Slashdot Mirror
Cybercrime Organizational Structures Evolve
An anonymous reader writes "The latest findings of a report explore the trend of loosely organized clusters of attackers trading stolen data online being replaced by hierarchical cybercrime organizations. These organizations deploy sophisticated pricing models, crimeware business models refined for optimal operation, crimeware drop zones, and campaigns for optimal distribution of the crimeware. These cybercrime organizations consist of strict hierarchies, in which each cybercriminal is rewarded according to his position and task."
They must be intelligently designed! ;-)
The Sopr0nos.
Hierarchial organizations are much easier to attack.
Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
Are they going to start sending notifications of their organizational change through spam, just like my current corporate VPs like to do through e-mail?
"The organization changes announced by Boris Brezgnoff represent a positive signal to all of our stakeholder groups - investors, clients and especially zombie PC owners - that we are repositioning our african operations to pursue accelerated growth. These changes will facilitate the cross-pollination of expertise we have developed across Nigeria. These changes will also enable further refinement of our global delivery strategy as we increase intra- and inter-business unit communication and pursue cross-business unit opportunities.
To deliver on this strategy and in recognition of their contribution to our past growth, the following leadership changes will be effective as of July 15, 2008:
Ivan Lebovich will assume the position of DDOS Extortion Vice President, Southern Hemisphere. Ivan's deep understanding of all of our services - particularly our Tier 2 and Tier 3 business - and his ability to develop strong relationships with key accounts will help expand our penetration of clients based in the southern hemisphere. His passion for the global delivery of our IT services and his excellent ongoing relationship with our primary nearshore USDS (Untraceable Spam Delivery System) accounts - South Africa and Malaysia - ensures the effective management of this critical delivery centre. I personally want to thank Ivan for his many years of dedicated service to the FIRM (Free Internet Russian Mafia) and look forward to working with him as he takes on this promotion to business unit leader."
-- Home is where you eat your heart out.
Ok buddy, this is how it's going to work. You're going to pay us 10% of the profits you get off your google ads. What we're going to do for you is make sure that no one else is out there pushing in on your corner of the market. We'll even set up a bunch of other sites that refer people to your site to increase your business.
If you don't pay up, we'll vandalize your page, buy your domain out from under you and unplug your server.
Now I know why I don't generally bother reading these articles. This one has to be one of most cursory and pointless articles I have read in a long long time.
casino ddos extortion pack mini: $5,000
extra annoyment (100% cpu) for zombie computer owners: +$20
tarpit iptables rule workaround: +$30
24/7 phone support: +$300
lunch with PharmaMaster: $5m
It never ceases to amaze me that even the lowest of the low scumbag criminals can form crime rings and organize into a hierarchical management structure.
And it's always been that way.
The booze runners of the 20's and 30's to the crack dealers of the 80's, and everything before and after.
They have pretty much corporate org charts.
I guess it's human nature to follow the rules/leader. Some just choose different sides of the law.
Shameless plug alert: Game server control panel
The study of crack dealers mentioned in Freakonomics showed a heirarchy similar to any US corporation, with the lowest level getting about the same hourly rate as in McDonalds. There really is no hard and fast line between organised business and crime, just degrees of criminality ranging from (say) welfare friendly food providers on the West Coats down to crack dealers. As Enron and Bear Sterns have shown us, size and visibility is no guarantee of legality.
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
Does anyone remember Introversion's little hacker game, Uplink?
You worked as a (mostly malicious) contract hacker for a corp called Uplink, creating and editing identities for clients, stealing and deleting data, and transferring large sums of money in exchange for a bounty proportional to the difficulty/danger of being caught.
Looks very similar to this situation.
Just checked - you can still buy Uplink on Steam for $10.
Aside from people's general comments that this is both obvious and many other people have already presented this type of information before I think their assessment is inaccurate. First of all their numbers make it obvious that they are only monitoring semi-open forums and not completely closed ones. Additionally their data looks like it is US and Russia-centric, not focusing on the numerous markets that exist in Ukraine, Bulgaria, Romania, Poland, western Africa and South America. Plus overall they are mixing up organized crime and specialization. What they are describing is mature capitalization with job specialization moreso than organized crime. They are limiting themselves to groups where amateur data thieves require specialists to perform higher risk elements of cashing out, using the stolen data. The real elements of organized crime are the ones where traditional non-cyber groups hire computer experts to get data, and move money through traditional, well-established means. These groups are the ones going after high profile money and you'll never see anything online about them until a law enforcement case brings them down.
Google is an integral part of today's online scams. Google provides material support to scammers, and helps collect the money.
Google's proliferation of low-security services makes it easier for scammers to operate, and to hide. If they had to buy those services from a hosting company, there'd be a money trail to follow back to the source. Using Google's free, unauthenticated services makes it easier for the operator to conceal their identity.
It's full-service evil.