Demystifying the Business of Cyber Crime

Criminal activity on the Internet is not just a major industry - it's a thriving one. So much so, in fact, that there is an underground economy for cyber thieves, fed by the give and take of stolen data pilfered from users like you.

We know that the amount of malware online is increasing sharply. (Lavasoft Malware Labs saw a 234% increase in the total amount of malware added to Ad-Aware's Detection Database during April 2009, compared to the same month last year.) We know that online crime rates are rising steadily around the globe. (According to the Internet Crime Complaint Center, reported complaints swelled by 33 percent in 2008.) We know that online theft is becoming increasingly costly. (Online theft costs an estimated $1 trillion a year, according to BBC News1).

But, who is behind these ever-increasing crime levels and how are they continuing to profit from computer users? Keep reading to learn more.

The Anatomy of an Online Scam

There's an entire ecosystem involved in online crime operations. The anatomy of an online scam - just as in traditional organized crime - includes a series of steps carried out by different players, each with their own specialty. Here's a simplified look at how the string of deceit may unravel: malware writers produce tools and services that will allow them to steal data; a scammer can buy these tools and use them (in a variety of techniques and methods) to access your computer and pilfer your data; they can then either use the data themselves, or sell the harvested details in organized underground marketplaces - forums where everything from spam lists to credit card details, from proxies to private information is bartered, bought or sold; the final step involves cashing out, turning the data into real currency, often through money mules.

When organized groups of cyber crime professionals are operating together to perform these tasks, the procedure becomes even more streamlined and efficient - as well as profitable.

Speaking recently at the Vasco Banking Summit, security expert Vlado Vajdic explained that cyber crime is becoming so similar to real businesses that malware toolkits are often sold on the Web with support and maintenance services. "Today's bad guy is a business person that attracts investment, has malware writers working under them and probably even employs a project manager. These people are high-flyers," Vasco said.2

Stealing with Ease, Netting Large Profits

Why do they do it? In our current online landscape, scammers can steal without skill and with ease, making killer profits. Unfortunately, becoming a successful cyber criminal is not extremely difficult since the tools used to propagate online crime are readily available. Researchers at the RSA Conference in mid April described the effortless way cyber criminals can buy subscriptions to online fraud services that allow them to steal with no difficulty - for as little as $300 U.S. a month, according to an eWeek article.3

And, the profits pour in. According to estimates from security firm Finjan, a hacker can net up to $10,800 U.S. per day through search engine optimization attacks; a single attack operation set up to peddle a rogue anti-malware program landed an estimated $191,000.4

Stopping Cyber Crime - Outsmarting the Scammers

Still, cyber criminals are not always capable of hiding their tracks and pulling off their ploys. In the beginning of May, researchers at the United States' University of California were able to take over control of a major botnet, known as Torpig or Sinowal, and discovered how it steals personal and financial information from unknowing victims. The researchers stored the data they collected (amounting to over 70GB of stolen data in only 10 days) and are working with law enforcement to notify the victims.5

"The most severe cyber crime cases are commonly tracked down and solved in one way or another. But, the outcome of such cases may be kept away from the public in order to keep the crime-fighting tactics secret," says Pekka Andelin, a malware analyst at Malware Labs at Lavasoft.

How can you outsmart cyber thieves? Cyber criminals use knowledge of current events, often coupled with fast action and creativity, to get past your defenses; you can stay safe by employing these very same characteristics. According to Andelin, "Staying proactive and informed about the latest security threats is a good way to obtain the knowledge needed for users to enforce their online security and privacy. The Malware Labs blog is one place where users can obtain information about security threats and possible remediation."

"While the constant strive of every Web security professional, like the Lavasoft analysts at Malware Labs, is to make the Net a more secure place for everyone, much of the means of protection is laid on the shoulders of individuals, who must maintain their own awareness and knowledge as part of a layered security approach," Andelin continues.

To help stay up to date on the latest cyber crime tactics, and how to avoid them, make the Malware Labs blog a regular stop as you browse the Web.

1http://news.bbc.co.uk/2/hi/business/davos/7862549.stm
2http://www.itnews.com.au/News/98524,cybercrimeasaservice-takes-off.aspx
3http://www.eweek.com/c/a/Security/RSA-The-Elusive-Structure-of-the-Cybercriminal-Economy-237961/
4http://www.vnunet.com/vnunet/news/2238961/hacked-page-hauls-estimated-per
5http://www.networkworld.com/news/2009/050409-botnet-probe-turns-up-70g.html?t51hb&netht=mr_050509&nladname=050509dailynewspmal

Home
Get Pro for the Price of Plus - Learn More
Get Pro for the Price of Plus - Learn More
Get Pro for the Price of Plus - Learn More
BY THE NUMBERS
More than 1 in 5 online consumers in the U.S. have been victims of online crime in the past 2 years. The victims lost a combined total of $8 billion.
Source: Consumer Reports' 2009
State of the Net survey
TIPS & TACTICS
Concerned about browser security? Learn more about the security highlights of Google's new Chrome browser.
WHAT PEOPLE ARE SAYING
"The threats that users are faced with today have become what I would refer to as more 'real'. That is to say that the days of the hacker encroaching on your privacy just to play 'I can see you' are definitely over."
-Jason King, CEO of Lavasoft
FOLLOW US
Find us on
Facebook
Contact us on
LinkedIn
Follow us on
Twitter
Watch us on
YouTube
TELL A FRIEND
Pass on the news, tips and offers in this issue - e-mail Lavasoft News to a friend.

Lavasoft AB Odinsgatan 10, 411 03 Gothenburg, Sweden | www.lavasoft.com | editor@lavasoft.com