funsec mailing list archives
Re: Ransomeware
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sun, 19 Mar 2006 08:43:31 +1200
Tom Van Vleck wrote:
I shepherded a a paper for the 1996 Oakland conference on "Cryptovirology: Extortion based security threats" by Adam Young and Moti Yung. I spent a lot of time helping them deal with objections from the security community that this subject should not be discussed at all. They have since written a book. See Adam Young's article from last year, "Has Ransomware Learned from Cryptovirology?" http://www.newsfactor.com/story.xhtml? story_id=011000008HCO I shall not discuss his claim to have "discovered" cryptovirology.
I cannot get to this URL at the moment and Google does not cache NewsFactor articles... I'd ask, of course, whether he ever published or otherwise decribed his ideas before Popp "invented ransomware" with his "AIDS Information Disk" scam in the late 1980's?? If not, I guess he stole his basic idea from Popp as surely any vaguely serious academic investigation of these issues could not have remained _ignorant_ of the Popp case...
There are vague claims that use of PayPal or e-Gold (as in the Cisco case) might allow a perp to get paid anonymously. Digicash was much discussed in the 90s as a way of moving money anonymously, and govt resistance to this idea probably cause their downfall (they made me a job offer in 98 after CyberCash laid me off, glad I didn't take it). In order for the perp to get paid, there must be some party to whom the payment is transferred, unable or unwilling to cooperate with law enforcement, and yet trusted by both ends not to just steal the money. You might be able to come up with a zero knowledge transfer that would do this. I don't want to think about it. :-)
As I briefly described elsewhere, and as we see every day, mule chains with Western Union as the medium of transfer fits the bill. The cooperation and unable/unwilling to help LE issues are dealt with by the perps "selling" the idea of the operation as a "real job": Work for us as a finance manager Earn thousands in your spare time with a (to the well-informed) dodgy sounding premise that tends to seem "quite reasonable" to the slightly naive -- perhaps something like: People in your country like our top-class widgets but do not trust sending payments to our country [usually some shady Eastern European country] and won't make payments via Western Union. They will, however, remit money with no questions asked to businesses in their own country, so if you agree to accept payments for our orders in your country and send them on by Western Union, we will gladly pay you 10% [or more], which is much cheaper and faster for us than going through [complex, expensive and time-consuming sounding process for "officially" transacting foreign currency deals in "some shady Eastern European country"]. So, the mules have no idea who they are really working for but pretty much genuinely believe they are enjoined in legitimate business transactions with their new-found Eastern European friends. After all, they do receive regular payments into their bank accounts with annotations such as "buy 10 widgets" and they never get any complaints from the folk that apparently are buying the widgets so presumably their "partner" is delivering them as ordered. The only slightly dodgy thing the mule may have an inkling of is that their partner is possibly evading the "proper" monitoring of funds transfer into "shady Eastern European country", but hey, the mules never intend going there for a holiday anyway (just in case the officials in "shady Eastern European country" ever back-track the Western Union transfers to them) and surely that is really only a problem for the widget maker should "shady Eastern European country" officials ever figure out what is happening; it's not illegal in the UK [etc, etc] for the mule to send money to "shady Eastern European country" via Western Union. The mule is, of course, actually receiving funds transfers from ID theft victim bank accounts now "owned" by Eastern European organized crime, other mules higher up the chain (closer to the initial fraud), etc, etc. The folk running the scam keep the transactions via Western Union under US$10,000 (??) or whatever amount triggers higher degrees of scrutiny and auditing in "shady Eastern European country", the UK or whatever countries are involved in each transaction and it's all but untraceable at that point... It's one of the classic money laundering frauds that has, in various guises, been going on for decades (any LE folk like to jump in here with better details, please do!). Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Ransomeware Randall M (Mar 17)
- Re: Ransomeware Nick FitzGerald (Mar 17)
- Re: Ransomeware Gadi Evron (Mar 17)
- Re: Ransomeware Valdis . Kletnieks (Mar 17)
- Re: Ransomeware Nick FitzGerald (Mar 18)
- Re: Ransomeware Gadi Evron (Mar 17)
- Re: Ransomeware Drsolly (Mar 18)
- RE: Ransomeware Richard M. Smith (Mar 18)
- Re: Ransomeware Tom Van Vleck (Mar 18)
- Re: Ransomeware Nick FitzGerald (Mar 18)
- RE: Ransomeware Nick FitzGerald (Mar 18)
- RE: Ransomeware Richard M. Smith (Mar 18)
- Re: Ransomeware Nick FitzGerald (Mar 18)
- Re: Ransomeware Drsolly (Mar 18)
- Re: Ransomeware Rob, grandpa of Ryan, Trevor, Devon & Hannah (Mar 19)
- Re: Ransomeware Nick FitzGerald (Mar 19)
- Re: Ransomeware Nick FitzGerald (Mar 17)