A former PLA hacker stole information from US companies via USB



[ad_1]

The following is a modified excerpt from Kate Fazzini, CNBC journalist on cybersecurity.Kingdom of lies: endless adventures in the world of cybercrime, "which is now available wherever books are sold.

Bo Chou, who now works elsewhere in Asia, says he feels bored. He has no interest, he says, in feasting people with stories of his time as a computer hacker of the People's Liberation Army of China. (Some names, locations, and personal information have been modified to protect confidential sources.)

The few people who really know it press him for information, but he does not move.

This is not just because it is supposed to be secretive. It is. That's because it was boring, utilitarian, cog-in-a-wheel.

Now, the Russians, that's what Bo wants to talk about.

He has always been more interested in Russians, he says, because they are more bright. After his work in the army, he was inspired by Russian hackers. Bad Boys.

Tupac and the camp

Bo remembers that in 2012, he had begun to follow the exploits of a well-known "carder", Valery Romanov. Carders are criminals who steal credit card numbers from these violations of the major retailers you've heard of. The carder then sells the dark web information or uses this number to buy easy-to-sell products, such as mobile phones, tires or gift cards, which he can convert into cash.

Carders are rogue and do not hesitate to publish their success on social media. They display selfies with stacks of money or next to luxury cars. Valery Romanov poses in the one next to a ticket counting machine and raises a gang sign with his free hand. He posts the same with the words of Tupac Shakur. This is pure camp. Bo is jealous.

Valery is fun and ultra-capitalist with a personality far superior to anyone working on a Chinese hack farm. Bo does not want to imitate him. Just enjoy the show. He is interested in rap because of Romanov.

Then Romanov disappears. Captured on an island by the American FBI.

Bo, living in the suburbs of Shanghai's business center, finds a job in one of the hotels located there, as a porter. He misses being an engineer. The enthusiasm of his dark friends of the Web misses him. The hotel is exciting and welcomes expats from around the world for successive conventions. Improvement of housing, medical devices, household items, computers, financial companies, non-profit organizations and NGOs.

He decides to enter the concert economy. Get a kick aside.

Perfect targets, perfect data

Bo loves data. He is good at data. He likes to comb it, make sense of it. Visitors to the hotel are perfect targets, with perfect data.

It uses a type of malware currently available that can help to get as much information as possible about a business as quickly as possible. It uses it through USB devices that it scatters in the convention center, allowing unsuspecting professionals to become familiar with their computers, computers with all of these spreadsheets and customer lists owners. He strives not to do it in his own hotel. It would be too close to home, and frankly, rude, he said.

Bo finds an excellent, inexpensive supplier in the south of the country that sells him thousands of USB storage devices for around $ 100. Then he goes to the area that sells a lot of mbad-produced chchotchkes and buys some nice silver bowls, polished and modern in appearance.

Then, Bo loads the malware on each device. He creates a very professional brand, which mimics the convention sponsor in color and font, and places USB devices in the beautiful silver bowl. "Free USB Storage Welcome Guests!" He leaves them secretly in the halls of hotels or the cafeteria of the convention center or, if he can slip into the press room where all the media take their breaks and their meetings.

At the beginning of this program, delegates get the devices and use them much more frequently than when they test it months and years later. Many people have learned that such gifts could be risky, and Bo is doing well. Because those who pick them up are enough. He is not greedy.

Once the simple malware loaded on USB sticks is installed on their computers, Bo captures as many spreadsheets – just spreadsheets – whenever possible. Malware is likely to be routinely badyzed by a corporate technology team when travelers return to New York, San Francisco, London or Brisbane, but it will be too late.

Bo will have everything he needs, including all emails and personal data from the business contacts of the individual. He particularly enjoys getting business plans, budgets and ideas for future merger. Then, after all this agitation, the denouement.

Big data, small market

What does Bo do with this valuable information? He has an account on a legitimate US-based website for freelancers, and he sells this intelligence to other companies. Companies that like the breadth and depth of their data, but have no idea where they come from and know better than ask.

The freelance platform is quite simple. The base price of a "concert" is $ 5, which is the starting point for anyone using it to sell property. Bo chooses a simple interface, indicates its location in Japan, uses a special program and a virtual private network – a program that masks its movements of the Chinese government. For an outside observer, it would seem that Bo 's computer resonates from a complex of apartments in Tokyo.

From there, it offers "organized" lists containing information on "publicly available" companies on major players from all sectors with trade shows in Shanghai. Construction materials. Finance. Risk and compliance. Even money laundering.

It starts with a $ 5 price for a basic report. Of course, his intelligence is good and the business is growing rapidly. And he is so good at cleaning it that business contacts recommend him to other professionals in their sector. It becomes especially popular with sellers looking for detailed prospect lists. He becomes a master at PowerPoint, making the data even easier to digest for his tech-savvy customers.

The platform helps him to get paid in all kinds of currencies – US dollars, euros, cryptos – which are all much more valuable than his local currency. The problem is that the project is so lucrative and so easy that it is at the point of not being able to afford to abandon it. And he looks over his shoulder every day, fearing to be lost on a plane like his former hero Romanov.

WATCH: Cybersecurity is a real concern because companies benefit from consumer data

[ad_2]
Source link