Online crims not just 'speccy geeks', researchers warn

They're normal and they're after your mother's maiden name

Website security in corporate America

Misconceptions about the nature of cybercrime are affecting the fight against online economic skulduggery.

Widespread beliefs that e-crooks are likely to be either "geeks with glasses" or digital pranksters are well wide of the mark, according to researchers from Trend Micro, which reckons the majority of cybercrooks would be indistinguishable from the man in the street.

Cybergangs are located around the world. Russia, the Ukraine and China are well known havens for hackers, helped by the difficulty of getting foreign complaints against economic crime to local law enforcement taken seriously. Other countries including Turkey, Brazil and Estonia also commonly crop up as the home of hackers in cybercrime investigations.

Different gangs have differing skill sets. The most technical adept specialise in writing customisable, cybercrime toolkits (such as the Zeus Trojan). Others broker the sale of malware or stolen personal information while other groups specialise in spam distribution or the administration of networks of compromised systems (botnets).

What all the groups have in common is sophisticated business models, often featuring affiliates and ideas about bonuses and incentives stolen from the mainstream world of software development and applied to cybercrime. For example, many gangs outsource aspects of cybercrime to more specialised groups.

The result is groups specialising in coding working with others whose skills lie in finding vulnerabilities. Meanwhile, other gangs manage botnets or mines personal data, while others get their hands dirty in actually carrying out identity theft or financial fraud. The average team size typically ranges from one to five people, according to Trend.

Malware and social engineering tricks are used to harvest a variety of accounts, which are traded through underground markers. Average prices range from $4 for an eBay account to 50 debit cards for $170. Twitter, iTunes, eBay, email, Skype and gambling accounts have also become commodities in black market sales forums.

"Most people are simply unaware that their identities have real financial value, individually details are sold incredibly cheaply but the whole economy has a huge turnover," explained Rik Ferguson, a senior security advisor at Trend Micro.

"Identity theft has consequences far beyond the here and now. It can affect your financial record for life."

Enterprises as well as consumers are at risk of ID theft, especially in the case of compromised banking accounts, where corporates are not entitled to the guarantees against suffering the cost of financial crimes commonly offered to consumers.

Programming groups sell their malware for anywhere between $500 and $10,000, with the highest prices charged for customised version of the Zeus banking Trojan. Trend Micro researchers cite underground sources in speculation that ZeuS programmers earn more than $800,000 per year.

The potential earnings of botnet herders may be even higher than this, depending on how successful they are at maintaining a network of infected proxies and selling their services to unscrupulous third parties. Some gangs have even begun using Twitter, Facebook and YouTube accounts to promote their services and malware kits.

Researchers at security firms have to turn detective in order to piece together a picture of who cybergangs are and how they operate. Researchers working on the bigger picture try to make sense of the complex business relationships behind attacks to better protect their customers by detecting whole malware families (kits/packs) rather than individual malicious files.

Threats commonly operate on several different layers. For example, a spam email may link to a malicious website that exploits a vulnerability to drop a Trojan on a compromised PC. This compromised machine awaits instruction from botnet herders who may have only a tenuous, indirect relationship with the original malware coders.

Since cybercrime is global, the only effective way to tackle this crime is to enforce collaboration across law enforcement agencies in different countries and continents, Trend argues. However, international co-operation is frustrated by the fact many police forces often intervene only when there's enough evidence to suggest there is a single entity that happens to be located within their jurisdiction behind criminal activity.

David Sancho, a security researcher at TrendLabs who compiled the report, warns that a growing number of individuals attracted by the prospect of making a quick buck with minimum effort or risk are getting lured into cybercrime.

"There are a few well-financed outfits with big operations that cover everything from phishing to fake antivirus deployment to mass-mailing marketing front-ends and botnet operations back-ends," Sancho told El Reg, adding there are probably no more than two dozen such operations worldwide.

"Then there's a set of people who jump on the malware badwagon and create their own botnets with underground tools, phishing kits or whatnot. We calculate these to be a few hundreds. The entry level [cost] is so low though that this number is growing." ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
prev story


Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.