[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Cybercrime update: Is organized crime moving into cybersphere?


By Bob Brown

As if FBI special agent Tim OBrien and his cybercrime fighting comrades 
dont already have their hands full with bot herders, virus writers and 
other loosely-aligned crooks, now people are wondering when more 
traditional organized crime will grab a piece of the action.

Following his presentation at CIO Forum, OBrien was asked by one 
technology pro about whether the real-life Tony Sopranos of the 
organized crime world have caught the cybercrime bug.

I dont think traditional organized crime in this country is involved in 
the cybersphere yet, but thats certainly a possibility, he says. A lot 
of its benign crimeit goes under the radar and most people dont know 
anything about it. Its not murder, its not racketeering, its stuff thats 
not going to make a headline. The chances of making a tremendous amount 
of money off that without getting caught are much higher than going out 
and murdering your enemies.

More common are loosely organized criminals from other parts of the 
world where job prospects arent so good. These various specialists  some 
expert at developing malware, others at distributing it via a botnet and 
others with the ability to sell stolen data -- scheme to infiltrate 
computers and networks and commit fraud, says OBrien, who refers to the 
malware used to perpetrate such crimes as crimeware.

?America is the target. We have the assets and systems here and we have 
a lot of people who are looking to profit off that, OBrien says. He and 
a handful of other FBI agents from New York City joined 300-plus CIOs at 
the CIO Forum event aboard the Norwegian Dawn cruise ship in hopes of 
getting the tech executives to open up about their security concerns and 
to encourage their participation in information sharing programs such as 

Citing recent statistics from surveys conducted by the FBI and vendors 
such as Symantec, OBrien says the findings are scary: More companies are 
being targeted; malware writers are pumping out their programs faster 
than ever; and all indications are that intruders increasingly are 
looking to turn a profit. Half of what people are reporting are just 
trojans, not worms or viruses so much, OBrien says. That indicates the 
actual mindset of whats going on out there, that people are looking to 
place something on the system to prepare a beachhead for later 

Compromised routers (access to Cisco systems that can be used for 
denial-of-service attacks can be had for $2) and host computers have 
become commodities, constantly swapped online by cybercrooks for stolen 
credit card and Social Security numbers, OBrien says.

And the stakes are only getting higher. New self-defending malware is 
even being created that purges protections such as anti-rootkit software 
and that squelches other malware so that compromised systems cant be 
shared by other thieves, OBrien says. Some malware is smart enough to 
recognize if its in a VMware or other virtualized environment and can 
unload itself so it cant be debugged, he says. Other malware can avoid 
detection by changing its signature via a new filename and increasingly 
modular malware can be distributed across a network to avoid a single 
point of failure.

Other trends are increased exploitation of Web applications, though good 
old e-mail attachments are still being used as well, OBrien says. The 
FBI is finding it tougher to track botnets these days, as they 
increasingly are being connected over encrypted channels rather than via 
channels such as IRC. Theyre also being distributed via peer-to-peer 
technologies, making botnets more resilient, he says.

The FBI and other law enforcement bodies have been able to tap into some 
of the interaction among cybercriminals on IRC and other chat systems, 
though the bad guys are even getting smarter on that front by starting 
to use encryption.

Help us help you

OBrien wound up his presentation with a plea for IT executives to work 
with the FBI to nail cybercriminals, including those who operate outside 
the United States.

Compared to when I started doing computer crimes four or five years ago 
the bureau today is very well positioned to run an investigation that 
involves botnets and foreign nexus. We have agents in over 50 embassies 
now around the world from countries as diverse as the United Kingdom and 
Yemen[Our agents] work with foreign law enforcement.

IT executives can help the FBI crack cases by reporting incidents as 
soon as possible and by sharing network and other logs, as well as IP 
addresses involved, OBrien says.

All contents copyright 1995-2007 Network World, Inc. 

Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com