Transcript
BROOKE GLADSTONE:
The culture of computer hackers has always been one of the self-styled renegade. But now, a group of Russians, who call themselves the Dream Coders Team, have turned hacking into a pretty traditional business venture - almost. They sell their user-friendly hacking software called M-Pack with customer service plans that include free upgrades for a year.
Robert Lemos is a technology reporter and editor-at-large for Security Focus, an online news site owned by the antivirus company Symantec. Robert, welcome to On the Media.
ROBERT LEMOS:
Thanks for having me.
BROOKE GLADSTONE:
So tell me about M-Pack.
ROBERT LEMOS:
M-Pack is what's known as an infection toolkit. It's basically a collection of programs that makes it easier for a hacker to take over a victim's computer. You infect them with your software either through email or through compromised websites.
One of the most common uses is to steal their information, steal their bank account information, other uses being to use their computer for an attack or to use their computer to send spam.
BROOKE GLADSTONE:
I've read elsewhere that this is sort of the Rolls-Royce of hacking [LAUGHS] programs. It's really top of the line. What makes it so good?
ROBERT LEMOS:
I think at this point the better analogy is it's more kind of the assembly-line Ford. They're now getting to the point where they're looking for volume in sales. They have a fairly limited customer base, from what I gathered. I mean, we're talking probably dozens, maybe hundreds of people.
BROOKE GLADSTONE:
These kinds of programs are traditionally available for free, aren't they, because of the renegade culture that I referred to? Why would people pay money for M-Pack, and how much do they pay?
ROBERT LEMOS:
It goes anywhere from $700 to $1,000 for this, the legitimate [LAUGHS] - I guess you can call it the legitimate version.
There are other versions out there - and after I did the article, a lot more versions of M-Pack came out - that were basically people finding the code online, making a copy of it and then turning around and trying to sell it for a discount, which is why, I think, that they're focusing on the support aspect of this.
BROOKE GLADSTONE:
The support aspect meaning upgrades. There isn't actually a help line you can call - hey, I'm having trouble hacking into the Bank of India. Can you give me some online help? You know, somebody named Peter from Bangalore?
ROBERT LEMOS:
Right. What they're doing is they're basically providing free upgrades for a year. They're also, every time a new vulnerability comes out in popular software, they'll create an exploit, this code to actually use that vulnerability to take over someone's system, and they'll then ship that with the new version of the software.
But there's also some neat - [LAUGHS] I guess you'd call them neat business features. They'll, for instance, give you statistics on how successful your infections have been.
BROOKE GLADSTONE:
So you actually interviewed, or at least you think you interviewed, the M-Pack developers. Explain how you found them.
ROBERT LEMOS:
I searched, using Google, to find the advertisements online. In those advertisements there was an IM nickname, and so I sent a note to the person at that number. And I think it was a day later, basically, I got a response back from someone who said, hey, you contacted us and we'd like to talk to you.
BROOKE GLADSTONE:
Do they say they're making money?
ROBERT LEMOS:
Not much. [LAUGHS] It's their customers that seem to be making a lot more money. They had sent me [LAUGHS] a photo that seemed a little bit gratuitous, but it was basically of a desk with a computer on it covered with money.
[BROOKE LAUGHS]
And they said it was from one of their customers, and it represented about $50,000 that he had made.
BROOKE GLADSTONE:
So do you think that, you know, with hacking software that comes with a customer service package, we're really coming to the end of hacker culture as the underground, anti-corporate renegade?
ROBERT LEMOS:
Well, I think you're always going to have that. I mean, the hackers will lament that suddenly hacking became commercialized.
I think that there will always be hackers in the old-school sense of it, which is just people with a lot of intellectual curiosity and willing to take things apart. But more and more I think we'll see those people lured by the criminal element.
BROOKE GLADSTONE:
Don't these guys make you mad?
ROBERT LEMOS:
I — you know, me personally, I've never, as far as I know [LAUGHS] been a victim yet. For me it's not yet become personal, and I'm sure for a lot of people for whom it has become personal, this does make them very mad.
BROOKE GLADSTONE:
Does it have to happen to you personally before you feel personally violated?
ROBERT LEMOS:
You know, for anything on the Internet, in some ways it does. I mean, the Internet's all about being connected to everybody but not feeling like everybody else, I guess.
[BROOKE CHUCKLES]
Basically, until it happens to you, most people don't even think about it.
BROOKE GLADSTONE:
Thanks very much.
ROBERT LEMOS:
Thank you for your time.
BROOKE GLADSTONE:
Robert Lemos is a freelance reporter and editor for Security Focus, a news website owned by the antivirus company, Symantec.