DarkMarket_ Cyberthieves, Cybercops and You - Misha Glenny [3]
Setting all this up does require advanced computer skills and so these techniques tend to be used by only two groups involved in cybercrime – real hackers and real criminals. But these high-end operators who represent a new type of serious organised crime are a small minority of those involved in computer crime.
That leaves the small-time players who deal individually with relatively trivial sums of cash, effectively petty thieves who are barely worth hunting down, given the paucity of resources available to law enforcement. Even if these characters cannot be bothered to set up VPNs, proxies and a host of other masking techniques, they can still make life very difficult for police officers by encrypting their communications.
Software that guarantees the encryption of your written (and even voice and video) communications is widely available on the Web for free, most notably PGP, an acronym for the cheerfully colloquial Pretty Good Privacy.
Encryption is a powerful tool that plays an important role in cyber security. It is a way of scrambling language using digitally generated keys, the permutations of which are so astronomical mathematically that it can only be revealed if you know the password. For the moment, encrypted documents are effectively secure, although Washington’s National Security Agency (NSA), the most powerful digital spy agency in the world, is always working on ways to crack them. Among the cyber-criminal fraternity, rumours already abound that the NSA and its intelligence-gathering partners in Canada, Britain, Australia and New Zealand possess the ability to break these public encryption systems using its Orwellian Echelon system. Echelon, it has been reported, can access phone, email and satellite communications anywhere in the world.
The political implications of digital encryption are so immense that the government of the United States started to classify encryption software in the 1990s as ‘munitions’, while in Russia should the police or KGB ever find a single encrypted file on your computer, you could be liable for several years in jail, even if the document only contains your weekly shopping list. As governments and corporations amass ever more personal information about their citizens or clients, encryption is one of the few defences left to individuals to secure their privacy. It is also an invaluable instrument for those involved in criminal activity on the Web.
Just as traditional criminals have to develop ways of talking to each other to identify friends, foes, cops or rivals, so the cyber villains face the permanent challenge of trying to establish the bona-fide credentials of anybody they chat to online. Part of the story of this book tells how they developed methods to identify one another, and how police forces around the world have attempted to counter the hackers’ ability to spot law-enforcement agents and so-called Confidential Informants (CIs) on the Web.
During the 1990s, the simplest way of preventing unwanted guests prying into criminal activity lay in the introduction of a strict vetting and membership system for websites devoted to discussing malfeasance on the Internet. Notwithstanding these security measures, it was only a matter of months before law enforcement like the US Secret Service or intelligence agencies such as the KGB’s successor, the FSB, were crawling all over the sites, having gained access by patiently posing as criminals or by persuading informants to work on their behalf.
The performance of some agents was so convincing that some law-enforcement agencies have even devoted resources to chasing undercover cops from their sister organisations, on the assumption that they were real criminals.
As a result of their efforts, police forces and spies have, over the last decade, built up a large database of criminal hackers: their nicknames, their actual