Feeds

The rise of the Malware Mafia

New laws 'a waste of paper'

High performance access to file storage

RSA Policy makers should reject pressure to draft new laws targeting phishing and other types of cyber crime because existing statutes already cover most of the illegal activity, a researcher who investigates online criminals said.

Although phishing, malware attacks, and botnet propagation have all come about in the last decade or so, they are little more than new ways of carrying out much older types of crime, said Dmitri Alperovitch, director of intelligence analysis at a company called Secure Computing.

"These crimes, when you follow the money, when you look at what they're actually trying to do, are really covered by laws that are hundreds of years old," Alperovitch said during a session at the RSA security conference. "It's my belief that new laws for the most part are not only not needed but a lot of times are a waste of paper and a waste of time."

Alperovitch sounded a theme that has been so often repeated in security circles that it's now almost cliche: Cyber crime is no longer the province of teenage hackers holed up in their parents' basement, but rather an enterprise that's been co-opted into the most hardened and powerful organized crime families. He cataloged some of the better-known examples including:

  • Dmitry Golubov, a Ukrainian alleged to be an original member of Carderplanet, an online clearinghouse for people engaged in the theft of credit and debit card information. He was arrested in 2006, but his case languished after two members of the Ukrainian parliament intervened on his behalf. He recently founded the Internet Party of Ukraine.
  • Younis Tsouli, who last year was convicted by UK authorities for inciting acts of terrorism. Tsouli frequently distributed propaganda videos for Al-Qaeda by hosting them on computers he had hijacked, Alperovich said. He frequently engaged in online credit card theft as a means to support his activities.
  • Maxim Yastremsky, who was arrested last year for allegedly selling large amounts of credit card numbers that were stolen from the network of US retailing giant TJX. He was selling card data in batches of 10,000, and was charging $20 to $100 per card.

Today's cyber criminals have adopted elaborate organizational structures with a handful of elite family members at the top who distance themselves from the illicit activities with several layers of middlemen. At the bottom of the Carderplanet organization, for example, were the vendores, who receive stolen merchandise and use personal bank accounts to launder money. Directly above them were the capo, and still higher were the capo di capi.

Organized group's embrace of cyber crime has been made possible by the availability of highly specialized malware, which has lowered the barriers to entry. As a result, Alperovitch said, "The profile of arrested criminals is changing from tech savvy teens to traditional criminals with mile-long rap sheets for drugs and propagating fake checks." ®

High performance access to file storage

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.