Friday, March 17, 2006

Why Am I getting All This Spam?what is Spam Filter

A server spam filter is a software application that scans incoming email messages, identifies SPAM based on preset configurations and isolates the unsolicited email so that it never reaches the email inboxes of the personal computers in the computer network.
Time is money and wasting time to manually delete SPAM messages is not a wise thing to do.
Additionally, sometimes SPAM email contains viruses which can result in downtime for computer users as well as being a threat to the stability of a personal computer or computer network and the data stored within.
Scam artists also send unsolicited email as a part of phishing schemes which are intended to collect personal information for identity theft purposes, and other similar fraudulent reasons.
With a server spam filter, you can automate the process of eliminating spam at the receiving source - the server level - before it ever reaches the personal computers in your network.
This is a recommended task to automate because it saves personal computer users loads of time as well as protecting the personal computers and the network from damage which can result in downtime and lost data.
Because anti-spam technology is not perfect, it is a good idea to have a network administrator check the mail messages that are filtered out periodically to make sure that the server spam filter is not catching messages that are not actually SPAM.
When this happens, the email capture is sometimes referred to as a “false positive”, meaning that the server spam filter positively identified a message as SPAM when it was actually a valid message that should not have been filtered out.
Some anti-spam programs have an option where identified SPAM can be sent to a computer user’s junk email box so the computer user can actually go through the filtered out messages at their leisure to make sure that bona fide messages have not been falsely identified as SPAM.
If this process is used and false positives are identified, the computer user needs to notify the network administrator so the configurations in the spam filter can be adjusted to allow receipt of email from the specific sender through the server.
Undoubtedly, it is a good idea to install a server spam filter in order to save your company time, money and heart-ache that can be associated with system failure.
When reviewing your options, do realize that all anti-spam products are not created equal. There are varying features regarding the way that SPAM is identified and the way the system is administered.
Some filter out email messages based on keywords used in the messages, some are pre-programmed with blacklisting of known spammers, and most all have configurations that can be customized by an end-user or network administrator.
It is a good idea to review several alternative products in detail and to determine which products best meet the needs of your company.
Searching the internet for spam filter reviews is a good way to learn more about individual software packages, their features and their functionality

Wednesday, December 14, 2005

Notable intruder and criminal hackers

Note that many of these have since turned to fully legal hacking.

Jonathan James (a.k.a. comrade) was most notably recognized for the theft of software which controlled the International Space Station's life sustaining elements, as well as intercepting dozens of electronic messages relating to U.S. nuclear activies from the Department of Defense

Eric Corley (a.k.a Emmanuel Goldstein) — Long standing publisher of 2600: The Hacker Quarterly and founder of the H.O.P.E. conferences. He has been part of the hacker community since the late '70s.

Mark Abene (a.k.a. Phiber Optik) — Inspired thousands of teenagers around the country to "study" the internal workings of the United States phone system. One of the founders of the Masters of Deception group.

Dark Avenger — Bulgarian virus writer that invented polymorphic code in 1992 as a mean to circumvent the type of pattern recognition used by Anti-virus software, and nowadays also intrusion detection systems.

John Draper (a.k.a. "Captain Crunch") — Draper is widely credited with evangelizing the use of the 2600 hertz tone generated by whistles distributed in Captain Crunch cereal boxes in the 1970's, and sometimes inaccurately credited with discovering their use. Draper served time in prison for his work, and is believed to have introduced Steve Wozniak to phone phreaking through the 2600hz tone. Draper now develops anti-spam and security software.

Zeljko Vidas a.k.a. Stoney is one of the two people who wrote the viral decomposer Titanic, which has brought down over 70 companies and is one of the most destructable viruses in cyberspace. Known for his fast, smooth operating and his disaperance in cyberspace. Tom Letinov tried to capture him but with no results. Cracked into Croatias police dept. and deleted some records. It is still not known how he did it.

Markus Hess — A West German, he hacked into United States Military sites and collected information for the KGB; he was eventually tracked down by Clifford Stoll.

Adrian Lamo — Lamo surrendered to federal authorities in 2003 after a brief manhunt, and was charged with nontechnical but surprisingly successful intrusions into computer systems at Microsoft, The New York Times, Lexis-Nexis, MCI WorldCom, SBC, Yahoo!, and others. His methods were controversial, and his full-disclosure-by-media practices led some to assert that he was publicity-motivated.

Vladimir Levin — This mathematician allegedly masterminded the Russian hacker gang that tricked Citibank's computers into spitting out $10 million. To this day, the method used is unknown.

Kevin Mitnick — Held in jail without bail for a long period of time. Inspired the Free Kevin movement. Once "the most wanted man in cyberspace," Mitnick went on to be a prolific public speaker, author, and media personality. Mitnick Security Consulting, LLC is a full-service information security consulting firm. Founded by Kevin Mitnick, Mitnick Security Consulting offers a comprehensive range of services to help businesses protect their valuable assets.

Robert Tappan Morris — In 1988 while a Cornell University graduate student was the writer of the first worm, Morris Worm, which used buffer overflows to propagate.

Nahshon Even-Chaim (a.k.a. Phoenix) — Leading member of Australian hacking group The Realm. Targeted US defence and nuclear research computer systems in late 1980s until his capture by Australian Federal Police in 1990. He, and fellow Realm members Richard Jones (a.k.a. Electron) and David Woodcock (a.k.a. Nom) were the world's first computer intruders prosecuted based on evidence gathered from remote computer intercept.

Kevin Poulsen — In 1990 Poulsen took over all telephone lines going into Los Angeles area radio station KIIS-FM to win an automobile in a call-in contest. Poulsen went on to a career in journalism, including several years as editorial director at SecurityFocus.

David L. Smith — In 1999 Smith launched the Melissa Worm, causing $80 million dollars worth of damage to businesses. Originally sentenced to 40 years, he eventually served only 20 months when he agreed to work undercover for the FBI.

Craig Neidorf — In 1990, Neidorf (a co-founder of Phrack) was prosecuted for stealing the E911 document from BellSouth and publicly distributing it online. BellSouth claimed that the document was worth $80,000; they dropped the charges after it was revealed that copies of the document could be freely ordered for 13$.

Tuesday, December 13, 2005

Security breach at Sam's Club exposes credit card data

DECEMBER , 2005 (COMPUTERWORLD) - Sam's Club, a division of Wal-Mart Stores Inc., is investigating a security breach that has exposed credit card data belonging to an unspecified number of customers who purchased gas at the wholesaler's stations between Sept 21 and Oct2.
In a brief statement released Dec. 2, the Bentonville, Ark.-based company said it was alerted to the problem by credit card issuers who reported that customers were complaining of fraudulent charges on their statements.
It's still not clear how the data was obtained, according to the statement. But "electronic systems and databases used inside its stores and for are not involved," the company said.
Sam's Club is currently working with both Visa International Inc. and MasterCard International Inc. to investigate the breach. The company also has notified the U.S. Attorney's Office for the Western District of Arkansas and the U.S. Secret Service .
Sam's Club officials didn't respond to calls for comment.
In a statement, Visa said it has alerted all of the affected financial institutions, asked them to provide independent fraud-monitoring services to affected customers and requested that they issue new cards as needed.
"Visa will continue working with its member financial institutions, merchants and appropriate authorities to do whatever is necessary to protect cardholders," Visa said.
Kayce Bell, chief operating officer at Alabama Credit Union (ACU) in Foley, Ala., said the company is reissuing cards to about 500 credit card and debit card holders as a result of the breach. The credit union was alerted to the problem last week by Credit Union National Association Inc., she said.
"We received information through our national reporting service that there had been a very large breach of data at Sam's Club," Bell said. About 500 debit cards and credit cards issued by ACU were among the accounts compromised in this incident, she said.
This isn't the first time this year the credit union has had to block and reissue credit and debit cards at Visa's request. Earlier this year, the ACU had to deactivate and reissue about 1,550 cards after Visa notified it that cards compromised in a CardSystems Inc. breach in June were being used fraudulently.
The Sam's Club breach is the latest in a string of data compromises this year at organizations that have included Bank of America Corp., ChoicePoint Inc. , the University of California and CardSystems. Those breaches have fueled consumer concern about data protection and talk of legislative action to make companies more accountable for the data they own. The breaches have also resulted in Visa and MasterCard requiring all companies that handle payment-card information to comply with their Payment Card Industry (PCI) data-protection standard.
"Visa is aggressively partnering with entities across the nation to broaden adherence to these standards," the company said in its statement regarding the Sam's Club breach. "As Visa has said before, it's important that every entity that handles payment card information adhere to the highest data protection standards, such as the PCI standard, to protect the security and privacy of their customers."

Tuesday, September 20, 2005

What is The Hacker ?

The Jargon File contains a bunch of definitions of the term ‘hacker’, most having to do with technical adeptness and a delight in solving problems and overcoming limits. If you want to know how to become a hacker, though, only two are really relevant.

There is a community, a shared culture, of expert programmers and networking wizards that traces its history back through decades to the first time-sharing minicomputers and the earliest ARPAnet experiments. The members of this culture originated the term ‘hacker’. Hackers built the Internet. Hackers made the Unix operating system what it is today. Hackers run Usenet. Hackers make the World Wide Web work. If you are part of this culture, if you have contributed to it and other people in it know who you are and call you a hacker, you're a hacker.

The hacker mind-set is not confined to this software-hacker culture. There are people who apply the hacker attitude to other things, like electronics or music — actually, you can find it at the highest levels of any science or art. Software hackers recognize these kindred spirits elsewhere and may call them ‘hackers’ too — and some claim that the hacker nature is really independent of the particular medium the hacker works in. But in the rest of this document we will focus on the skills and attitudes of software hackers, and the traditions of the shared culture that originated the term ‘hacker’.

There is another group of people who loudly call themselves hackers, but aren't. These are people (mainly adolescent males) who get a kick out of breaking into computers and phreaking the phone system. Real hackers call these people ‘crackers’ and want nothing to do with them. Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that being able to break security doesn't make you a hacker any more than being able to hotwire cars makes you an automotive engineer. Unfortunately, many journalists and writers have been fooled into using the word ‘hacker’ to describe crackers; this irritates real hackers no end.

The basic difference is this: hackers build things, crackers break them.
If you want to be a hacker, keep reading. If you want to be a cracker, go read the alt.2600 newsgroup and get ready to do five to ten in the slammer after finding out you aren't as smart as you think you are. And that's all I'm going to say about crackers.

Monday, September 19, 2005

Hacker Hunters

In an unmarked building in downtown Washington, Brian K. Nagel and 15 other Secret Service agents manned a high-tech command center, poised for the largest-ever roundup of a cybercrime gang. A huge map of the U.S., spread across 12 digital screens, gave them a view of their prey, from Arizona to New Jersey. It was Tuesday, Oct. 26, 2004, and Operation Firewall was about to be unleashed. The target: the ShadowCrew, a gang whose members were schooled in identity theft, bank account pillage, and the fencing of ill-gotten wares on the Web, police say. For months, agents had been watching their every move through a clandestine gateway into their Web site, To ensure the suspects were at home, a gang member-turned-informant had pressed his pals to go online for a group meeting.

At 9 p.m., Nagel, the Secret Service's assistant director for investigations, issued the "go" order. Agents armed with Sig-Sauer 229 pistols and MP5 semi-automatic machine guns swooped in, aided by local cops and international police. The adrenaline was pumping, in part, because several ShadowCrew members were known to own weapons. Twenty-eight members were arrested, most still at their computers. The alleged ringleaders went quietly, but one suspect jumped out a second-story window. Agents nabbed him on the ground. Later, they found a loaded assault rifle in his apartment. The operation was swift and bloodless. "[Cybergangs] always thought they operated with anonymity," says Nagel, a tall, chiseled G-man. "We rattled them."

There's a new breed of crime-fighter prowling cyberspace: the hacker hunters. Spurred by big profits, professional cyber-criminals have replaced amateur thrill-seeking hackers as the biggest threat on the Web. Software defenses are improving rapidly, but law enforcement and security companies understand they can no longer rely on technology alone to deal with the plague of virus attacks, computer break-ins, and online scams. Instead, they're marshaling their forces and using gumshoe tactics to fight back -- infiltrating hacker groups, monitoring their chatter on underground networks, and when they can, busting the baddies before they do any more damage. "The wave of the future is getting inside these groups, developing intelligence, and taking them down," says Christopher M.E. Painter, deputy chief of the Computer Crime section of the Justice Dept., who will help prosecute ShadowCrew members at a trial scheduled for October.

Step by step, the cops are figuring out how to play the cybercrime game. They're employing some of the same tactics used to crush organized crime in the 1980s -- informants and the cyberworld equivalent of wiretaps. They're also busy coming up with brand new moves. FBI agent Daniel J. Larkin, a 20-year vet who heads up the bureau's Internet Crime Complaint Center, taps online service providers to help pierce the Web's veil of anonymity and track down criminal hackers. In late April, leads supplied by the FBI and eBay Inc. (EBAY ) helped Romanian police round up 11 members of a gang that set up fake eBay accounts and auctioned off cell phones, laptops, and cameras they never intended to deliver. "We're getting smarter every day," says Larkin.

Smarter and more collaborative. While the FBI and other investigators have been criticized for fighting each other almost as fiercely as the criminals on traditional cases, they cooperate more than ever when it comes to cybercrime. Local, state, and federal agencies regularly share tips and team up for busts. The FBI and Secret Service, which received jurisdiction over financial crimes when it was part of the Treasury Dept., have even formed a joint cybercrime task force in Los Angeles. Public agencies also are linking with tech companies and private security experts who often are the first to discover crimes and clues.

This makes the hacker hunters an eclectic bunch. Larkin ends up working in tandem with people like Mikko H. Hypponen, director of antivirus research at Finnish security outfit F-Secure Corp. Larkin is a straitlaced, 45-year-old native of Indiana, Pa., who honed his skills during Operation Illwind, the 1980s investigation into kickbacks paid to Pentagon officials by defense contractors. Hypponen is a 35-year-old computer whiz who lives on an island southwest of Helsinki populated by fewer than 100 people and a herd of moose.

On a Rampage
There's a clear reason for this newfound collaboration: The bad guys are winning. They're stealing more money, swiping more identities, wrecking more corporate computers, and breaking into more secure networks than ever before. Total damage last year was at least $17.5 billion, a record -- and 30% higher than 2003, according to research firm Computer Economics Inc. Among the computers compromised were those at NASA, a break-in in which one of the prime suspects is a 16-year-old from the Swedish university town of Uppsala.

Part of the problem is that cops don't have all the weapons they need to fight back. They clearly lack the financial resources to match their adversaries' technical skills and global reach. The FBI will spend just $150 million of a $5 billion fiscal 2005 budget on cybercrime -- not including personnel -- in spite of its being given the third-highest priority. (Terrorism and counterintelligence come first.)

The Secret Service won't discuss the funding breakdown for cybercrime. Both agencies are aggressively lobbying Congress for more money. Cybercrime laws haven't been much of a help. Hacking into computer networks was long seen as little more than a prank, and punishment was typically a slap on the wrist. That's beginning to change, however. Prosecutors are starting to make aggressive use of the Computer Fraud & Abuse Act, which carries penalties of up to 20 years in prison. The lengthiest sentence so far has been nine years, issued last December. Now prosecutors plan to send a message with the ShadowCrew case. Several members face prison sentences of 5 to 10 years if convicted. "There have to be consequences," says Painter.

The wiliest of the hackers still run rings around the cops. A Russian gang called the HangUp Team has been pummeling e-commerce Web sites and taunting its pursuers for two years, police say. The gang plants software bugs in computers that allow it to steal passwords, and it rents out huge networks of computers to others for sending out viruses and spam. HangUp Team hides in plain sight. Its Web site -- -- is decorated with a red-and-black swastika firing off lightning bolts. Its blog discusses hacker tactics and rails against Americans. Its motto: In Fraud We Trust. "We think we know what they've done, where they are, and who they are," says Nagel. But authorities haven't been able to nab them so far. The Secret Service won't say why.

Trojan Horse
Devilish trickery keeps the criminals one step ahead. In January, 2004, a new virus called MyDoom attacked the Web site of the SCO Group Inc. (SCOX ), a software company that claimed the open-source Linux program violated its copyrights. Most security experts suspected the virus writer was a Linux fan seeking revenge. They were wrong. While the SCO angle created confusion, MyDoom acted like a Trojan horse, infecting millions of computers and then opening a secret backdoor for its author. Eight days after the outbreak, the author used that backdoor to download personal data from computer owners. F-Secure's Hypponen figured this out in time to warn his clients. It was too late, however, for many others. MyDoom caused $4.8 billion in damage, the second-most-expensive software attack ever. "The enemy we have been fighting is changing," says Hypponen.

Indeed, today's cybercrooks are becoming ever more tightly organized. Like the Mafia, hacker groups have virtual godfathers to map strategy, capos to issue orders, and soldiers to do the dirty work. Their omertà, or vow of silence, is made easier by the anonymity of the Web. And like legit businesses, they're going global. The ShadowCrew allegedly had 4,000 members operating worldwide -- including Americans, Brazilians, Britons, Russians, and Spaniards. "Organized crime has realized what it can do on the street, it can do in cyberspace," says Peter G. Allor, a former Green Beret who heads the intelligence team at Internet Security Systems Inc. (ISSX ) in Atlanta.

Yet there may be hope for a shift in the fortunes of battle. Among cybercops, the ShadowCrew case is seen as a model for taking the battle to the Black Hats. Law enforcement officials are often loath to reveal details of their operations, but the Secret Service and Justice Dept. wanted to publicize a still-rare victory. So they agreed to reveal the inner dynamics of their cat-and-mouse chase to BusinessWeek. The case provides a window into the arcane culture of cybercriminals and the methods of their pursuers.

The story starts with an unlikely partnership. Andrew Mantovani was a part-time student at Scottsdale Community College in Arizona. David Appleyard was a onetime mortgage broker who lived in Linwood, N.J., just outside of Atlantic City. This is the duo who led the ShadowCrew from 2002 until they were arrested last fall, according to an indictment filed in U.S. District Court in New Jersey -- the state in which their servers were located. The two are believed to have met online, although the details of their first encounters are unknown. From their home computers, Mantovani, now 23, and Appleyard, 45, allegedly ran as an international clearinghouse for stolen credit cards and identity documents. "It was a criminal bazaar," says Nagel, a 22-year veteran who served on the protection teams for Presidents George H.W. Bush and Bill Clinton.

ShadowCrew, it appears, was largely Mantovani's creation. A business student at Scottsdale, he became a true entrepreneur in front of his computer screen. He was previously a member of a different cybergang that mainly stored stolen data, Justice Dept. officials say. He then allegedly came up with the idea of bringing together buyers and sellers in an online community so they could auction off stolen goods and share hacking tricks. Once the ShadowCrew site was established, he often reminded members in online chats that he could help them rise or fall in the gang depending on their loyalty to him, says Scott S. Christie, a former assistant U.S. attorney who helped build the legal case. "It was important [to Mantovani] to be recognized as the spiritual leader of ShadowCrew," says Christie.

If Mantovani was the brains, Appleyard was the brawn, according to the indictment. The older man adopted the online persona of a former soldier. He went by the nickname "BlackOps" and stood ready to mete out punishment to anyone who stepped out of line. One time, a gang member known as "ccsupplier" failed to deliver merchandise he had sold -- and then failed to refund the money that had been paid. Appleyard allegedly posted the guy's real name, address, and phone numbers on the ShadowCrew Web site, immediately putting him out of business. On another occasion, police say he threatened somebody with physical harm, in an online message. All the while, the former mortgage broker was living with his wife, two kids, and mother, who suffers from Alzheimer's.

The ShadowCrew gang got hold of credit-card numbers and other valuable information through all sorts of clever tricks. One of the favorites was sending millions of phishing e-mails -- messages that appeared to be from legit companies such as Yahoo! Inc. (YHOO ) and Juno Online Services Inc. but in fact were fakes designed to steal passwords and credit-card numbers. The gang also excelled at hacking into databases to steal account data. According to sources familiar with the investigation, the ShadowCrew cracked the networks of 12 unnamed companies that weren't even aware their systems had been breached.

Because most of the gang members held day jobs, the crew came alive on Sunday nights. From 10 p.m. to 2 a.m. hundreds would meet online, trading credit-card information, passports, and even equipment to make fake identity documents. Platinum credit cards cost more than gold ones. Discounts were offered for package deals. How big was the business? One day in May, 2004, a crew member known as "Scarface" sold 115,695 stolen credit-card numbers in one trade. Overall, the gang made more than $4.3 million in credit-card purchases during its two-year run. The actual tally could be more than twice as large, the feds say. It was like an eBay for the underworld.

Too Big to Hide
The operation was quite sophisticated. Mantovani, who used the handle "ThnkYouPleaseDie," and Appleyard, who went by "BlackBagTricks" as well as "Black Ops," were the "administrators," according to the government's indictment. They were in charge of strategic planning, determined which ShadowCrew aspirants got access to the Web site, and collected payments from participants to keep it running. "Moderators" hosted online forums where gang members could share tips for making fake IDs or ask questions about creating credible phishing e-mail. Below them were "reviewers," who vetted stolen information such as credit-card numbers for quality and value. The largest group, the "vendors," sold the goods to other gang members, often in online auctions. Speed was essential, since credit-card numbers had to be used quickly before they were canceled.

But their operation was too big to escape notice by the cops. In mid-2003, the Secret Service launched Operation Firewall to nab purveyors of fake credit and debit cards. They quickly focused on ShadowCrew, says Nagel, because it was among the largest gangs operating openly on the Web. Within months, agents turned one of ShadowCrew's members into a snitch. While they decline to name the person or detail how he was flipped, an affidavit says he was a high-ranking member of the gang, and one of its moderators. Last August the man helped the Secret Service set up a new electronic doorway for ShadowCrew members to enter their Web site and then spread the word that the new gateway was a more secure way in. It was the first-ever tap of a private computer network under a 1968 crime act that set legal guidelines for wiretaps. "We became," says Nagel.

This was a big break, since the cops could use the doorway to monitor all the members' communications. Among the communiqués: Omar Dhanani, aka Voleur (French for "thief"), bragged he could set up a special payment system for cybercrime transactions, police say. For a 10% commission, he would exchange cash for "eGold," an electronic currency backed by gold bullion. The Secret Service watched as he laundered money from at least a dozen deals for ShadowCrew members.

The online taps helped the cops set up real-world stakeouts, too. They started by subpoenaing records from Internet service providers such as Time Warner Inc.'s (TWX ) Road Runner. They then traced the computing addresses to actual houses and apartments so they could observe their prey in person. One target: Rogerio Rodrigues. Investigators say they saw him load a bulging bank-deposit bag into his Ford Explorer and drop it off at a Citibank (C ) branch. Later, he stopped into a Kinko's (FDX ), where agents believe he picked up counterfeit merchandise.

Cutting-edge digital monitoring combined with old-fashioned shoe leather resulted in reams of incriminating evidence. At the peak of the investigation, a dozen Secret Service agents worked 18-hour days to sift through the gang's communiqués. E-mail, instant messages, and computer addresses led them to the suspected ringleaders. Mantovani, it turned out, lived with another alleged ShadowCrew member, Brandon Monchamp. Dhanani operated from a quaint stucco house in Fountain Valley, Calif. Addresses in hand, the Secret Service was ready to conduct last fall's bust.

The ShadowCrew case is far from over, though. Charged with credit-card fraud and identity theft, most of the suspects arrested that day have been released on bail pending trial. Mantovani returned home to live with his parents on Long Island and works as a construction laborer. His lawyer, Pasquale F. Giannetta, insists Mantovani is no criminal. "He is like a normal 23-year-old boy," Giannetta says. Appleyard has not issued a plea in the case, pending additional evidence from the government. His lawyer, William J. Hughes Jr., says Appleyard was just a techie running the ShadowCrew Web site, not a criminal profiting from it. Brandon Monchamp's lawyer, Elizabeth S. Smith, declined to comment. Dhanani's and Rodrigues' attorneys did not return calls seeking comment.

Global Reach
The bust yielded a treasure trove of evidence. So far the Secret Service has uncovered 1.7 million credit-card numbers, access data to more than 18 million e-mail accounts, and identity data for thousands of people including counterfeit British passports and Michigan driver's licenses. They say the ShadowCrew pillaged more than a dozen companies, from MasterCard Inc. to Bank of America Corp. (BAC ) The bust has yielded evidence against more than 4,000 suspects and links to people in Bulgaria, Canada, Poland, and Sweden. "We will be arresting people for months and months and months," says Nagel.

Now, with the ShadowCrew bust as their inspiration, cops and security experts are becoming more aggressive. They're tapping shady Web sites and chat rooms, stepping up cooperation with investigators in other countries, and flipping informants to build cases. In the past six months, the FBI persuaded members of several spam and phishing rings to rat on their accomplices. Larkin says some of these cases will become public in the coming months.

Despite these successes, cops face major hurdles as they try to get cybercrime under control. The biggest? Their global scope. Gang members hide out in countries with weak hacking laws and lax enforcement. They can even shelter servers in a separate country, snarling the trail for investigators. Their favorite hideouts: Russia, Eastern Europe, and China.

And little wonder. In Russia, the authorities can appear at times to be more interested in protecting cybercrooks than in prosecuting them. In 2000, the FBI lured two Russian hackers to Seattle with job offers, then arrested them. Agents involved in the case later downloaded data from the duo's computers, located in Chelyabinsk, Russia, over the Web. Two years after that, Russia filed charges against the FBI sleuths for hacking -- alleging the downloads were illegal. "When you have a case that involves servers in Russia, you can almost hear the law-enforcement officials sigh," says Hypponen.

The HangUp Team has been operating in Russia with impunity for years. Some members are allegedly based in Archangelsk, an Arctic Circle city of rusting Soviet nuclear submarines and nearly perpetual winter. In 2000 the alleged original members of the team, Alexei Galaiko, Ivan Petrichenko, and Sergei Popov, were arrested for infecting two local computer networks with malicious code. But Russian authorities let them off with suspended sentences.

Little was heard from the HangUp Team for the next two years. But in 2003 the gang released the viruses Berbew and Webber. Then last year the group infected online stores with a fiendish piece of software called the Scob worm. Scob waited for Web surfers to connect, then planted software in their hard disks that spied on their typing and relayed thousands of passwords and credit-card numbers to a server in Russia, police say. "These guys have set a new standard for sophistication among criminal hackers," says A. James Melnick, 51, director of threat intelligence at iDEFENSE, a Reston (Va.) cybersecurity firm.

The HangUp crew isn't even covering its tracks. Each of the three bugs contained a telltale signature: "Coded by HangUp Team." With HangUp operating so publicly, it's not clear why its members have been so hard to catch. Russian authorities say they have been hampered by the red tape of securing warrants, coordinating with U.S. and British police, and translating documents.

It's one more sign that the battle for cyberspace has changed forever. Criminals are swarming the Web, and their attacks come from the most remote corners of the globe. There are no easy answers. But one thing is clear: The old practice of erecting defenses out of software isn't enough. "That's a Band-Aid," says Larkin. "If you don't try to take these guys down, they'll come back. You have to find a way to get to the live bodies and take them out at their roots. If you don't, you aren't solving the problem." Investigators scored an impressive success in taking down the hackers behind the ShadowCrew. But the hunt is just beginning.