Romania: Alleged hackers fought the law, and the law won

Timisoara (Romania) – Earlier today, police in Romania detained 20 alleged hackers accused of cloning bank websites. The scheme was designed to obtain financial information from unsuspecting consumers who visited the cloned pages by accident. The obtained information was then used to deplete funds from the consumer’s real bank account.

Stefan Negrila, chief of the Romanian Police’s organized crime division, said that the websites were deployed in Italy and Spain. They were cleverly crafted to look like the actual bank websites, however they asked the consumers questions which ultimately led to the divulging of real bank details. Once obtained, the hackers allegedly used that information to access the real bank website and transfer or withdraw cash.

While the exact total is unknown, Negrila said it could amount to hundreds of thousands of Euros.

In a separate, unrelated Romanian police case, a person accused of hacking into several U.S. university servers and U.S. government agency servers (including NASA) has also been detained. The hacker, who lived in Romania, had setup servers in the United States which he controlled from Romania. They were used to carry out the hacks for him while he thought he was safely several thousand miles away.

Hacking via remote computer

Hackers have long sought to use remote computers to carry out denial-of-service attacks, as well as for personal purposes. By sending instructions to a remote computer, a hacker can make it far more difficult to track him down. The IP traffic between his computer (point A) and the remote machine (point B, sometimes called “a bot”) are masked because the target computer (point C, something like the university server or government agency server) only shows incoming traffic from the point B machine.

By having several of these servers setup at various places around the country, and by controlling them through sophisticated software which coordinates and executes commands as directed by the hacker’s machine (point A), and which ultimately deletes records of the incoming commands from his machine, the hacker can be reasonably successful in carrying out sporadic attacks.

As is often common with criminals who are at first successful, many hackers begin to become cocky and arrogant, believing they are invincible. They ultimately continue hacking longer than they had planned, or begin to get sloppy in their efforts, which often leads to their arrest.

Setting up hacks in this way is no small affair. The skills used by hackers to create this kind of illegal attack on modern computer equipment could be used to obtain very high paying professional jobs in the private sector. Why some of these hackers don’t turn their skills to legitimate means is beyond this journalist’s understanding.