Internet Crime: Mob like rackets and economic development
By Steve Ragan Dec 18, 2006, 17:28 GMT
In the last installment of Internet Crime, we talked about a new breed of criminal. College kids, and out of work coders who are hired to do the dirty work of real criminals who lack the skill and knowledge to pull off cyber crimes.
It has made headlines, and the coverage is growing, but now there is a new twist to this plot. We covered some of the well-known frauds, and gimmicks. However, this time we will talk about a new wave that seems to be spreading. Blackmail and hijacking of networks, online accounts, and personal information.
Users all over the globe are logging in to find their email, contacts, account information, and even IM conversations locked out. All that is left is a note asking for money in return for getting this information back. These notes are easy to spot, written in broken English and demanding money within a certain period. Sometimes the fee is small, and other times it’s in the tens of thousands of dollars.
There is a boom of economic development in the underground framework of cyber criminals, and not much is being done to stop it. Measures to prevent this are becoming known but only after the fact, and the reactive stance is one that does not help the users, companies, or networks affected.
There are documented reports and examples of chat rooms, message boards, news groups, and websites where the latest information is up for sale.
Criminals see the internet as a largely untapped market for real profit, and they are taking advantage of it. PayPal and EBay information traded and sold for as little as $7-10.00 USD. 0-Day exploits and proven methods of intrusion are sold, depending of the software or system, for $5-15,000 USD.
Botnets can be leased or bought for tens of thousands of dollars and the buyer can control hundreds of thousands of zombie like PC’s to spam email, attack websites, or other users. $2-500.00 USD is the going rate this morning on one IRC network for fresh credit card and SSN information.
How can this happen? Where is the information coming from? Those questions are sadly answered by the same response. You. The information comes from phishing, insecure and un-updated software on networks, poor passwords, and network security policies. Those are all examples that allow the exploits, and schemes to work. The time of security by obscurity is over. IT Admins and home users need to be alert and aware. Research, and learn about the latest scams. Use the public resources out there for you, to protect yourself, computer, and network from harm.
Failure to do so will cost you more than the criminal’s fee to get this information back.