Montreal Tech Watch

I caught the reports that the Sécurité du Québec and the Royal Canadian Mounted Police raided 12 locations early wednesday, and arrested 16 “hackers” who allegedly were running through a botnet more than one million PCs tlocated in Manitoba, US, Brazil and Poland.

If you go through the news reports, this is all very spectacular. “Hackers” were aged from 17 to 26, and allegedly made up to $45 million through ID theft and phishing. Police is said to have begun investigation since the summer of 2006.

Bot networks are created through trojans, worms, or “malware”, propagated from PC to PC through backdoors. Worms creators for instance craft messages for the Valentine’s day or any other special event that might deceive innocent users. Upon opening the message, the worm is installed and begins to replicate by going through the user’s address book for instance.

Bot networks are rented to send spams. They can also be used for denial of service attacks, like the famously known attack on Estonian government websites in May last year. A few of them are also used for phising and Identity theft, although the latter use is stupid, because it’s always possible to retrace the creators of the scheme through DNS and investigations, which is what the SQ and RCMP did.

I find though that the official figures in this case were overblown. I’ve done some research and couldn’t find the name of the group, which is surprising for a botnet running 1M+ bots. It just seems a random group of teenagers who downloaded a couple of trojans and worms generators. It’s also funny to hear a SQ rep saying that they were guilty of “hacking”, a word I am sure he doesn’t really understand.

  • Intellitix provides rfid access to Coachella

    #coachella

  • twtspire.com| idea for the next startup = One Tweet Away? twtspire.com| idea for the next startup = One Tweet Away?

    twtspire.com| idea for the next startup = One Tweet Away?

    Startups solve problems. So if you find a problem there’s probably a startup idea lying somewhere nearby. A Montreal developer Kenji Williams developed an app called twtspire.com that scours twitter and automatically detects tweets from people that wonder why a solution doesn’t exist for a specific problem they’re having. Here are example of tweets from [...]

  • AccelerateMTL : more than just a conference

    AccelerateMTL is coming up on the afternoon on May 23rd, right after the FounderFuel demo day. It’s announced as a conference full of good keynotes, from successful entrepreneurs like BeyondTheRack founder, renowned Internet marketers, and other Internet execs. View more on the eventbrite page. As the name suggests, the presentations were curated to accelerate startups. [...]

Comments

  • Louis-Eric Simard February 22, 2008

    I haven’t looked at the specific cases, but usually when law enforcement quotes an amount, they usually mean the estimated cost to secure and clean-up a previously infected system, as well as productivity and bandwidth costs.

    There is room here to argue that there would be no clean-up costs if people had taken the time to secure their own systems (using free or built-in firewalls for a start), and that securing their system is no more of an extraordinary cost than that of shelling a few bucks to put a lock on your front door.

    Some of these cost estimates are probably tacked on for legal bargaining purposes; they’ll be charged with costing $X to the public, a good lawyer arguing the case will reduce that estimate if it has any impact on the sentencing.

    These guys are not hackers. “Hacker” is a noble term derived from early geographical exploration, where a globetrotter would use a machete to hack through vegetation in order to discover a new jungle. Hacker means curious people (Steve Wozniak proudly claims to be a hacker, for instance), not evil security-breakers. The term the media intends to use is “crackers”.

    That being said, running a few publicly downloadable tools from home doesn’t make one a cracker; at best, it suggests a rather superficial understanding of technology.

  • Heri February 22, 2008

    Louis-Eric, totally agree with you.

    It seems to me that the police had a number given by a security firm — even though they specifically mentionned credit card number theft. I’ve yet to see a hacker group in Canada capable of writing their own tools.

  • Montreal Tech Watch February 22, 2008

    “Hacker Ring” busted by the SQ and the RCMP http://tinyurl.com/ytb2gc

You must be logged in to post a comment.

blog comments powered by Disqus