This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security
It’s been a while since a new category debuted on this blog, and it occurred to me that I didn’t have a catch-all designation for random ne’er-do-well news. Alas, the inaugural entry for Ne’er-Do-Well News looks at three recent unrelated developments: The availability of remote access iPhone apps written by a programmer perhaps best known for developing crimeware; the return to prison of a young hacker who earned notoriety after simultaneously hacking Paris Hilton’s cell phone and data broker LexisNexis; and the release of Pavel Vrublevsky from a Russian prison more than a year before his sentence was to expire.
ZeusTerm and Zeus Terminal are iPhone/iPad apps designed by the same guy who brought us the Styx-Crypt exploit kit.
A year ago, this blog featured a series of articles that sought to track down the developers of the Styx-Crypt exploit kit, a crimeware package being sold to help bad guys booby-trap compromised Web sites with malware. Earlier this week, I learned that a leading developer of Styx-Crypt — a Ukrainian man named Max Gavryuk — also is selling his own line of remote administration tools curiously called “Zeus Terminal,” available via the Apple iTunes store.
News of the app family came via a Twitter follower who asked to remain anonymous, but who said two of the apps by this author were recently pulled from Apple’s iTunes store, including Zeus Terminal and Zeus Terminal Lite. It’s unclear why the apps were yanked or by whom, but the developer appears to have two other remote access apps for sale on iTunes, including ZeusTerm and ZeusTerm HD.
Incidentally, the support page listed for these apps – zeus-terminal[dot]com — no longer appears to be active (if, indeed it ever was), but the developer lists as his other home page reality7solutions[dot]com, which as this blog has reported was intricately tied to the Styx-Crypt development team.
This wouldn’t be the first time a crimeware author segued into building apps for the iPhone and iPad: In January 2012, as part of my Pharma Wars series, I wrote about clues that strongly suggested the Srizbi/Reactor spam botnet was developed and sold by a guy who left the spam business to build OOO Gameprom, a company that has developed dozens of games available in the iTunes store.
HILTON HACKER DOES THE HOKEY POKEY
It’s hard to imagine a set of stories that I had more fun reporting and writing while working for The Washington Post than the series I wrote in 2005 and 2006 about the young men who broke into socialite Paris Hilton’s cell phone. I spent several months chatting with members of this hacker collective of misfits, nearly all of whom were practically raised on AOL’s network. They called themselves the “Defonic Team Screen Name Club,” and spent most of their time trying to social engineer information, money or food out of just about everyone they ran into — online or in the real world.
That reporting led to a Washington Post Magazine cover story about a kid in the midwestern United States (nickname: “0×80″) who was running a large botnet and getting paid thousands of dollars each month by some of the largest advertisers in the nation to install adware and spyware on victim PCs. That piece features an example of the above-mentioned social engineering that was encouraged among the group’s members:
“He and his hacker friends are part of a generation raised on the Internet, where everything from software to digital music to a reliable income can be had at little cost or effort. Some of them routinely go out of their way to avoid paying for anything. During a recent conference call with half a dozen of 0×80′s buddies using an 800-number conferencing system they had hacked, one guy suggests ordering food for delivery. Nah, one of his friends says, ‘let’s social it.’ The hackers take turns explaining how they ‘social’ free food from pizza joints by counterfeiting coupons or impersonating customer service managers.”
“‘Dude, the best part is when you walk in, you hand them the coupon or whatever, they give you your [pizza], and you walk out,’ one of them enthuses. ‘Then, it’s like, yes, I am . . . the coolest man alive.’”
“‘Dude, that’s so true,’ echoes a 16-year-old hacker. “‘Free pizza tastes so much better than pay pizza any day.’”
The 16-year-old in that case (not the subject of the Post Magazine piece) was a very bright and charismatic kid named Cameron LaCroix. I would later learn that, in addition to plundering Paris Hilton’s cell phone, LaCroix and his crew had also broken into LexisNexis, making off with some 310,000 personal records, including hundreds of records on other Hollywood celebrities.
Cameron “cam0″ LaCroix, with Playboy model Ashley Alexiss, in a Rhode Island nightclub.
LaCroix and others involved in those capers later pleaded guilty to their crimes. Most of the gang either got probation, or less than a year in the pokey. LaCroix, 17 at the time, spent 11 months in a juvenile detention facility. A few months after his release (and then 18 years old), he was jailed for nine months after allegedly violating the terms of his parole.
Now 25, LaCroix is again facing prison time; According to Ars Technica, this month he agreed to plead guilty to two counts of computer intrusion and one count of access device fraud. Federal investigators say LaCroix repeatedly broke into dozens of law enforcement computer services containing sensitive information, including police and intelligence reports, arrest warrants, and sex offender information. LaCroix also admitted to hacking into his community college so that he could change his grades and those of two other students.
LaCroix declined to comment for this story, citing his sentencing hearing coming up later this year and the likelihood of other, unrelated hacking charges being levied against him. But his experience is an all-too-familiar one among young cybercrime offenders; a tendency to recidivism and re-incarceration. LaCroix’s story tracks closely that of at least two other repeat offenders that I’ve been keeping in touch with on instant message and who are facing several years in jail after their second or third strike for hacking-related offenses.
IN MODERN RUSSIA, PAYMENT SYSTEM HACKS YOU
Readers of this blog — particularly fans of my Pharma Wars series on the epic battle of attrition between two men allegedly responsible for running the largest pharmacy spam affiliate programs — are no doubt familiar with the name Pavel Vrublevsky, a 35-year-old Russian man who co-founded and ran Russian payments firm ChronoPay. That is, until his arrest, trial and incarceration last year on charges of paying a botmaster to attack the Web site of a rival payments firm.
Russian Vice Premier Sergei Ivanov and ChronoPay co-founder at a Russian Basketball League game.
Vrublevsky and the men he allegedly hired were all sentenced to 2.5 years in a Russian penal colony. But just the other day – not even a year into his sentence — Vrublevsky was inexplicably released and allowed to return to his home in Moscow. The characteristically garrulous Vrublevsky had surprisingly little to say about the reason for his early release, merely confirming the news with a terse post on his personal blog with the statement, “Glad to be back…”
But Irek Murtazin, a reporter and blogger who covered Vrublevsky’s trial for the Russian newspaper Novaya Gazeta, cites sources saying that Vrublevsky was released as part of a deal to help build out the National Payment System (NPS), a new domestic payments network called for in a law recently signed by Russian President Vladimir Putin.
Vrublevsky could not be immediately reached for comment. But nobody should be surprised if Murtazin’s sources turn out to be correct. In 2008, Vrublevsky was appointed a key member of the anti-spam working group of the Russian Ministry of Telecom and Mass Communication, a group that was tasked with proposing new laws to fight junk email.
Vrublevsky steadfastly denies that he’s guilty of hiring botmasters to attack his rivals, or having anything to do with spammers other than trying to stop them. However, when I went to visit him in Moscow in 2011, he did acknowledge that his company ChronoPay was the principal payments processing firm for Rx-Promotion, a rogue pharmacy affiliate program that paid millions of dollars to some of the world’s most notorious spammers and botmasters.
Most of the interview with Vrublevsky in Moscow is in my upcoming book that will be published Nov. 18, 2014 by Sourcebooks, called Spam Nation: The Inside Story of Organized Cybercrime — From Global Epidemic to Your Front Door. Anyone interested in pre-ordering the book may do so at this link.