Cyber crime and big box store breaches have been ever so prevalent. In these cases it is the “financial gain” that bad-actors are trying to immediately accomplish. The breaches may have several vectors of intrusion: surveillance and exfiltration of data, user credentials, and private identifiable information to gain open access to an organization’s system enterprise. Cyber crime can be conducted by organized gangs and organizations or a single individual. It is the organized cyber crime gang that poses the most threats to businesses and organizations. One of the unusual, unknown facts of cyber crime is how the data that has been stolen can be sold on an anonymous network system called TOR and the Onion Router network. The TOR network is known as the deep dark web based on its ability to hide a bad-actor from attribution. The network was a research project that was conducted by The U.S. Naval Research lab and was turned over to a university’s continued research. It has now been made public, similar to the internet. Cyber criminals love lurking on this system.
Now that you know a little history and background on cyber crime and the deep dark web, let’s explore another case study.
We start where the other case study left off with Jim stealing the information from Joe’s notepad that he had left on the server rack.
Jim needed to desperately pay a gambling debt that was now haunting him. He had borrowed from some local bookies in order to place some bets that he was sure he would win. If it were not for bad luck, he would not have any luck at all! He lost big this time, and it was only a matter of time before his bookies would come looking for their money. He started drinking heavily to hide his depression of the gloomy days to come. He started thinking while under the influence. He had valuable data that he had copied from his old friend’s notebook! He wondered if his old hacking gang was still available.
He started calling one friend after another. He only needed three more to assist, but they were always a shadowy group. First he called his friend Jamie. To his surprise Jamie was attending college in computer science and was still in touch with the others because of his major. He stayed in touch only to have good material for his course studies in malware reverse engineering and malware analysis. He was known for bringing in recent samples from the latest exploits of vulnerabilities. Jamie had a great decorum with his professors. “Great!” said Jamie. “I will call Chris and John immediately!” I want to test our skills and the new tools that I have downloaded!”
Jim quickly met up with Jamie in a darkly lit tiny apartment with two Alienware computers that were linked by his home’s ISP internet provider. Jamie was anxious to get started. They immediately got to work using Kali Linux and Armitage penetration testing tools. Later, John and then Chris were at the door giggling like little kids! It’s going to be like old times! Jamie and John were the best hackers, and they both took the helm. Jim started reading off the IP addresses to be scanned for reconnaissance and to determine the best intrusion technique. They knew little about the details of the victim’s data. Jim started to explain how he had obtained such sensitive data by copying it directly from one of the big box store branches that was in their home town. Jim immediately changed his mind about doing penetration testing and telling his friend Joe at the Housing Warehouse store.
The data was legitimate! It was the IPs from “Housing Warehouse” corporate along with the IPs from their third-party payment processing centers located in New York City. Jim thought that he could make a quick million by ex-filtrating the data and selling it on the TOR network, which his friend John was well affiliated. They were immediately able to scan for vulnerabilities and apply payloads for the attack within Metasploit through the Kali Linux download. They were able to get access from users and system admin user accounts that were also acquired from Joe’s notebook. Once they were successful in the intrusion, they focused mainly on the third-party financial transaction providers that maintained the point-of-sale (PoS) systems because of the unpatched servers at the vendor’s location. Soon, the transactions were rerouted from the victims’ banks into their anonymous network of offhanded banks and money cashing places.
They were amateurs! Jamie, was now scared! He yelled, “I’m in school! What are you trying to do to us Jim!?” Jim was stunned. He immediately stopped with the transaction reroutes and refocused his attention on the user’s credentials and banking accounts. That would be safer. Chris was already operating a hacker forum website and had offered his services for placing the items, in this case user credit cards and credentials, on sell on his web site that existed on the TOR Onion Router. They came up with a quick price list: credit cards that were legitimate and of different high values were set at $250.00 each with the lower available accounts going for $50.00 each. The money was to be made available by bit-coin.
They started bringing in more cash but at a much slower pace than the PoS system reroute. It was slow and steady. Jim thought he would be out of that gambling debt in no time. If only those stupid bookies knew how to transfer and exchange the currency of bit-coins, he thought! He would worry about that later.
Case Study II Questions:
Download Case Study
- How was the data obtained?
- What is the major concern of cyber criminals?
- What is the Onion Router and TOR System, and how is it used?
- What is a PoS system?
- What type of tools were used for the penetration (hack) test?
- What was scanned on the victims system by the penetration tools?