Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cybercrime Organizational Structures Evolve

Posted by timothy on from the cyber-cyber-cyber-cyber dept.

An anonymous reader writes "The latest findings of a report explore the trend of loosely organized clusters of attackers trading stolen data online being replaced by hierarchical cybercrime organizations. These organizations deploy sophisticated pricing models, crimeware business models refined for optimal operation, crimeware drop zones, and campaigns for optimal distribution of the crimeware. These cybercrime organizations consist of strict hierarchies, in which each cybercriminal is rewarded according to his position and task."

3 of 70 comments (clear)

  1. Good news by oodaloop · · Score: 5, Insightful

    Hierarchial organizations are much easier to attack.

    --
    Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
  2. This is a Pratchett reference by Kupfernigk · · Score: 4, Insightful
    In the Discworld, the ruler of Ankh-Morpork deals with crime by making it into a Guild, which then ensures that crime stays at an acceptable level by permanently removing unlicensed criminals. It is not only a satire on the Mafia, it is a satire on corrupt police forces and insurance companies (the criminals do not have protection rackets per se, they offer insurance against their own activities).

    The study of crack dealers mentioned in Freakonomics showed a heirarchy similar to any US corporation, with the lowest level getting about the same hourly rate as in McDonalds. There really is no hard and fast line between organised business and crime, just degrees of criminality ranging from (say) welfare friendly food providers on the West Coats down to crack dealers. As Enron and Bear Sterns have shown us, size and visibility is no guarantee of legality.

    --
    From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
  3. another garbage press release by mambosauce · · Score: 4, Insightful

    Aside from people's general comments that this is both obvious and many other people have already presented this type of information before I think their assessment is inaccurate. First of all their numbers make it obvious that they are only monitoring semi-open forums and not completely closed ones. Additionally their data looks like it is US and Russia-centric, not focusing on the numerous markets that exist in Ukraine, Bulgaria, Romania, Poland, western Africa and South America. Plus overall they are mixing up organized crime and specialization. What they are describing is mature capitalization with job specialization moreso than organized crime. They are limiting themselves to groups where amateur data thieves require specialists to perform higher risk elements of cashing out, using the stolen data. The real elements of organized crime are the ones where traditional non-cyber groups hire computer experts to get data, and move money through traditional, well-established means. These groups are the ones going after high profile money and you'll never see anything online about them until a law enforcement case brings them down.