Organized Cybercrime Revealed
The shadow economy for stolen identity and account information continues to evolve
By Michael Fitzgerald
September 28, 2009 — CSO —
As if CSOs don't have enough on their plates, they now need to beat back made men, capos and the other elements of the Mafia. Yes, the Mafia is formally involved in cybercrime, or so alleges the U.S. attorney for Florida, who filed charges against associates of the Bonanno crime family that included pilfering data from Lexis-Nexis.
The Mafia engaging in cybercrime might sound like your grandmother joining Facebook. In fact, "the majority of data breaches are the result of organized crime," says Nick Holland, an analyst at Aite Group in Boston. That doesn't mean it's the conventional Mafia pulling the strings—though it can be. In fact, it's hard to tell just who is in control sometimes. For the most part, cybergroups that become notorious, like the Rockfish or the old Russian Business Network, do so because very few cybercrime groups publicize themselves, says Steve Santorelli of Team Cymru. (Cymru, pronounced cumri, is the Welsh word for Wales.)
In fact, observers sometimes disagree on just who's behind a crime. Take last year's RBS Worldpay scam, which saw hackers not only make off with 1.5 million records from the electronic payments processor, but make fake ATM cards used to withdraw more than $9 million in 49 cities around the world in a one-hour period. Frank Heidt, CEO of Leviathan Security in Seattle, thinks this was a case of an extremely well-organized group with roots in Russian organized crime. Peter Cassidy, director of research at Triarche Consulting Group in Cambridge, Mass., says it looks like a franchise-style operation in which the data and details on how and when to use it was sold to groups operating in different regions.
Either way, it's organized crime. Just a few years ago, most hackers either acted for the glory of spreading a virus they'd written, or handled all aspects of an operation, from phishing to building fake websites to cashing in on the fraud. Since then, cybercriminals have discovered Adam Smith. They specialize, they create markets and above all, they're entrepreneurial. And because of the Internet, "you get radical distribution of labor and a radically fast ability to recruit skills," says Cassidy.
These organizations adopt various structures. The crime family model obviously still applies when the Mafia is involved. Some groups that seem independent of the Mafia, like the people who ran Carder's Market—an underground site for buying and selling credit card information—also use a Mafia-like structure and terminology. Phishing groups tend to work like Japanese keiretsu, says Cassidy, who is also secretary of the Anti-Phishing Working Group. Cybercriminals sometimes use a hub-and-spoke model, where a criminal mastermind puts together various tools and people needed to pull off a job. Want a botnet? A Symantec study found that on average, you could gain use of one for $225. Need a keystroke logger? Average price: $23. Want someone to host a phishing scam? That can be had for as little as $2. A specific vulnerability in financial sites might cost $3,000.