Feeds

The rise of the Malware Mafia

New laws 'a waste of paper'

Intelligent flash storage arrays

RSA Policy makers should reject pressure to draft new laws targeting phishing and other types of cyber crime because existing statutes already cover most of the illegal activity, a researcher who investigates online criminals said.

Although phishing, malware attacks, and botnet propagation have all come about in the last decade or so, they are little more than new ways of carrying out much older types of crime, said Dmitri Alperovitch, director of intelligence analysis at a company called Secure Computing.

"These crimes, when you follow the money, when you look at what they're actually trying to do, are really covered by laws that are hundreds of years old," Alperovitch said during a session at the RSA security conference. "It's my belief that new laws for the most part are not only not needed but a lot of times are a waste of paper and a waste of time."

Alperovitch sounded a theme that has been so often repeated in security circles that it's now almost cliche: Cyber crime is no longer the province of teenage hackers holed up in their parents' basement, but rather an enterprise that's been co-opted into the most hardened and powerful organized crime families. He cataloged some of the better-known examples including:

  • Dmitry Golubov, a Ukrainian alleged to be an original member of Carderplanet, an online clearinghouse for people engaged in the theft of credit and debit card information. He was arrested in 2006, but his case languished after two members of the Ukrainian parliament intervened on his behalf. He recently founded the Internet Party of Ukraine.
  • Younis Tsouli, who last year was convicted by UK authorities for inciting acts of terrorism. Tsouli frequently distributed propaganda videos for Al-Qaeda by hosting them on computers he had hijacked, Alperovich said. He frequently engaged in online credit card theft as a means to support his activities.
  • Maxim Yastremsky, who was arrested last year for allegedly selling large amounts of credit card numbers that were stolen from the network of US retailing giant TJX. He was selling card data in batches of 10,000, and was charging $20 to $100 per card.

Today's cyber criminals have adopted elaborate organizational structures with a handful of elite family members at the top who distance themselves from the illicit activities with several layers of middlemen. At the bottom of the Carderplanet organization, for example, were the vendores, who receive stolen merchandise and use personal bank accounts to launder money. Directly above them were the capo, and still higher were the capo di capi.

Organized group's embrace of cyber crime has been made possible by the availability of highly specialized malware, which has lowered the barriers to entry. As a result, Alperovitch said, "The profile of arrested criminals is changing from tech savvy teens to traditional criminals with mile-long rap sheets for drugs and propagating fake checks." ®

Intelligent flash storage arrays

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.