate bank accounts, resulting in many millions of dollars in fraud against businesses, church groups and government agencies.
The Federal Bureau of investigation (FBI) and international law-enforcement partners in the United Kingdom, the Netherlands and the Ukraine managed to disrupt one of the six main ZeuS hacker groups last fall in a sweep that netted about 100 suspects tied to $70 million in U.S. bank heists. But the leader of what's called "JabberZeus" (because the specific variant of ZeuS used Jabber instant message to tell gang members when a victim's online banking credentials were stolen) is still believed to remain at large. And according to Don Jackson, senior security researcher at Dell SecureWorks. which has worked with business and the FBI, there are still five other separate ZeuS hacker groups very active across the world. These Zeus hacker groups have now been connected to "a billion dollars in losses," says Jackson.
This group, largely Russian, runs what's known as a "pay-per-install" operation to get victims to download malware they've designed and it's believed to have hundreds of "affiliates" that get paid when a malicious file is installed on a victim's machine. The group is known to have developed specialized software packers and protectors to ensure its malware, such as rootkits, which remain undetected by antivirus products.
The Chinese Hacker Puzzle
With a growing number of cyberattacks traced back to mainland China, there's a lot of interest in knowing about hacker groups there, with speculation there are many dozens of them. Security firm McAfee earlier this year released a report called "Night Dragon" which claimed hacker groups from China work regular hour shifts to try and break into oil companies to steal data.
Over the years, the more famous China hacker groups have included Janker, founded by Wang Xianbing, and the Green Army Corps, founded by Gong Wei, according to researcher Scott Henderson, who runs the website Dark Visitor. Although there is no shortage of suspicion in the U.S. that Chinese hackers have at times worked for the Chinese government to steal secrets from U.S.-based businesses and the government, there are also times when Chinese authorities have taken steps to shut down hacker groups. For instance, reports said police last year in Hubei province went after hacker group "Black Hawk Safety Net" and its website that was providing Trojan-based malware.
Over the years, others such as the Network Crack Program Hacker Group based out of Zigong have been identified. The group used a rootkit called GinWui in attacks on the U.S. Department of Defense, other U.S. agencies and Japan about five years ago. GinWui is thought to have been developed by the group's leader, Tan Dailin, who has used the handle "Wicked Rose" and later "Withered Rose."
The Network Crack Program Hacker Group is believed to have transmitted a large amount of documents to China from the U.S. But when Dailin launched denial-of-service attacks against other Chinese hacker groups, including Hackbase, 3800hk and HackerXfiles, these hacker groups went to Chinese authorities, which arrested Dailin in 2009. He now faces over seven years in prison.
Hackers in the News: Inj3ct0r Team
Some hacker groups, particularly the hacktivists, are inclined to make their exploits public by announcing them online in some way or dumping contents they've stolen as proof of their prowess. This week a group called "Inj3ct0r Team" claimed they'd compromised a server belonging to the North Atlantic Treaty Organization (NATO).
When contacted by IDG, the group said the files were a "server backup, confidential data."
According to IDG, "inside the files was a notepad document dated July 3 that said: "NATO lamers! I've been watching you day and night since then! W00t! Your Machines rooted! Servers restored to default! what else! [Expletive deleted] you and your crimes! And soon enough all your stupid ideas will be published on WikiLeaks!"One industry source asked about Inj3ct0r Team says it started as one individual who began finding vulnerabilities in websites and publicizing them, who then attracted a following.
Hacker groups have a long history. The predecessors to today's had names like "The Legion of Doom" and "Masters of Deception" and in the 1980's they mainly struck phone networks, where "they did a lot of damage," says Dell SecureWorks researcher Jackson. Today's groups, he adds, are more "self-mobilizing, they drop in and drop out," and the big groups "always have a mastermind of two."
Read more about wide area network in Network World's Wide Area Network section.