Trends and issues of cybercrimes in Ukraine
Development of high information technology and global process of informatization create quite favorable conditions for crimes. Orientation of the criminal community to use information technology is predetermined by high prospectivity of its use in the criminal activity.
First of all it is profitable, as necessary appropriate information infrastructure has already been formed; there is no need to spend much money means on its creation, support and further development. Secondly, criminal organizations are part of the society and thus it becomes impossible to implement selectivity in distribution of software and hardware.
Thirdly, in the result of the development of the society, its high dependency on information technology develops in direct proportional linear form. And, finally, rapid rotation of high informational technologies leads to reduction of the terms of product innovation cycle, especially software, thus it is created constant dynamic competition, in the result of which the number of possible ways to commit crimes in unit time increases.
Cybercrime is one of the fastest growing areas of crime. More and more criminals are exploiting the speed, convenience and anonymity that high technologies offer in order to commit a diverse range of criminal activities. As high technologies become ever more sophisticated, so too do the method of operation of criminals. These include attacks against computer data and systems, identity theft, the distribution of child sexual abuse images and movie, internet auction fraud, the penetration of online financial services, as well as the deployment of viruses, Botnets, and various email scams.
Thats why we need to discuss the cyber threats and how the practical officers, scientific community and organizations are working together to protect our countries in a digital age. It is difficult to overstate the potential impact these threats pose to our economy, national security and the critical infrastructure upon which our country relies. The number and sophistication of cyber attacks has increased dramatically over the past years and is expected to continue to grow. The official statistics show that cybercrimes in Ukraine from 2001 to 2011 increased by 25 times . So, the threat has reached the point that given enough time, motivation and funding, a determined adversary will be able to penetrate any system that is accessible directly from the Internet. That’s why fighting cyber crimes is one of the highest priorities of Internal Affairs of Ukraine.
Today’s cyber criminals are business savvy. These criminals are building businesses based on the development, management, and sale of botnets. These criminal groups have programmers who write the malicious software, salespeople who sell the code or lease out botnet services, and, in some instances, dedicated support personnel. These criminals are working to make botnets easier to deploy and more difficult to detect. Ukrainian scientist and police offisers should pay more atention for botnet research [2, с. 275-278].
In general definition botnet is subnetwork, which appears in the result of general or partial mobilization of resources, which is conducted openly or secretly for concentration of forces and facilities with a certain goal. Better understanding of Botnets will help to coordinate and develop different technologies in order to resist this serious security threat. Appearance and development of Botnet phenomenon is closely connected with “computer” criminality, namely with the stages of its development. It’s known that at the beginning such crimes were committed with direct use of certain computer, which independently kept and processed the information. Appearance of the network technologies permitted to connect to other computers and to commit crimes remotely.
Afterwards, by means of such networks, in order to increase their possibilities criminals began to unite for realization so called “attacks” on certain computers. A new principle of high technological criminal activity is being implemented and is being worked out, in accordance with which opportunities of one program and apparatus complex multiply on its quantity. At first a certain number of the necessary technical means was reached by the means of the computers, which belonged to the members of the criminal groups. Appearance and development of telecommunication program facilities has given possibility for one user to control big number of computers and run them.
Principle of network administration was taken as a basis for creation of botnets. As administrator controls certain cooperative network, the same way the criminal uses the distant access to run computer, connected to the network in order to achieve his aim. Computers of botnet network interact by means of network protocols, types of which are basis for their classification. In accordance with the type of protocols which are used in the botnet networks, they are divided into such groups as IRC, IM and Web-oriented.
Criminals use botnets to facilitate online schemes that steal funds or digital data, to anonymize online activities and to deny access by others to online resources. The botnets run by criminals could be used by cyber terrorists for multiple purpose: to steal sensitive data, raise funds, limit attribution of cyber attacks, or disrupt access to critical national infrastructure. Today’s botnets are often modular and can add or change functionality using internal update mechanisms.
Specific character of botnet is that it can also be used for self-protection. Management program code of modern botnet has quick update cycle – approximately once per hour. Such dynamic conspiracy is really impressive, it also makes us think to define speed of counteraction technology. Technically botnet consists of several numerous groups of computers, so that in case of its disclosure, only separate segments can be lost, but not whole network. If destructive methods of influence are disclosed, botnet can be used for self-protection.
Successful botnet development and operations use techniques similar to legitimate businesses, including the involvement of personnel with various specialties, feature-based pricing structures, modularization, and software copy protection. The development and sale of kit-based botnets has made it easier for criminals with limited technical expertise to build and maintain effective botnets. Botnet development and management is approached in a business like fashion. Some criminals rent or sell their botnets or operate them. At least one botnet kit author implemented a copy protection scheme, similar to major commercial software releases, which attempts to limit unauthorized use of the botnet kit.
Botnets that specialize in data exfiltration are able to capture the contents of encrypted webpages and modify them in real time. When properly configured, criminals can ask additional questions at login or modify the data displayed on the screen to conceal ongoing criminal activity.
In the past, cybercrime has been committed by individuals or small groups. However, we are now seeing an emerging trend with traditional organized crime syndicates and criminally minded technology professionals working together and pooling their resources and expertise. Cyber criminals are forming private, trusted, and organized groups to conduct cybercrimes. The adoption of specialized skill sets and professionalized business practices by these criminals is steadily increasing the complexity of cybercrime by providing actors of all technical abilities with the necessary tools and resources. Not only are criminals advancing their abilities to attack a system remotely, but they are becoming adept at tricking victims into compromising their own systems. As cyber crime groups increasingly recruit experienced actors and pool resources and knowledge, they advance their ability to be successful in crimes against more profitable targets and will learn the skills necessary to evade the security industry and law enforcement.
Many methods are used for creation of botnetworks, namely method of social engineering, which permits to increase number of slave computers for short period of time. Implementation of codes of special programs is conducted with help of emails, input-output devices, web-sites, including specially created.
Technical heritage also played not the last role, because due to it botnets with single center of control were readjusted or were connected to the necessary fragments of the networks. For constant active attraction of computer resources as the smallest structural unit of botnetwork, attractive links, such as the latest version of software or new entertainment programs, popular films, games are provocatively distributed. Mass and focused sending letters is used to connect with the computers; opening of such letters starts the necessary software to control computer recourses. Sites with pornography, which unfortunately, have big quantity of visitors play not last role in wide attraction of new computers, as part of botnetwork. In fact, to control computer resources it’s only necessary for user to agree with the message or to open received e-mail.
Specific character of botnet is that it can also be used for self-protection. Management program code of modern botnet has quick update cycle – approximately once per hour. Such dynamic conspiracy is really impressive, it also makes us think to define speed of counteraction technology. Technically botnet consists of several numerous groups of computers, so that in case of its disclosure, only separate segments can be lost, but not whole network. If destructive methods of influence are disclosed, botnet can be used for self-protection. In such situation internet addresses are recorded, all the necessary service information about capability of the rival is collected and depending on its “weight” category all recourses of the network are used for informational blocking. And bot-programs can also block user’s assess to internet recourses, because it can be used to find means of counteractions at the consulting forums, downloading necessary program software to block functioning of bot-program.
Smart phones and communicators is perspective direction for creation botnet. Such devices due to program opportunities, specific of internal system design are unprotected and are perspective in the view of criminal influence on the object. New hi-tech products, designed to provide remote communication and control of devices in our homes, businesses and critical infrastructures, must be developed and implemented in ways that will also provide protection from unauthorized use. Otherwise, each new device could become a doorway into our systems for criminals to use for their illegal purposes. Industrial control systems, which operate the physical processes of the nation’s pipelines, railroads, and other critical infrastructures are at elevated risk of cyber exploitation. Practically almost any element of software has its own secrets, and it’s not easy to find it because program code is concealed under real algorithm, or part of it. Smart phones is perspective direction for creation botnet. Such devices due to program opportunities, specific of internal system design are unprotected and are perspective in the view of criminal influence on the object.
Hacktivist groups such as Anonymous undertake protests and commit computer crimes as a collective unit. Anonymous doesn’t have a leader, but instead relies on the collective power of individual participants. Its members utilize the Internet to communicate, advertise and coordinate their actions. Anonymous has initiated multiple criminal Distributed Denial of Service attacks in support of WikiLeaks. The same situation was in our contry when closing of EX.ua sparks intense cyberwarfare. Ukrainian government websites have suffered a two-day cyber attack after the authorities closed a popular file-sharing service. Users lost access to dozens of official websites in Ukraine after they came under attack. Websites belonging to the president, the government, Ukraine’s security service, the national bank, and the interior ministry were among those affected .
Of course we face significant challenges in our efforts to combat cybercrimes. We are optimistic that by strengthening relationships with our domestic and international counterparts, the Ukrainian cyber division will continue to succeed in identifying and neutralizing cyber criminals, thereby protecting critical infrastructure from grave harm. To bolster our efforts, we will continue to share information with government agencies and private industry consistent with applicable laws.
Modern strategy of counteraction of crimes in the sphere of high information technologies should be based not only on solving the current tasks, but first of all on defining perspective directions of its development.
I look forward to working with colleagues as a whole to determine a successful course forward for the nation that allows us to reap the positive economic and social benefits of the Internet while minimizing the risk posed by those who would use it for criminal purposes.
1. Єдині звіти про злочинність за 2001-2011 роки (форма №1) : Злочини в сфері використання електронно-обчислювальних машин (комп’ютерів), систем, комп’ютерних мереж та мереж електрозв’язку // Департамент інформаційно-аналітичного забезпечення Міністерства внутрішніх справ України.
2. Воронов І.О. Феномен Botnet – латентна мобілізація сегментів мережі Інтернет для вчинення злочинів у сфері високих інформаційних технологій / І.О. Воронов // Вісник Луганського державного університету внутрішніх справ ім. Е.О. Дідоренка. – 2010. – №3. – С. 275–287.
3. Hacking Ukraine: Govt retreats after massive cyber-siege [Electronic resource]. – Mode of access: http://rt.com/news/ukraine-hacker-attack-triumphant-411/ – Title from the screen.