Lavasoft News - May 2007

Creating Cyber Crime – Those Doing the Running

We know that cyber crime is flourishing and we know that investigators are struggling to keep up. But just who are the perpetrators of these attacks?

In the early days of online fraud, it was young, computer savvy whiz-kids hacking into government systems for fun and for the prestige. Today's attacks are carried out by a wide variety of cyber criminals from all walks of life.

According to ThinkQuest online library's Cyber Crime section, there are certain characteristics that define each and every cyber criminal: a substantial amount of technical knowledge; contempt for the law or feeling above the law; a manipulative and risk-taking nature; and an active imagination.

Criminals the world over have jumped on the cyber crime bandwagon, seeing the Internet as an opportunity to score: it is not a system owned by one individual, company or government; and there is almost unlimited access to a wealth of information of all kinds. These days it is our personal information cyber crooks seem to be most interested in because that is where the money is. To get the goods, it requires an entire network of people.

"This is... a community of criminals that is changing and adapting over time. It's a guy in his twenties in a rundown apartment in Ukraine or somewhere else in Eastern Europe who has a network of computers on which they're communicating with thousands of other people who he has never met in person, and who could be in any country around the globe. And these people are involved in a web of criminal activity," said Craig Morford, a leading authority on IT-related prosecution.

It is a tangled web they weave.

Just as in traditional organized crime the anatomy of a cyber scam, like phishing, includes several levels of organization – a hacker, a spammer, a data broker, documents and merchandise, a cashier and a money launderer.

According to Guillaume Lovet, the author of "Dirty Money on the Wires: The Business Models of Cyber Criminals", there are four groups involved in cyber crime:

Coders – these are the veterans of the hacking community. They have contacts, experience and produce ready-to-use tools like Trojans and bots for the so-called labor force – the 'kids'. According to Lovet, coders can earn a few hundred dollars for each illegal activity.

Kids – these are the newbies, generally teenagers - hence the name. They buy, trade and resell things like spam lists, php mailers, proxies, and credit card numbers. The money reportedly isn't as good for 'kids'. They generally take in less than $100 a month.

Drops – these are the people who convert the virtual money stolen in cyber crime into real cash. They are usually situated in nations lacking decent e-crime laws. Lovet claims Bolivia, Indonesia and Malaysia are currently popular. The 'drops' provide so-called safe addresses and legitimate bank accounts for goods and money to be sent to.

Mobs – professional criminal organizations that use coders, kids and drops. Organized crime makes good use of 'safe drops', and often recruits coders onto their payrolls.

Organized crime mobs from eastern Europe, most often Russia, Ukraine and Romania, have joined forces with hackers in recent years, a cooperation resulting in a slew of simple to sophisticated online attacks.

"Because organized crime is so well-entrenched there, and tolerated by authorities to some extent, they're the ones who are moving into it most aggressively," James Lewis, a senior fellow at the Center for Strategic and International Studies, told Wired.

In these countries, where corruption runs deep, economies are less than booming, and young techies lack opportunity, cyber crime has become too appealing to pass up.

For a more in-depth look at the inner workings of cyber crime, read Guillaume Lovet's full article "How cybercrime operations work – and why they make money" at Out-Law.com.


Home   arrow

 
Roboform Pro Password Manager
Stats
These days, computer security threats are coming from all directions. Here are the top five worries keeping entrepreneurs up at night, according to a March survey by the research firm Forrester.

Viruses and worms: 73%
Spyware: 66%
Spam: 64%
Outside hackers: 57%
Identity theft: 55%

Source: inc.com
Dialer
Term of the Month
A dialer is any program that utilizes a computer's modem to make calls or access services. Users may want to remove those that dial without the user's active involvement, resulting in unexpected telephone charges and/or cause access to unintended and unwanted content. They have the ability to run in the background, hiding their presence.
Tech Tips
You are a potential target for auto-dialer if you use a phone line to connect to the Internet or leave a telephone line connected to your PC even after switching to DSL or cable Internet service. Some tips:
  • If you don't need a dial-up connection, unplug your phone from the computer.
  • Disable dialup connections. If you're using Windows, for instance, click on "Start," "Settings," "Control Panel" and then "Internet Options." Open the "Connections" tab, and make sure "Never dial a connection" is checked.
  • Update your Ad-Aware SE anti-spyware and run a full sweep of your computer.
Helpful Homepage
If you suspect your personal information has been stolen, one website will give you the answer - StolenIDSearch.com. Just input your social security or credit card number on the main page to search more than 2.3 million compromised numbers...for free.
Lavasoft AB
Lilla Bommen 1
411 04 Gothenburg
Sweden

www.lavasoft.com
editor@lavasoft.com
Page footer
http://www.lavasoft.com http://www.lavasoft.com