Feeds

The rise of the Malware Mafia

New laws 'a waste of paper'

Beginner's guide to SSL certificates

RSA Policy makers should reject pressure to draft new laws targeting phishing and other types of cyber crime because existing statutes already cover most of the illegal activity, a researcher who investigates online criminals said.

Although phishing, malware attacks, and botnet propagation have all come about in the last decade or so, they are little more than new ways of carrying out much older types of crime, said Dmitri Alperovitch, director of intelligence analysis at a company called Secure Computing.

"These crimes, when you follow the money, when you look at what they're actually trying to do, are really covered by laws that are hundreds of years old," Alperovitch said during a session at the RSA security conference. "It's my belief that new laws for the most part are not only not needed but a lot of times are a waste of paper and a waste of time."

Alperovitch sounded a theme that has been so often repeated in security circles that it's now almost cliche: Cyber crime is no longer the province of teenage hackers holed up in their parents' basement, but rather an enterprise that's been co-opted into the most hardened and powerful organized crime families. He cataloged some of the better-known examples including:

  • Dmitry Golubov, a Ukrainian alleged to be an original member of Carderplanet, an online clearinghouse for people engaged in the theft of credit and debit card information. He was arrested in 2006, but his case languished after two members of the Ukrainian parliament intervened on his behalf. He recently founded the Internet Party of Ukraine.
  • Younis Tsouli, who last year was convicted by UK authorities for inciting acts of terrorism. Tsouli frequently distributed propaganda videos for Al-Qaeda by hosting them on computers he had hijacked, Alperovich said. He frequently engaged in online credit card theft as a means to support his activities.
  • Maxim Yastremsky, who was arrested last year for allegedly selling large amounts of credit card numbers that were stolen from the network of US retailing giant TJX. He was selling card data in batches of 10,000, and was charging $20 to $100 per card.

Today's cyber criminals have adopted elaborate organizational structures with a handful of elite family members at the top who distance themselves from the illicit activities with several layers of middlemen. At the bottom of the Carderplanet organization, for example, were the vendores, who receive stolen merchandise and use personal bank accounts to launder money. Directly above them were the capo, and still higher were the capo di capi.

Organized group's embrace of cyber crime has been made possible by the availability of highly specialized malware, which has lowered the barriers to entry. As a result, Alperovitch said, "The profile of arrested criminals is changing from tech savvy teens to traditional criminals with mile-long rap sheets for drugs and propagating fake checks." ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Managing SSL certificates with ease
The lack of operational efficiencies and compliance pitfalls associated with poor SSL certificate management, and how the right SSL certificate management tool can help.