Creating Cyber Crime – Those Doing the Running
We know that cyber crime is flourishing and we know that investigators are struggling to keep up. But just who are the perpetrators of these attacks?
In the early days of online fraud, it was young, computer savvy whiz-kids hacking into government systems for fun and for the prestige. Today's attacks are carried out by a wide variety of cyber criminals from all walks of life.
According to ThinkQuest online library's Cyber Crime section, there are certain characteristics that define each and every cyber criminal: a substantial amount of technical knowledge; contempt for the law or feeling above the law; a manipulative and risk-taking nature; and an active imagination.
Criminals the world over have jumped on the cyber crime bandwagon, seeing the Internet as an opportunity to score: it is not a system owned by one individual, company or government; and there is almost unlimited access to a wealth of information of all kinds. These days it is our personal information cyber crooks seem to be most interested in because that is where the money is. To get the goods, it requires an entire network of people.
"This is... a community of criminals that is changing and adapting over time. It's a guy in his twenties in a rundown apartment in Ukraine or somewhere else in Eastern Europe who has a network of computers on which they're communicating with thousands of other people who he has never met in person, and who could be in any country around the globe. And these people are involved in a web of criminal activity," said Craig Morford, a leading authority on IT-related prosecution.
It is a tangled web they weave.
Just as in traditional organized crime the anatomy of a cyber scam, like phishing, includes several levels of organization – a hacker, a spammer, a data broker, documents and merchandise, a cashier and a money launderer.
According to Guillaume Lovet, the author of "Dirty Money on the Wires: The Business Models of Cyber Criminals", there are four groups involved in cyber crime:
Coders – these are the veterans of the hacking community. They have contacts, experience and produce ready-to-use tools like Trojans and bots for the so-called labor force – the 'kids'. According to Lovet, coders can earn a few hundred dollars for each illegal activity.
Kids – these are the newbies, generally teenagers - hence the name. They buy, trade and resell things like spam lists, php mailers, proxies, and credit card numbers. The money reportedly isn't as good for 'kids'. They generally take in less than $100 a month.
Drops – these are the people who convert the virtual money stolen in cyber crime into real cash. They are usually situated in nations lacking decent e-crime laws. Lovet claims Bolivia, Indonesia and Malaysia are currently popular. The 'drops' provide so-called safe addresses and legitimate bank accounts for goods and money to be sent to.
Mobs – professional criminal organizations that use coders, kids and drops. Organized crime makes good use of 'safe drops', and often recruits coders onto their payrolls.
Organized crime mobs from eastern Europe, most often Russia, Ukraine and Romania, have joined forces with hackers in recent years, a cooperation resulting in a slew of simple to sophisticated online attacks.
"Because organized crime is so well-entrenched there, and tolerated by authorities to some extent, they're the ones who are moving into it most aggressively," James Lewis, a senior fellow at the Center for Strategic and International Studies, told Wired.
In these countries, where corruption runs deep, economies are less than booming, and young techies lack opportunity, cyber crime has become too appealing to pass up.
For a more in-depth look at the inner workings of cyber crime, read Guillaume Lovet's full article "How cybercrime operations work – and why they make money" at Out-Law.com.