Once upon a time, not so long ago, there were the originators of The Crime Family. The Gambino’s, The Yakuza’s, The Hells Angels, The Springfield Mafia … okay, that one is not only fictional, the leader, Fat Tony, is a cartoon character, but you get where I’m going with this. Crime Families and the business of Organized Crime have been around a long, long time.
It has long since moved from back alley dealings, to innocuous-looking store fronts, to corporations, and it has typically centred around crimes in the “real world”; Imagined, carried out and concluded in brick-and-mortar environments, and as long as you didn’t offend the wrong person, you were unlikely to ever cross paths with any member of any family.
When you think of organized crime, you probably envision biker gangs, mafia families and flying ninja stars. You think of the trafficking of drugs, guns and stolen merchandise. What you may not think of right away is that they also have laws, rules and a code of conduct. And when someone steps out of line, they deal with it internally. They clean up their own mess. You just have to admire their sense of honour.
Now, before we continue any further, time for a disclaimer: Organized Crime Is Bad. Actually, “disorganized” crime is bad too but again, you get what I mean. Remember this before sending a flurry of comments in my digital direction if, at some point, this article starts to sound like praise for the bad guy.
So, on with our story. Once upon a time, even less time ago, the Crime Family mated with a first cousin to create a whole new branch of the family tree – Cybercrime. And one of its first mutated offspring was The Hacker.
The word “hacker” is horrifically over-used but in the realm of cyber security, there are 3 main types of hackers: White Hats, Black Hats and Grey Hats. [As I write this, I can’t help but think of the “Hatfields and McCoys” but hackers are usually far less cranky.]
A White Hat hacker is one who hacks for “good”. Their goal is to protect the rest of us from digital evil. A Black Hat hacker is the opposite: they hack for malicious purposes and aren’t really keen on protecting anybody. These are the guys you hear about constantly in the news and are generally referred to as “hackers”. Grey Hat hackers are White Hats who have tendencies to lean towards the dark side but ultimately for a good reason; for them, the end justifies the means so it’s okay to break a few rules in order to make their point. To help you visualize, think of any incarnation of Captain James T. Kirk where he bent the rules in order to save the Enterprise – that’s a Grey Hat hacker.
But what colour hat does the Black Hat Hacker wear when they have tendencies towards good?
And, before you ask, yes – there are bonafide, genuine, real-life malicious hackers out there who torment, annoy and scare the “crap” out of millions of people on a daily basis but will actually go after other hackers who “step out of line”. Real hackers have a code of conduct too.
In the hacker world – just like with the rest of the planet – you can group everybody into two main categories and the distinguishing cyber-characteristic in the virtual world is competence. There is the Elite and then there is the Script Kiddie.
The Elite are the ones who discover the many weaknesses in our plethora of digital must-haves. They author the scripts, they create the malware, they take pride in their work and they sometimes help the less fortunate – that would be the Script Kiddies. (If you’re reading this in your mom’s basement and tweeting your friends that you just “hacked” your school – you’re a Script Kiddie.) As defined by Elite hackers, Script Kiddies are wanna-be’s. They don’t have the skill set to create anything of substance but so desperately want to spread mayhem and destruction that they’re willing to buy the packaged cyber-weapons from those more talented and unleash them with little understanding or comprehension.
But enough of that; back to Organized Crime cleaning up their own messes and what this means in the digital world.
A perfect example of how organized crime in the “real reality” has migrated and become quite comfortable in the virtual world is ransomware. Forget about kidnapping the daughter of an influential and ridiculously wealthy business tycoon, just encrypt some poor schmuck’s computer and hold it hostage until he pays $722 USD to get his stuff back. (The $722 isn’t random; It was the average ransom demand in 2016 according to analysis by Trend Micro.)
At the time of this writing, though, the ransom sounds much less intimidating when you convert to a popular e-currency such as bitcoin – it’s less than 1 XBT!!
Here’s a brief history lesson for those of you unfamiliar with Ransomware.
A hacker uses various tools to infect your computer with the end goal of installing specific malware that effectively encrypts (or locks) every bit of data that’s on your hard drive. Newer generations of ransomware also encrypt anything attached to your computer….like your external drive with all of your back-ups and your USB sticks. You’re then sent a message informing you that your data is locked up securely (and unharmed) and that paying the ransom demand will grant you the decryption key to unlock your belongings. Nothing personal; just business. Easy-to-read instructions are included and if you get stuck – call the help line (I kid you not – see the beginning of “How to Hack the Hackers: The human side of cybercrime”). In some cases, your ransom amount can even be negotiated. Reputation is everything and they keep their promises while providing great service.
This is where the “honour among thieves” comes back into the story. As with the early, respectable crime families, these early (ransomware) hackers kept their word. It was a matter of principle.
Then along came the others eager to partake of easy-peasy online crime. They bought their online-weapons of choice, issued cyber threats, locked up people’s data (or pretended to) and collected their money with their low-quality ransomware. Some have chosen to trick their victims with “fake ransomware” and others have chosen to not return data safe and sound to its owner; Others have just flooded the market and dipped a little too far into the ransomware profit made by others.
Time for street justice. Some ransomware developers have decided to re-establish their authority and mark their territory with a bit of gusto. According to an article from Ahelio Tech, hackers “gained access” to a competitor’s organization and stole 3,500 decryption keys. Their plan was to “give back” to the rest of us and publish the keys in order to protect Joe Public (or their profits….either way, good for them).
Maintaining one’s reputation extends far beyond mere ransomware. Articles regularly pop up telling us stories of hacker groups hacking each other and some hackers actually fixing vulnerabilities in a system (after they’ve gained access, of course) so that other hackers can’t also break in. That’s like a burglar entering your house through an open basement window then locking it so no one else can steal your stuff. How awesome is that?!
And no article even mentioning malware can be complete without a tip-o’-the-hat to Anonymous. For all their disruptive activity around the world, I must absolutely shake their virtual hand for their part in hacking a “dark net” (the underground Internet) site that catered to child pornography. They attacked Lolita City (a file-sharing website for pedophiles) and exposed the identity of 1,589 members. Bravo!
So what have we learned of this hilarious tale of hacker justice? Crime pays. It’s just funnier when the victim is a crook.
Stay tuned for future articles on how to protect yourself from malware and popular phishing attempts.
Onyx Investigations & Security Inc. / IridiumITI 
Pingback: I’m Not Worried! I Have A Backup! (Part 2) | Onyx Investigations & Security Inc. / IridiumITI