Android Botnet for SMS

Another area where SMS text messages may not have received as much scrutiny is regarding messages sent by mobile botnets. If I may I will re-emphasise the following point, the purpose of the discussions here and below are not as a criticism about tools or processes that are used in extracting, harvesting and/or treating recovered data but that data analysis is still required and cannot be rushed. If the examiner doesn't perform the analysis task does the officer or investigator (who may have considerably less experience) left to perform that role?

To avoid confusion a starting point about reference to botnets is required. One contribution is this intro into botnets: https://www.usenix.org/legacy/event/leet11/tech/slides/xiang.pdf 

The video below shows how one hacker, Georgia Weidman (2011), developed an Android Smartphone Botnet to send SMS text messages.




A brief description of the code (botPoCrelease-android.c) that use the smartphone to spawn messages using a Master/Slave/Target combination to hide the identity of the Master to the Slave.

==============================================================
Compile with arm-gcc with the -static flag set
Copy to anywhere on the underlying OS that is writable (/data/ is good).
Rename /dev/smd0/ to /dev/smd0real/
Start the bot application
Kill the radio application (ps | grep rild)
The radio will automatically respawn and now the bot proxy will be working
==============================================================

The original botnet code has been in the hacking community since 2011 but currently the code is hard to find. There is a sanitised version available though.

This proof of concept mobile botnet to generate SMS text messages still relies upon knowing the target's mobile number. The analysis thus focussing on the sending party (Master) knowing the recipient mobile number (Target) to hand to the donor (Slave). In the alternative, harvested mobile numbers returned from ICMP (or similar) pings via the internet could generate a high harvest of returned MSISDNs without the Target knowing his/her MSISDN has been acquired to send messages(SMS spam, etc.).

Cybercrime: procedures, deterrent and investigation

Cybercrime: procedures, deterrent and investigation

The title cybercrime Convention on Cybercrime is not new and has had numerous airings going back to the late 1990s and early 2000s. It has largely languished there, though, until it became the economic follow-up to the war on terrorism given there has been a signifcant shift towards electronic attacks or gained perception about the potential threat for crimes to be committed using technoology.

Cybercrime isn't actually a qualification in itself of the 'actual crime' that has been or is about to be perpetrated, rather on the one hand it provides a global statement under which preventions, deterrent and investigation can be defined about crimes where technology is or can be used as a conduit for a criminal or terrorist event. The technologies that are perceived to be relevant and 'usable' for cybercrime are set out in:

Proposal for a COUNCIL FRAMEWORK DECISION on attacks against information systems

Article 2
Definitions
For the purposes of this Framework Decision, the following definitions shall apply:
(a) "Electronic communications network" means transmission systems and, where applicable, switching or routing equipment and other resources which permit the conveyance of signals by wire, by radio, by optical or by other electromagnetic means, including satellite networks, fixed (circuit- and packet-switched, including Internet) and mobile terrestrial networks, electricity cable systems, to the extent that they are used for the purpose of transmitting signals, networks used for radio and television broadcasting, and cable TV networks, irrespective of the type of information conveyed"

So this represents a broad range of identified technologies (whether used in natural sciences or manmade systems) that are identified avenues for 'cybercirme' procedures, deterrent and investigation. Furthermore, and on the other hand, cybercrime equally requires the 'type' of crime (substantive or inchoate) to be identifed that has or could operate 'through' a single or combination of technologies. For instance:

- a virus that is inserted into the electronic communication messages sent via Broadband of Power Lines (BPL) that takes down or attempts to take down a power station causing blackout might range in criminal law as a type of crime indicted eg under criminal damage, ecomonic damage, computer misuse, terrorism etc
- a message mispresenting a genuine individual that allows funds to be removed from the indiviudals account using the wireless network may be indicted in criminal proceedings as a fraud etc 

In the UK, legislation covers crimes such as 'abstraction of electricity', 'obtaining a telecommunication service with the intention of avoiding payment', 'computer misuse', unlawful interception' etc. To re-write all the relevant Statutes to identify crimes like these and other as 'cybercrime' would not seem practical at all. Cybercrime, then, perhaps may well be best described for use as a 'global title' to identify a state of 'events' generated through the use of various technologies.

The International Telecommunications Union (ITU) recognises the need for cybercrime procedures, deterrent and investigation and published two highly informative draft guides that one would expect to find produced from such an experienced and authoritative organisation:

D010B0000073301PDFE.pdf

ITU toolkit cybercrime legislation.pdf

As these documents are drafts, it is clear that evolving documents will continue to refine and define 'cybercrime' but may remain unable to circumvent the identification of the actual technologies used in a crime. One possible consequence of this is that forensic exmainers and experts in their specific fields will continue to provide their services, but an adjustment to a report or opinion may be required to start with e.g.

"Cybercrime Report/Opinion: The use of  X-technology in such and such an alleged crime...."