CISSP MCSE MCT
Cyber gangs are groups of people that congregate online to perpetrate illegal and unethical cracking for financial gain and enjoyment. The members can be geographically separated and communicate solely over the Internet. I will describe the types of original gangs in a concrete and digital world. From there I go into detail on cyber gangs that operate only online. Members of cyber gangs have some traits of hackers, crackers, cyber clubs, and traditional gangs. Here we will see what makes cyber gang members different.
The Crips and the Bloods are two of the most well known traditional groups of street hoodlums, or gangs. They spread throughout California and have existed for over twenty years. Gangs are illegal associations of people that seek to perpetrate crime on the streets. With the start of African American Los Angeles gangs in the 1920's street hoodlums started to gather, join forces, and become gangs. Crips, Bloods, Latin Kings, and other gangs cropped up in Chicago and Boston.
Street gangs attempt to replace the family of young children. They seek to become surrogate parents. In turn the street child receives love and attention. Then the children provide services, legal and illegal, as they grow up in exchange for receiving a new home and family. The gang is supported through several illegal means consisting of extortion, numbers running, gambling, protection rackets, and drug dealing. Drug sales are the most profitable of these incomes. Just as a legitimate business has a customer base to protect so does a gang. Streets are marked off as gang turf through graffiti markings on buildings and roads.
Graffiti writers are known as taggers, as they tag the land with spray paint and gang symbols Once the customer base, willing or not is marked off, the gang members seek to protect their investment. Guns and dogs are purchased. Guards are posted. When a rival gang attempts to trespass, warnings are given, fights ensue, and sometimes deaths occur. Identities are protected as well. Aliases and nicknames are used instead of proper nomenclature. Rarely will you hear of John C. Smith the gangbanger. Rather Lefty, Scarface, Bull, Shorty, and the Jeweler, are used to scare rivals, and protect the true identity of the gang member.
There are several levels in a gang. The groupies are people who want to be in a gang and hang around hoping to become members. Probational members are new and need to prove themselves. Full members have proven their trustworthiness and prowess through illegal actions. Full members have tattoos. Life members have extensive tattoos and are normally in for at least five years. Everyone wears the colors of their gang in pride and to further advertise their organization. Bloods wear red handkerchiefs; and Crips wear blue handkerchiefs.
As gangs seek to replace nuclear families they utilize tribal associations and methods. These tribal methods extend today to the cyber world of the World Wide Web and other communications over the Internet.
Gangs started out on the streets. A sense of belonging occurred, territory was fought over, and weapons used. As people moved away to other parts of the country the members could do inactive or join another gang. Switching gangs is seen as loathsome to many, but being a part of a greater whole did not. Dr. Theodore Walker, Jr. of the Southern Methodist University contends that gangs are tribal in nature. Tribes are a group of people in a social organization that share similar culture, ancestry and leadership. A subcomponent of a tribe is the family. This is understandable as gangs seek to replace the parents and families of children. Given this definition, Dr. Walker pulls together multiple writers that say that the Internet is a retribalizing medium:
So, assuming that gangs are tribal in nature, and that the Internet in the form of the World Wide Web is a retribalizing medium, then gangs will use the Internet. This is borne out with creation of the the now defunct Glock3 web site in New Zealand. Glock3 was created in early January 1996 according to the Emergency Net News Service published in an article published on the Infowar web site. The New Zealand ISP removed the web site after extensive pressure. Afterwards allegedly a man attempting to capitalize on the notoriety created another www.glock3.com website. Looking at these sources proves that the World Wide Web can and is used for traditional gangs. The Pueblo Colorado Sheriff's Office web slide presentation said the original Glock3 site used to provide:
A potential link for 400,00 gang members in 700 cities
Exchanging ideas on improving drug sales
The best gun to use to shoot rivals
The best drugs to use in your spare time
Today traditional gangs communicate in Internet chat rooms, using AOL Instant Messenger, email, and ICQ. These methods are harder for law enforcement to find or stop. These are nonpermanent methods that are over as soon as the messages are sent. Traditional gang web sites, or permanent locations are being shut down. Sites that continue strong are police sites such as the Pueblo Colorado Sheriff's Office High Tech Crime Unit (HTCU) and informational sites such as streetgangs.com
Cyber Gangs are a combination of the attributes of network hackers and traditional street gang members. Their cyber turf includes their own gang web site such as Legions of the Underground at www.legions.org and Cult of the Dead Cow's www.cultdeadcow.com. Just like in traditional gangs new initiates need to prove themselves. The probationary members are required to hack into a web site and leave a mark. This mark can be text or graphics which is typically on the main web page of the attacked site. Here html electronic graffiti takes over the spray can defacement of concrete walls. Before becoming members and once in the new members become script kiddies. These script kiddies run batch jobs, automated programs, and simple hacking programs under the direction of the upper level, more powerful crackers.
The soldiers or script kiddies may attack a site from several different areas on the Internet. Each person may try a different component of a attack or the same type of intrusion. This makes tracking the attacks back to their true source, or even detecting the separate actions as an attack difficult. Once in they leave portable software protocol analyzers such as Network Associates' Sniffer. Aliases from street gangs also
Cyber gangs are not traditional chain and motorcycle gangs that decided to become Internet savvy. Those groups are still traditional gangs that just use the Internet as a communications medium. Rather cyber gangs start out on the Internet. They are a group of hackers that decide they wish to become an organized association of crackers who attack web sites for profit and fun as per Dr. Cohen's definition found online.
The Cult of the Dead Cow, aka cDc, is one of the top two famous cyber gangs. Along with the Legions of the Underground, cDc is the oldest group. They programmed the backdoor Trojan horse BackOrfice and BackOrfice2000 (BO2K). BO2K is a remote administration tool that allows both crackers and system administrators to view and manage another Windows 9x/NT machine covertly. The original BackOrfice was created by Sir Dystic, who also provided input to DildoG when BackOrfice2000 was created. cDc is unique in that several members are also a part of the legitimate security consulting businesses, Boston based L0PHT Heavy Industries. L0PHT was bought out in January 2000, and is now the research and development division of @Stake. The Chief Technology Officer of @Stake is Dr. Daniel Geer, former manager of the Athena / X-Windows / Kerboros project at MIT. Mudge, from L0pht, is now the Vice President of Research and Development. cDc is so out in the open that they present at the hacker Def Con conventions. At Def Con 7 These conventions are held in Los Vegas Nevada USA with a ticket costing less than one hundred dollars in 2000. Several members of the cDc are crossing over as members in legitimate security consulting businesses such as Boston based L0PHT Heavy Industries.
The cDc, has several newsletters available. They also write for the online hacking / cracking magazine, phrack. White Knight, a cDc member, coauthored this arti****cle http://www.phrack.com/search.phtml?view&article=p37-4
Hacking for Girlies, aka HFG, aka HACK1NG FOR G1RL13Z, is a cyber gang that has over half a dozen breaches to their name. They go after web sites in order to protest and have their views seen. Below are sites they attacked.
[99.01.26] [HFG] K MB Technology Consultants (www.techbroker.com)
[98.09.13] [HFG] K New York Times (www.nytimes.com)
[98.09.02] [HFG] K NASA Jet Propulsion Labs (www.jpl.nasa.gov)
[98.08.31] [HFG] K Phrack Magazine (www.phrack.com)
[98.08.25] [HFG] K Elite Hackers (www.elitehackers.org)
****[98.08.24] [HFG] K Penthouse (www.penthouse.com)
[98.08.21] [HFG] K Motorola SPS Division (www.sps.motorola.com)
****[98.08.21] [HFG] K Motorola Nipon (www.mot.co.jp)
[98.08.17] [HFG] K Elite Hackers (down: www.elitehackers.org/~dknig****ht)
[98.04.13] [HFG] RT66 ISP (www.rt66.com)
Hacked the U.S Government White House web site. Note that www.whitehouse.gov is the governmental web site. www.whitehouse.com is a closely named site that dealing in pornography and hopes to get users due to its similar name. "Mosthated" was detained by the FBI related to this incident, but no arrest was made. The F.B.I. did however confiscate the 18 year old male's equipment. "Mosthated"
[98.11.12] [gH] World Hacking (www.worldhacking.com) [99.01.04] [gH] MacWeek (macweek.com) [99.01.08] [gH] M China Window (www.china-windows.com) [99.01.09] [gH] Arab Net (www.arab.net) [99.01.10] [gH] American Retirement Corporation (www.arclp.com) [99.01.11] [gH] M Hanyu Shuiping Kaoshi (www.hsk.org) [99.01.12] [gH] M Big Mart (www.bigmart.com) [99.01.17] [gH] Gouvernement de Burundi (burundi.gov.bi) [99.01.21] [gH] The Settlers III (www.settlers3.com) [99.01.23] [gH] Western Lifestyles (www.westernlifestyles.com)**** [99.01.26] [gH] Bundesverband Niedergelassener Kardiologen e.V (www.bnk.de) [99.01.26] [gH] High Quality Computer (www.hqc.de) [99.01.27] [gH] Wuhan Economic Information Network (fdc.wh.cei.gov.cn) [99.01.27] [gH] Philippines Bureau of Internal Revenue (www.bir.gov.ph) [99.01.31] [gH] (www.zhejiang.gov.cn) [99.02.02] [gH] Networks Online (linux.networksonline.com) [99.02.07] [gH] Alaskan Fisheries Science Center (abl.afsc.noaa.gov) [99.03.05] [gH] K Pussy Power (www.pussy-power.com) [99.03.15] [gH] Summercon (www.summercon.org) [99.03.19] [gH] People's Court (www.peoplescourt.com) [99.03.26] [gH] K United States Cellular (www.uscc.com) [99.03.29] [gH] China Tone Holding (www.chinatone.com) [99.04.14] [gH] SinTek (www.sintek.net) [99.04.21] [gH] Croatian Academy of Sciences and Arts (mahazu.hazu.hr) [99.04.21] [gH] Department of Civil Engineering, Washington University (maximus.ce.washington.edu)**** [99.04.21] [gH] Inconet (www.inconet.ca) [99.04.21] [gH] #2 Naughty Talk (www.naughtytalk.com) [99.04.22] [gH] G-net (g-net.ne.jp) [99.04.22] [gH] Herb Online (www.herbonline.com) [99.04.23] [gH] Act Comm Web Hosting (www.actcomm.com) [99.04.23] [gH] Advanced Acupuncture (www.advancedacupuncture.com<****/A>) [99.04.23] [gH] Clean Team (www.cleanteam.com) [99.04.23] [gH] British Computer Society (www.ewic.org.uk) [99.04.23] [gH] State of West Virginia, Main Site (www.state.wv.us) [99.04.23] [gH] Vipmart (www.vipmart.com) [99.04.24] [gH] Wing Net (ns1.wing.net) [99.04.24] [gH] Autoshow (www.autoshow.com) [99.04.24] [gH] Digital 2000 Web Hosting (www.digital2000.com) [99.04.24] [gH] Georgian Hotel (www.georgianhotel.com) [99.04.24] [gH] Hotel Carmel (www.hotelcarmel.com) [99.04.24] [gH] Huang (www.huang.com) [99.04.24] [gH] Jaame Jam TV Television Station (www.jaamejam.com) [99.04.24] [gH] Mallworld (www.mallworld.com) [99.04.24] [gH] Nationwide Trading Corp. (www.nationwidetrading.com)**** [99.04.24] [gH] Pacific Shore Hotel (www.pacificshorehotel.com)**** [99.04.24] [gH] Picture Show (www.pictureshow.com) [99.04.24] [gH] Snakclub (www.snakclub.com) [99.04.24] [gH] Short Pictures International Film Festival (www.spiffest.com) [99.04.24] [gH] The Beach Suites (www.thebeachsuites.com) [99.04.24] [gH] TVB USA Corp. (www.tvbusa.com) [99.04.24] [gH] USA Auto Parts (www.usautoparts.com [99.04.24] [gH] (zip) Flashline (zip.flashline.com) [99.04.26] [gH] Support NET (www.support.net) [99.04.26] [gH] M We Host It (www.wehostit.com) [99.04.27] [gH] 8j Net (do-nt.8j.net) [99.04.27] [gH] Throb Net (download.throbnet.com) [99.04.27] [gH] Nice (RU) (ns.nice.ru) [99.04.27] [gH] Siberian Kitty (www.siberiankitty.com) [99.04.27] [gH] M 1688 (www.1688.com) [99.04.28] [gH] House It (www.houseit.com) [99.04.28] [gH] SC Coast (www.users.sccoast.net) [99.04.28] [gH] WWWonders (www.wwwonders.com) [99.04.28] [gH] K wcresa K12 (www.wcresa.k12.mi.us) [99.04.29] [gH] (hunain.fkm.utm.my) [99.04.29] [gH] Brain3 (www.brain3.com) [99.04.29] [gH] Total Image Printing (www.totalimageprinting.com) [99.04.30] [gH] Embassy of Uruguay in Argentina (emb-uruguay.mrecic.gov.ar)**** [99.04.30] [gH] Bureau of Monetary Affairs Ministry of Finance (www.boma.gov.tw) [99.04.30] [gH] Chinese University of Hong Kong (www.cuhk.edu.hk) [99.04.30] [gH] (www.fit.qut.edu.au) [99.04.30] [gH] Kork Parkett (www.korkparkett.com) [99.05.01] [gH] Kasuga Family, Fukushima Perfecture (kasuga.namo.iwaki.fukushi****ma.jp) [99.05.02] [gH] MCK Ida LIU (SE) (ida.liu.se) [99.05.03] [gH] #2 1688 Web Hosting (www.1688.com) [99.05.04] [gH] Ameritech (aiis.ameritech.com) [99.05.04] [gH] M MicroTouch (CZ) (web.microtouch.cz) [99.05.06] [gH] (apizaco.podernet.com.mx) [99.05.10] [gH] C The White House (www.whitehouse.gov) [99.05.13] [gH] (kariba) Africa Online (kariba.africaonline.com) [99.05.15] [gH] Miejska Sie=E6 Komputerowa w Tarnowie (mefisto.toi.tarman.pl) [99.05.15] [gH] CPST.hu, the Web Factory (www.cpst.hu) [99.05.15] [gH] Euro-Line (www.euro-line.hu) [99.05.16] [gH] GOV.nu (www.gov.nu) [99.05.25] [gH] Nation of Pakistan (nation.com.pk) [99.05.25] [gH] Pakistan Government (www.pak.gov.pk) [99.05.26] [gH] (snu) AC (KR) (mmic.snu.ac.kr) [99.05.26] [gH] Abatelli (www.abatelli.com) [99.05.26] [gH] #2 Brain3 (www.brain3.com) [99.05.26] [gH] Century 21 Rustic (www.century21rustic.com) [99.05.26] [gH] Cook Pony (www.cookpony.com) [99.05.26] [gH] Craftsmen Homes (www.craftsmenhomes.com) [99.05.26] [gH] Devlin McNiff (www.devlin-mcniff.com) [99.05.26] [gH] Dunemere (www.dunemere.com) [99.05.26] [gH] First Towne (www.firsttowne.com) [99.05.26] [gH] Hampton Net (www.hampton.net) [99.05.26] [gH] Hanfra (www.hanfra.com) [99.05.26] [gH] Lamb Agency (www.lambagency.com) [99.05.26] [gH] Mainst Properties (www.mainstproperties.com) [99.05.26] [gH] Montauk Net (www.montauk.net) [99.05.26] [gH] Morley Agency (www.morleyagency.com) [99.05.26] [gH] Movie Spotlight (www.moviespotlight.com) [99.05.28] [gH] XQ Gov (CN) (mail.xq.gov.cn) [99.05.28] [gH] M King Junk (www.kingjunk.com) [99.05.29] [gH] Cafe (TG) (www.cafe.tg) [99.05.29] [gH] Lone Penguin (www.lonepenguin.com) [99.05.29] [gH] Tim Mayer (www.timmayer.com) [99.05.30] [gH] Bit Castle (www.bitcastle.com) [99.06.08] [gH] Ministry of Foreign Affairs, Malasysia (kln.gov.my) [99.06.27] [gH] Army Main Page (www.army.mil) [99.06.27] [gH] C Prulite (www.prulite.com) [99.07.31] [gH] #2 KBS Gov (kbs.gov.my) [99.08.01] [gH] Imigration Department of Malaysia (MY) (imigresen.imi.gov.my) [99.08.01] So [gH] Malaysian Institute of Diplomacy and Foreign Relation (MY) (www.idhl.gov.my) [99.08.06] So [gH] Official site of Korn (www.korn.com) [99.08.07] So [gH] Internet Wrestling Zone (www.prowrestling.com) Total Defacements: 115
The F.B.I has the following cyber
gangs under investigation as of May 27, 1999. Section
5 of their directive to Internet Service Providers (ISPs) requests
information on several groups. Directories, files, programs,
logs, or data concerning the Names of hacker groups:
GlobalHell
gH
milw0rm
Total-ka0s
tk
Darkcyde
D4rkcyde
2600
world domination
enforcers
enphorcers
hackphreak
Law enforcement has so far in the twentieth century been unable to disband or eradicate cyber gangs. The Cult of the Dead Co (cDc) , and Legions of the Underground (LOU) are two of the oldest cyber gangs, and yet they are still in existence with little law enforcement harassment. President Clinton and Attorney General Janet Reno met in early February 2000 to coordinate computer security investigations.
Cyber Gangs are groups of crackers that cause damage for fun and profit. They learn their trade from each other, in academia, and in legitimate computer security consulting firms. There are entrance requirements, assignments, hierarchy, cyber graffiti, and real damages. Just as the FBI closes down several gangs others crop up. When the Secret Service shuts down pirate BBS's in operation Sundog, pirate FTP sites crop up. Even supposedly secure sites such as RSA Security are hacked. The good news is companies and law enforcement are finally taking these organizations seriously. Network security professional positions are at an all time high in early 2000.