Feeds

The rise of the Malware Mafia

New laws 'a waste of paper'

The Power of One eBook: Top reasons to choose HP BladeSystem

RSA Policy makers should reject pressure to draft new laws targeting phishing and other types of cyber crime because existing statutes already cover most of the illegal activity, a researcher who investigates online criminals said.

Although phishing, malware attacks, and botnet propagation have all come about in the last decade or so, they are little more than new ways of carrying out much older types of crime, said Dmitri Alperovitch, director of intelligence analysis at a company called Secure Computing.

"These crimes, when you follow the money, when you look at what they're actually trying to do, are really covered by laws that are hundreds of years old," Alperovitch said during a session at the RSA security conference. "It's my belief that new laws for the most part are not only not needed but a lot of times are a waste of paper and a waste of time."

Alperovitch sounded a theme that has been so often repeated in security circles that it's now almost cliche: Cyber crime is no longer the province of teenage hackers holed up in their parents' basement, but rather an enterprise that's been co-opted into the most hardened and powerful organized crime families. He cataloged some of the better-known examples including:

  • Dmitry Golubov, a Ukrainian alleged to be an original member of Carderplanet, an online clearinghouse for people engaged in the theft of credit and debit card information. He was arrested in 2006, but his case languished after two members of the Ukrainian parliament intervened on his behalf. He recently founded the Internet Party of Ukraine.
  • Younis Tsouli, who last year was convicted by UK authorities for inciting acts of terrorism. Tsouli frequently distributed propaganda videos for Al-Qaeda by hosting them on computers he had hijacked, Alperovich said. He frequently engaged in online credit card theft as a means to support his activities.
  • Maxim Yastremsky, who was arrested last year for allegedly selling large amounts of credit card numbers that were stolen from the network of US retailing giant TJX. He was selling card data in batches of 10,000, and was charging $20 to $100 per card.

Today's cyber criminals have adopted elaborate organizational structures with a handful of elite family members at the top who distance themselves from the illicit activities with several layers of middlemen. At the bottom of the Carderplanet organization, for example, were the vendores, who receive stolen merchandise and use personal bank accounts to launder money. Directly above them were the capo, and still higher were the capo di capi.

Organized group's embrace of cyber crime has been made possible by the availability of highly specialized malware, which has lowered the barriers to entry. As a result, Alperovitch said, "The profile of arrested criminals is changing from tech savvy teens to traditional criminals with mile-long rap sheets for drugs and propagating fake checks." ®

Designing a Defense for Mobile Applications

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.