Winnipeg Free Press - ONLINE EDITION

Hackers Inc.

  • Print

At 2 p.m. on March 20, 2013, the hard drives of tens of thousands of computers in South Korea were suddenly wiped clean in a massive cyberattack. The main targets were banks and news agencies. At first the assault looked like a case of cyber-vandalism. But as they probed deeper, the computer sleuths investigating it came to a different conclusion.

The operation, which they dubbed "Dark Seoul," had been carefully planned. The hackers had found their way into the targets’ systems a couple of months earlier and inserted the software needed to wipe drives. Just before the attack they added the code needed to trigger it. Looking at the methods the intruders used, the investigators from McAfee, a cybersecurity firm, thought the attack might have been carried out by a group of hackers known for targeting South Korean military information.

But they could not be sure. Tracing the exact source of an attack can be next to impossible if the assailants want to cover their tracks. Over the past decade or so various techniques have been developed to mask the location of Web users. For example, a technology known as Tor makes Internet connections anonymous by bouncing data around the globe, encrypting and re-encrypting them until their original sender can no longer be traced.

Conversely, some hackers are only too happy to let the world know what they have been up to. Groups such as Anonymous and LulzSec hack for fun ("lulz" in Web jargon) or to draw attention to an issue, typically by defacing websites or launching distributed-denial-of-service (DDoS) attacks, which involve sending huge amounts of traffic to websites to knock them offline. Anonymous also has a track record of leaking emails and other material from some of its targets.

Criminal hackers are responsible for by far the largest number of attacks in cyberspace and have become arguably the biggest threat facing companies. Some groups have organized themselves so thoroughly that they resemble mini-multinationals. Earlier this year a joint operation by police from a number of countries brought down the cybercrime ring behind a piece of malware called Blackshades, which had infected more than half a million computers in over 100 countries. The police found that the group was paying salaries to its staff and had hired a marketing director to tout its software to hackers. It even maintained a customer-support team.

Such organized hacking empires are becoming more common.

"Crime has changed dramatically as a result of the Internet," said Andy Archibald, the head of Britain’s National Cyber Crime Unit. Criminal hackers are involved in two broad sets of scams. In the first, they help carry out traditional crimes. Last year police in the Netherlands and Belgium broke up a drug-smuggling ring that had hired a couple of computer experts to beef up its logistics. The gang hid drugs in legitimate shipments of goods destined for the port of Antwerp, using the hackers to break into the IT systems of shipping companies at the port and steal the security codes for the containers so the criminals could haul them away before their owners arrived.

The second type of crime takes place entirely online. In June U.S. authorities issued charges against the Russian mastermind behind the GameOver Zeus botnet, a sophisticated piece of malware that steals login details for people’s bank accounts from infected computers and uses them to drain cash from their accounts. The Federal Bureau of Investigation puts the losses at more than US$100 million.

"Robbing one person at a time using a knife or gun doesn’t scale well. But now one person can rob millions at the click of a button," said Marc Goodman of the Future Crimes Institute.

In the past year or so police have scored some other notable victories against digital crooks. These include the arrest of the man behind Silk Road, a notorious online bazaar that sold guns, drugs and stolen credit-card records, and a raid on servers hosting Cryptolocker, a "ransomware" program that encrypts computer files, decrypting them only on payment of a ransom.

Cybercrimes often involve multiple jurisdictions, which makes investigations complicated and time-consuming. And good cybersleuths are hard to find

Cybercrimes often involve multiple jurisdictions, which makes investigations complicated and time-consuming. And good cybersleuths are hard to find, because the sort of people who are up to the job are also much in demand by companies, which usually offer higher pay. Archibald said he is trying to get more private firms to send him computer-savvy employees on secondment.

Criminals are generally after money. The motives of state-sponsored or state-tolerated hackers are harder to categorize, ranging from a wish to cause chaos to pilfering industrial secrets. The Syrian Electronic Army, for example, generates publicity by defacing the websites of media companies. Last year it hijacked the Twitter account of The Associated Press and posted a tweet falsely claiming that the White House had been bombed.

Other groups that have caught security people’s attention include Operation Hangover, based in India and focused on Pakistani targets, and the Elderwood Group, a Chinese hacker outfit that was behind a series of attacks in 2009 on American tech companies such as Google. Such groups have become collectively known by a new acronym, APTs, or advanced persistent threats.

"These hackers are smart and they wage long-term campaigns," said Mike Fey, McAfee’s chief technology officer.

Unlike criminals, who typically scatter malware far and wide to infect as many targets as possible, APT groups concentrate on specific targets. They often use "spear-phishing" attacks, trying to trick people into divulging passwords and other sensitive information, to get access to networks. And once inside, they sometimes lie low for weeks or months before striking.

Government spies typically use the same tactics, so it can be hard to tell the difference between state-run spying and the private sort. When Mandiant, a cybersecurity firm, published a report last year about China’s industrial-espionage activities, it labeled it "APT1." The report claimed that Chinese hackers from Unit 61398, a Shanghai-based arm of the People’s Liberation Army, had broken into dozens of corporate networks over a number of years, paying special attention to industries such as technology and aerospace that China sees as strategic. In May the U.S. Justice Department indicted five Chinese hackers from the unit in absentia for attacks on the networks of some American firms and a trade union.

China is not the only country involved in extensive cyberespionage. Edward Snowden’s leaks have shown that the U.S. National Security Agency ran surveillance programs that collected information direct from the servers of big tech firms, including Microsoft and Facebook, and that it eavesdropped on executives at Huawei, a large Chinese telecommunications firm. U.S. officials like to claim that the NSA’s spying is not designed to be of direct benefit to American firms, though it has certainly sought intelligence on issues such as trade negotiations that are likely to be helpful to all American companies.

Blocking sophisticated and highly targeted attacks is extremely difficult. Defenders are like the batsmen in a cricket game who must deflect every ball heading for the stumps; hackers just need to knock off the bails once to win. But the defense would greatly improve its chances by getting a few basic things right.


Fact Check

Fact Check

Have you found an error, or know of something we’ve missed in one of our stories?
Please use the form below and let us know.

* Required
  • Please post the headline of the story or the title of the video with the error.

  • Please post exactly what was wrong with the story.

  • Please indicate your source for the correct information.

  • Yes


  • This will only be used to contact you if we have a question about your submission, it will not be used to identify you or be published.

  • Cancel

Having problems with the form?

Contact Us Directly
  • Print

You can comment on most stories on You can also agree or disagree with other comments. All you need to do is be a Winnipeg Free Press print or e-edition subscriber to join the conversation and give your feedback.

You can comment on most stories on You can also agree or disagree with other comments. All you need to do is be a Winnipeg Free Press print or e-edition subscriber to join the conversation and give your feedback.

Have Your Say

New to commenting? Check out our Frequently Asked Questions.

Have Your Say

Comments are open to Winnipeg Free Press print or e-edition subscribers only. why?

Have Your Say

Comments are open to Winnipeg Free Press Subscribers only. why?

The Winnipeg Free Press does not necessarily endorse any of the views posted. By submitting your comment, you agree to our Terms and Conditions. These terms were revised effective April 16, 2010.


Make text: Larger | Smaller


Trouba talks about injury and potential for Jets

View more like this

Photo Store Gallery

  • STDUP ‚Äì Beautiful West End  begins it's summer of bloom with boulevard s, front yards  and even back lane gardens ,  coming alive with flowers , daisies and poppies  dress up a backyard lane on Camden St near Wolseley Ave  KEN GIGLIOTTI  / WINNIPEG FREE PRESS  /  June 26 2012
  • A young gosling flaps his wings after taking a bath in the duck pond at St Vital Park Tuesday morning- - Day 21– June 12, 2012   (JOE BRYKSA / WINNIPEG FREE PRESS)

View More Gallery Photos


Are you concerned about the number of homicides so far this year?

View Results

Ads by Google