« Podcast: SearchInform - The Path From Search to Security | Main | DuPont Insider Tries to Steal $400 Million »

As the internet has evolved, so has the face of the cybercriminal, changing from what was once the providence of bedroom-geek hackers into something resembling much more of a full-fledged criminal who, instead of a gun, uses a computer. As I’ve blogged here before, their main intent has also shifted from making the biggest names for themselves to all about making money.

What is most frightening on this report found on Out-Law.com is that people with relatively low technical-skills can now effectively steal thousands of dollars a day without ever having to leave home. In fact, the cybercriminal can make more money online than dealing drugs, and the only time they have to leave their computer is to collect the cash.

Cybercrime has also become quite efficient, in that there is an active international market for skills and tools to use. It even has its own currency. The rise of cybercrime is directly related to the rise of online credit card transactions and online bank accounts.

For example, the cost to obtain authorized control over a six figure bank account is $400 (cybercriminals always deal in dollars). While that might seem like a fairly small figure, there is still quite a bit of risk and work left to do, and also remember that most people offering the information come from poor countries.

The transaction would probably take place in a hidden IRC (Internet Relay Chat) chatroom, and the $400 dollar fee paid in a virtual currency such as e-gold.

What follows below is a list of the various specialized functions that cybercriminals can engage in:

Coders – comparative veterans of the hacking community. With a few years' experience at the art and a list of established contacts, ‘coders’ produce ready-to-use tools (i.e. Trojans, mailers, custom bots) or services (such as making a binary code undetectable to AV engines) to the cybercrime labour force – the ‘kids’. Coders can make a few hundred dollars for every criminal activity they engage in.

Kids – so-called because of their tender age: most are under 18. They buy, trade and resell the elementary building blocks of effective cyber-scams such as spam lists, php mailers, proxies, credit card numbers, hacked hosts, scam pages etc. ‘Kids’ will make less than $100 a month, largely because of the frequency of being ‘ripped off’ by one another.

Drops – the individuals who convert the ‘virtual money’ obtained in cybercrime into real cash. Usually located in countries with lax e-crime laws (Bolivia, Indonesia and Malaysia are currently very popular), they represent ‘safe’ addresses for goods purchased with stolen financial details to be sent, or else ‘safe’ legitimate bank accounts for money to be transferred into illegally, and paid out of legitimately.

Mobs – professionally operating criminal organisations combining or utilising all of the functions covered by the above. Organised crime makes particularly good use of safe ‘drops’, as well as recruiting accomplished ‘coders’ onto their payrolls.

Control of a bank account is most often achieved through phishing, and numerous phishing tools can be acquired cheaply. To get started phishing pretty much entails purchasing a scam letter and scam page in your chosen language, a fresh spam list, a selection of php mailers to spam-out 100,000 mails for six hours, a hacked website for hosting the scam page for a few days, and finally a stolen but valid credit card with which to register a domain name, and can all be bought for a total of $60 dollars.

The worst case scenario for a return on the 60 dollars is 300 percent, or 180 dollars, which can go a long way in many countries. To fight this frightening rise in cybercrime there needs to be tighter digital laws with the ability of cross-border enforcement. Organizations also need to be more creative and more diligent in their defenses. That, along with greater user education, can create a better safeguard and assure that e-commerce remains legitimate.

Posted by pschooff in Better Protection |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1403