Online crims not just 'speccy geeks', researchers warn

They're normal and they're after your mother's maiden name

Top 5 reasons to deploy VMware with Tegile

Misconceptions about the nature of cybercrime are affecting the fight against online economic skulduggery.

Widespread beliefs that e-crooks are likely to be either "geeks with glasses" or digital pranksters are well wide of the mark, according to researchers from Trend Micro, which reckons the majority of cybercrooks would be indistinguishable from the man in the street.

Cybergangs are located around the world. Russia, the Ukraine and China are well known havens for hackers, helped by the difficulty of getting foreign complaints against economic crime to local law enforcement taken seriously. Other countries including Turkey, Brazil and Estonia also commonly crop up as the home of hackers in cybercrime investigations.

Different gangs have differing skill sets. The most technical adept specialise in writing customisable, cybercrime toolkits (such as the Zeus Trojan). Others broker the sale of malware or stolen personal information while other groups specialise in spam distribution or the administration of networks of compromised systems (botnets).

What all the groups have in common is sophisticated business models, often featuring affiliates and ideas about bonuses and incentives stolen from the mainstream world of software development and applied to cybercrime. For example, many gangs outsource aspects of cybercrime to more specialised groups.

The result is groups specialising in coding working with others whose skills lie in finding vulnerabilities. Meanwhile, other gangs manage botnets or mines personal data, while others get their hands dirty in actually carrying out identity theft or financial fraud. The average team size typically ranges from one to five people, according to Trend.

Malware and social engineering tricks are used to harvest a variety of accounts, which are traded through underground markers. Average prices range from $4 for an eBay account to 50 debit cards for $170. Twitter, iTunes, eBay, email, Skype and gambling accounts have also become commodities in black market sales forums.

"Most people are simply unaware that their identities have real financial value, individually details are sold incredibly cheaply but the whole economy has a huge turnover," explained Rik Ferguson, a senior security advisor at Trend Micro.

"Identity theft has consequences far beyond the here and now. It can affect your financial record for life."

Enterprises as well as consumers are at risk of ID theft, especially in the case of compromised banking accounts, where corporates are not entitled to the guarantees against suffering the cost of financial crimes commonly offered to consumers.

Programming groups sell their malware for anywhere between $500 and $10,000, with the highest prices charged for customised version of the Zeus banking Trojan. Trend Micro researchers cite underground sources in speculation that ZeuS programmers earn more than $800,000 per year.

The potential earnings of botnet herders may be even higher than this, depending on how successful they are at maintaining a network of infected proxies and selling their services to unscrupulous third parties. Some gangs have even begun using Twitter, Facebook and YouTube accounts to promote their services and malware kits.

Researchers at security firms have to turn detective in order to piece together a picture of who cybergangs are and how they operate. Researchers working on the bigger picture try to make sense of the complex business relationships behind attacks to better protect their customers by detecting whole malware families (kits/packs) rather than individual malicious files.

Threats commonly operate on several different layers. For example, a spam email may link to a malicious website that exploits a vulnerability to drop a Trojan on a compromised PC. This compromised machine awaits instruction from botnet herders who may have only a tenuous, indirect relationship with the original malware coders.

Since cybercrime is global, the only effective way to tackle this crime is to enforce collaboration across law enforcement agencies in different countries and continents, Trend argues. However, international co-operation is frustrated by the fact many police forces often intervene only when there's enough evidence to suggest there is a single entity that happens to be located within their jurisdiction behind criminal activity.

David Sancho, a security researcher at TrendLabs who compiled the report, warns that a growing number of individuals attracted by the prospect of making a quick buck with minimum effort or risk are getting lured into cybercrime.

"There are a few well-financed outfits with big operations that cover everything from phishing to fake antivirus deployment to mass-mailing marketing front-ends and botnet operations back-ends," Sancho told El Reg, adding there are probably no more than two dozen such operations worldwide.

"Then there's a set of people who jump on the malware badwagon and create their own botnets with underground tools, phishing kits or whatnot. We calculate these to be a few hundreds. The entry level [cost] is so low though that this number is growing." ®

Security for virtualized datacentres

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Home Depot ignored staff warnings of security fail laundry list
'Just use cash', former security staffer warns friends
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story


Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.