Feeds

The rise of the Malware Mafia

New laws 'a waste of paper'

Internet Security Threat Report 2014

RSA Policy makers should reject pressure to draft new laws targeting phishing and other types of cyber crime because existing statutes already cover most of the illegal activity, a researcher who investigates online criminals said.

Although phishing, malware attacks, and botnet propagation have all come about in the last decade or so, they are little more than new ways of carrying out much older types of crime, said Dmitri Alperovitch, director of intelligence analysis at a company called Secure Computing.

"These crimes, when you follow the money, when you look at what they're actually trying to do, are really covered by laws that are hundreds of years old," Alperovitch said during a session at the RSA security conference. "It's my belief that new laws for the most part are not only not needed but a lot of times are a waste of paper and a waste of time."

Alperovitch sounded a theme that has been so often repeated in security circles that it's now almost cliche: Cyber crime is no longer the province of teenage hackers holed up in their parents' basement, but rather an enterprise that's been co-opted into the most hardened and powerful organized crime families. He cataloged some of the better-known examples including:

  • Dmitry Golubov, a Ukrainian alleged to be an original member of Carderplanet, an online clearinghouse for people engaged in the theft of credit and debit card information. He was arrested in 2006, but his case languished after two members of the Ukrainian parliament intervened on his behalf. He recently founded the Internet Party of Ukraine.
  • Younis Tsouli, who last year was convicted by UK authorities for inciting acts of terrorism. Tsouli frequently distributed propaganda videos for Al-Qaeda by hosting them on computers he had hijacked, Alperovich said. He frequently engaged in online credit card theft as a means to support his activities.
  • Maxim Yastremsky, who was arrested last year for allegedly selling large amounts of credit card numbers that were stolen from the network of US retailing giant TJX. He was selling card data in batches of 10,000, and was charging $20 to $100 per card.

Today's cyber criminals have adopted elaborate organizational structures with a handful of elite family members at the top who distance themselves from the illicit activities with several layers of middlemen. At the bottom of the Carderplanet organization, for example, were the vendores, who receive stolen merchandise and use personal bank accounts to launder money. Directly above them were the capo, and still higher were the capo di capi.

Organized group's embrace of cyber crime has been made possible by the availability of highly specialized malware, which has lowered the barriers to entry. As a result, Alperovitch said, "The profile of arrested criminals is changing from tech savvy teens to traditional criminals with mile-long rap sheets for drugs and propagating fake checks." ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.