We seem to be entering into the bizarre realm of cross-over realities. There are legitimate stores selling rookits for the general public to install and spy at their own discretion, as well as the equally interesting crossover in the malware market, now dubbed as crimeware. The use of the SaaS model by criminal gangs selling their warez is nothing new, but a report by the CTU at SecureWorks outlines the new ways in which these groups are trying to protect their kit. From the report:
"The author has gone to great lengths to protect this version using a Hardware-based Licensing System. The author of Zeus has created a hardware-based licensing system for the Zeus Builder kit that you can only run on one computer. Once you run it, you get a code from the specific computer, and then the author gives you a key just for that computer."
So if the user changes a bit of their hardware, you're stuffed. Unlike the Microsoft model of hardware change for XP, there's no chance of calling a criminal underground rep and getting a reactivation code. However, it wouldn't surprise me if some form of call-centre or automated system was set up in the near future to support these things.
This raises some interesting questions about the manner in which these businesses operate. OK, so the author of the software wants to protect their warez, and make a profit out of them. The elegance of the software is apparent in the design of modules that can be bought for extra fees to augment the base install. However, as highlighted in a recent presentation by Thorsten Holz from the Technical University Vienna, a lot of the underground channels are filled with people trying to rip each other off. Where does the trust lie among thieves? Will this inability to trust ultimately stop the industry from growing? Will we see additional support services growing up round these illegal services to provide for the arbitration needed to instil trust?
There's already a shift in some of the Russian forums after the arrest of one of the American-based perpetrators of the the TJX hack. There is now the need for 3-factor authentication for anyone to be admitted into the forums, and two of these factors are based on reputation and personal knowledge. Also, you must be able to speak Russian. This is interesting as it could limit expansion through the lack of trust between members offering the necessary technical services. The network effect of the internet will be curtailed by this lack of trust.
It could be the case that we see these gangs adopting, and innovating, trust and identity services, which are seen as an answer to the problems facing the legitimate services offered online.
No comments:
Post a Comment