Black Markets and the Online Mob

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Once the domain of uber savvy hackers and forward-thinking mafioso,today's online crime requires little more than a cursory knowledge ofprogramming and a downloadable tool kit to get started.

Progressive criminals saw the evolution of technology as a means forupgrading their own malicious activities. Hackers, crackers, phishers,pharmers and social engineers used their knowledge stores to one-up theaverage individual in a vicious game of 'you are you but I also can beyou'.

Identity theft was buoyed by the black market's supply and demand. Yeteven criminal consumers are a fickle lot, and what was valuable last yearis not so lucrative by this year's standards. According to Bindview'sRAZOR research team -- a group of people focused on incorporating thelatest up-to-date changes in the threat, vulnerability, and regulatorylandscape into Bindview's products -- credit card numbers were worthapproximately $25 each wholesale and $100 each retail in 2002. Fastforward to 2005 and they've dropped to $1 to $5 wholesale and $10 to $25retail.

Yet 'products' such as email addresses weren't on the map in 2002 but arecurrently worth $.01 to $.05 each. A well-programmed bot could find manyhundreds of valid emails a day, turning a tidy profit for blackmarketeers.

Criminals themselves saw a shift in who is doing the digital break-ins. Afew years ago, hackers generally were techie types with too much time ontheir hands who wanted to make a name for themselves in the hackerunderground. Now, they're often hackers for hire, making a buck bystealing corporate information or working hand-in-hand with spammers. Andthe kids aren't missing out on the 'fun' either, using plug-and-playtheft kits to make their work easier.

''The ease with which data can be stolen depends on the tools being usedand the thief's level of sophistication in traversing through thenetwork,'' says Jim Hurley, senior director of RAZOR Research, forHouston, Texas-based Bindview. ''Creating a breach ranges in difficultyfrom being intimately familiar with the innards of OS design,construction and network protocols to having absolutely no knowledge --because you don't need it with the vast availability of pre-built tools.Sniffers, keyloggers, rootkits, loaders, Trojans and virus kits are but afew of the many offerings on thousands of accessible sites.''

In the recent past, online theft and criminal activity poured forth fromhighly advanced or severely disadvantaged nations. But today's onlinecrime is far from being country specific. If you know how to compile aprogram, you can make changes to the source code of an application andmake it do something else.

Just as online auctions launched a flurry of overnight entrepreneurs, sohas the prevalence of online crime kits. You don't need a long list ofcontacts to get started on the dark side. Once a would-be criminal hasfound themselves some interesting information, it's not that hard to finda buyer using Web sites, bulletin boards, IM, email, cell phones and ofcourse, the very lucrative Web auction ring.

Make no mistake, though the hierarchy has shifted from organized crimefamilies, it is very much alive in the form of organized Web auctionrings -- well-oiled machines that include many layers of peopleperforming very specific roles and functions. From the top down theyinclude the inner ring, evaluators, inspectors, enforcers/contacts,trusted fences and the buyer and seller.

Web auction rings, otherwise known as Web Mobs, have proved to be a verynasty problem for Federal investigators due to their cross-countrylogistics. Once sufficient evidence has been gathered to crack an auctionring, authorities must work within international boundaries, time zonesand with foreign legal statutes.

''What's not well known is they're not in the business of stealing thingsand theyre not hackers,'' says Hurley. ''It's best to think of them as afence between the buyer and the seller. They're not technologists andthey don't care to be, they just want to make sure that their activitiesare not traceable and these are the organizations that are operatingaround the world.''

So what's for sale in this more accessible market? Falsified deeds, birthand death records, letters of credit, health insurance cards, sourcecode, diplomas and even people are available for the right price. Theanonymity and relative ease of criminal activity is gaining inattractiveness to the barely skilled programmers looking to cash in.

The modus operandi of today's cyber criminal includes commonly knowntricks of the trade, starting with the path of least resistance, i.e.,social engineering. According to Hurley, criminals go after their victimsusing a predictable set of steps: reconnaissance, target, evaluate theenvironment, install new service or backdoor, cover your tracks, hit paydirt and run or decide to hang around to exploit and reuse the target,keep ownership of the device, or not, and then move on to the nextvictim.

With so much information so relatively easy to get to, it's a feast ofsorts for the would-be Web Mobber. Using established channels spanninginternational date lines, and employing thousands of zombie machines,it's more difficult than ever to locate these extensive criminal networksbut easier than expected to join one.


So what can be done to protect our organizations from this type ofinfiltration?

''There's what I'll call best practices and then there's reality,'' saysHurley. ''Based on our research over the past two to three years, thereare significant differences in performance results that companies areexperiencing with their security programs. There are some common thingsthat are done very well among the best-class enterprises suffering theleast amount of breaches and damages. But even having said that, there'sprobably no way to defeat a serious security threat today and it wouldn'tmatter what the tool is. The only way to do that would be to unplug thecomputers.''

According to Hurley, the firms that have a good chance of avoidingvictimization are the ones with a very active risk management program inplace. ''An executive team devoted to solving security issues, where theIT security function isn't buried in a hole somewhere in IT but ratherimplemented as a risk management function, cross-company andcross-functional.''

Although the U.S. government has been working in concert withinternational authorities to painstakingly dismember online Web Mobs, ourindictments are but a grain of sand in the vast amount of criminalcollectives forming and disbanding in a constant game of hide and seek.Individually, the indictments are a win, but with the ease and prevalenceof online hacking tools and the lucrative nature of buying and sellingthrough organized Web Mobs, many more will don the black hats as theycontinue to cross-over.

The reality of it is that weve only just scratched the surface.

Submit a Comment

Loading Comments...