Cybercrime is Coming to Your Neighborhood

Well maybe close to your neighborhood, but the advance and development of  cybercrime, has been swift and almost inevitable.  Take for example the use of viruses online, the first computer viruses were not much more than experiments in coding.   Simple worms that spread leaving behind little tracks, tricks and messages but rarely anything too malicious.   The origin of these can be actually traced all the way back to the 1970s, but perhaps the first example of a modern malware virus is the Elk Cloner virus written in 1981 by a 15 year old schoolboy called Rich Skrenta.  He developed a virus which would spread automatically via the boot sector of floppy disks, mainly to infect disks used to swap games with his friends.

The Elk Cloner virus ran on Apple II computers, which is ironic today as you can still hear the phrase today "but Macs don't get  viruses".    There was no malicious payload, just a small program and a little rhyme but it's distribution was copied by thousands of virus variants in years to come.  Without turning this into a history of the computer virus, the  most telling aspect of this development is the payload or the end goal of these computer viruses.

Throughout the early years of the 1980s and early 90's, viruses were the playthings of bored Eastern European students, or disaffected youngsters across the world.   There has always been a high threat from some of the Eastern European countries partially due to the high standard of mathematics education from the Communist block countries and the lack of opportunities.

Many of the viruses were malicious in that they destroyed data, corrupted and formatted hard drives and were generally more like computer vandalism than real Cybercrime.   Slowly this has changed though, for a very good reason - a computer virus which destroys it's host by formating the hard drive cannot spread easily.  There's a very important requirement for any computer virus to go 'viral' and that is......... stealth.

Of course it was not surprising really that the 'power of computer viruses' would eventually be harnessed to make money for someone i.e. the unscrupulous and criminals.   The year that viruses turned truly professional can probably be listed as 2003, when people started to work out ways that they could use viruses to generate real cash.

Here we can highlight the role of proxies in this criminal upsurge,  they didn't make money directly just supported other activities.   But one way that people learnt to make huge amounts of cash was by sending out millions of emails and advertisements to internet users.   We all know these emails as spam, but their continued use is perhaps the best indication of how lucrative these emails can be when sent in vast volumes.  If you sent enough emails out you'll find enough customers for your fake pills, penis enlargement tablets and other suspect merchandise to make serious cash.

The problem that spammers had was that when they sent millions of emails from a single host, it didn't take long for that server to be blacklisted and all the emails to be blocked.   Buying or renting a new server would allow you to continue for a while until that also got blocked but the costs obviously rise and more importantly so did the risk of being caught.

Their Solution was the Open Proxy

Well it's not really a solution but just as today people use proxies that they find online to surf anonymously, the spammers used these open proxies to relay their spam.  It's an extremely simple task to relay all your emails through one of these open proxies and pretty soon the originators of a large proportion of the worlds email spam were from Universities, colleges and corporate servers which had been left open inadvertently.

This is the danger when you use unrestricted open proxies, not only are the owners largely unaware of what's happening but you are sharing the same servers with spammers and gangs of cyber criminals.   There is a lot to be said for choosing your neighbors carefully in cyber space.

Of course slowly these proxies were closed as the administrators realised what was happening as they got blacklisted, blocked and often received negative publicity and huge bandwidth bills for relaying the spammers mailshots.

So back to the viruses, and a new opportunity for cybercrime.  You see using open proxies to relay spam, hide your IP address and cover your tracks is a fantastic concept for the online criminal.  But you can't always rely on misconfiguration of servers and laziness of administrators (although this does work quite well).  The demand for proxies across the globe is huge, and here was something that a virus could be designed to deliver quickly and efficiently

A virus could simply infect a host then either quietly  install a proxy server or open up an existing proxy on the machine.  Then sit silently as the machine became available for hiding tracks, relaying spam or just general anonymous surfing.  Servers, PCs across the globe were compromised and turned into remote henchmen ready to relay massive amounts of data.  

One of the most famous of these was the virus called SoBig which would download and install a free proxy called Wingate on its victims as part of it's payload.    So here millions of infected PCs became 'open proxy servers' ready to relay spam.   This is now a very common objective of a computer virus - to sit quietly in the background whilst a proxy server on your machine is used to protect the identity of the spammer, or criminal activity.

It shows how the aims of the virus has changed rapidly over a couple of decades, initially an annoying piece of code which would destroy your data, mess up your hard disk or screensaver to showcase the skills of a bored Bulgarian hacker.  Now it is a tool for the numerous cyber criminal gangs across the world to gain access to your server or PC as an electronic accomplice.  You can be sure that these two groups of people are gradually coming together

 It is a scary thought that as we sit surfing the web, complaining to ourselves about the speed of the internet, our computer might just be busy relaying thousands of  'enlargement related' spam messages across the world, participating in DDoS attack on a multinational or a Government department or perhaps simply being used to hide a hackers tracks.