Online crims not just 'speccy geeks', researchers warn

They're normal and they're after your mother's maiden name

Choosing a cloud hosting partner with confidence

Misconceptions about the nature of cybercrime are affecting the fight against online economic skulduggery.

Widespread beliefs that e-crooks are likely to be either "geeks with glasses" or digital pranksters are well wide of the mark, according to researchers from Trend Micro, which reckons the majority of cybercrooks would be indistinguishable from the man in the street.

Cybergangs are located around the world. Russia, the Ukraine and China are well known havens for hackers, helped by the difficulty of getting foreign complaints against economic crime to local law enforcement taken seriously. Other countries including Turkey, Brazil and Estonia also commonly crop up as the home of hackers in cybercrime investigations.

Different gangs have differing skill sets. The most technical adept specialise in writing customisable, cybercrime toolkits (such as the Zeus Trojan). Others broker the sale of malware or stolen personal information while other groups specialise in spam distribution or the administration of networks of compromised systems (botnets).

What all the groups have in common is sophisticated business models, often featuring affiliates and ideas about bonuses and incentives stolen from the mainstream world of software development and applied to cybercrime. For example, many gangs outsource aspects of cybercrime to more specialised groups.

The result is groups specialising in coding working with others whose skills lie in finding vulnerabilities. Meanwhile, other gangs manage botnets or mines personal data, while others get their hands dirty in actually carrying out identity theft or financial fraud. The average team size typically ranges from one to five people, according to Trend.

Malware and social engineering tricks are used to harvest a variety of accounts, which are traded through underground markers. Average prices range from $4 for an eBay account to 50 debit cards for $170. Twitter, iTunes, eBay, email, Skype and gambling accounts have also become commodities in black market sales forums.

"Most people are simply unaware that their identities have real financial value, individually details are sold incredibly cheaply but the whole economy has a huge turnover," explained Rik Ferguson, a senior security advisor at Trend Micro.

"Identity theft has consequences far beyond the here and now. It can affect your financial record for life."

Enterprises as well as consumers are at risk of ID theft, especially in the case of compromised banking accounts, where corporates are not entitled to the guarantees against suffering the cost of financial crimes commonly offered to consumers.

Programming groups sell their malware for anywhere between $500 and $10,000, with the highest prices charged for customised version of the Zeus banking Trojan. Trend Micro researchers cite underground sources in speculation that ZeuS programmers earn more than $800,000 per year.

The potential earnings of botnet herders may be even higher than this, depending on how successful they are at maintaining a network of infected proxies and selling their services to unscrupulous third parties. Some gangs have even begun using Twitter, Facebook and YouTube accounts to promote their services and malware kits.

Researchers at security firms have to turn detective in order to piece together a picture of who cybergangs are and how they operate. Researchers working on the bigger picture try to make sense of the complex business relationships behind attacks to better protect their customers by detecting whole malware families (kits/packs) rather than individual malicious files.

Threats commonly operate on several different layers. For example, a spam email may link to a malicious website that exploits a vulnerability to drop a Trojan on a compromised PC. This compromised machine awaits instruction from botnet herders who may have only a tenuous, indirect relationship with the original malware coders.

Since cybercrime is global, the only effective way to tackle this crime is to enforce collaboration across law enforcement agencies in different countries and continents, Trend argues. However, international co-operation is frustrated by the fact many police forces often intervene only when there's enough evidence to suggest there is a single entity that happens to be located within their jurisdiction behind criminal activity.

David Sancho, a security researcher at TrendLabs who compiled the report, warns that a growing number of individuals attracted by the prospect of making a quick buck with minimum effort or risk are getting lured into cybercrime.

"There are a few well-financed outfits with big operations that cover everything from phishing to fake antivirus deployment to mass-mailing marketing front-ends and botnet operations back-ends," Sancho told El Reg, adding there are probably no more than two dozen such operations worldwide.

"Then there's a set of people who jump on the malware badwagon and create their own botnets with underground tools, phishing kits or whatnot. We calculate these to be a few hundreds. The entry level [cost] is so low though that this number is growing." ®

Internet Security Threat Report 2014

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
NOT OK GOOGLE: Android images can conceal code
It's been fixed, but hordes won't have applied the upgrade
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
prev story


Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.