Slashdot Mirror
The Year of 2008 In Cybercrime
BobB-nw writes "Underground botnet markets and high-profile spam cases headlined the year in tech crime. One of the most disturbing cybercrime trends in 2008, many security analysts say, has been the emergence of a full-blown underground economy where credit card information, identity theft information, and spam and phishing software are all available for relatively low prices. 2008 also saw major developments in the cases against three major spammers in the United States."
Worse. ANOTHER stupid, mindless Networkworld slide show.
Can someone please rustle up a good old Scientology bashing article, please?
Faster! Faster! Faster would be better!
It's 2008, not 1998; aren't we done with "cyber" yet?
Quidquid latine dictum sit, altum sonatur.
Hasn't there always been an underground crime racket in things like check fraud, ID fraud, ID forging, financial fraud, theft etc. It isn't that this is an emerging market, more than it is where the old market has moved into. In the same way as Wallmart moved from the real to the virtual so are the criminals.
Sure its slightly different in that you don't get mugged and it can be better automated and scaled, but fake or duplicate passports have been around for years as has the ID theft problem. Hell in a world where Illinois can elect 4 out of 8 corrupt governors its hardly surprising that there is a problem with fraud and extortion.
This isn't news about a market that is new, its news about how existing crime organisations are going into new markets, just like the Mafia et al shifting from alcohol and protection into drugs. There has always been a problem with organised crime and there has always been an underground market for illegal information and products (after all these are just different illegal shipments).
This reads a bit like the .com stories of 1999 which said that there was a new magic economy that would replace the old one, then it turned out that mainly it was the boring old economy that worked in the new world. I'd imagine that the same is pretty true for the cybercrime world, same bosses, different henchmen who have more brains than muscles.
An Eye for an Eye will make the whole world blind - Gandhi
20 years ago, we didn't have the term "brick and mortar" to differentiate between a vendor and an e-vendor. Is it REALLY that much of a shock that the Black Market, which has been around for hundreds of years, now has an online shopping cart?
I'm not a 1337 hacker, I'm not a computer expert, and I'm certainly not savvy to the cutting edge of crime but I'm sure this isn't remotely new. Is anyone else reading this and thinking that this was the case at least as far back as 2006?
And not a word about Gary Mckinnon and the US's ongoing struggle to try and extradite him
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
Yes, it does.
No operating system is perfectly secure. Even Linux, with its non-root mentality, has exploits for it. I've got 74 updates waiting for download right now, many of which are security updates. (Let's just say 1/4 for the sake of argument.)
Windows was wiiiide open for years, which is why there are so many exploits for it. We've all read the "Surviving the First Day of Windows XP" guide; we know how open that OS was. That's not to say it's the only shaky OS. It's just the most famous and the most available.
The folks who break into our computers spend and make fortunes on security. I've spent about $100 in the last 10 years securing my computer. The only things that keeps me from getting cracked are my obscurity and my neural network. In other words, I don't have anything valuable or desirable, and I'm not dumb enough to open random attachments.
Any online system is crackable, given enough time and resources. These cybercriminals have more of both than we do.
Thinking for even one second that you're fully secure because you're using Linux makes you part of the problem.
---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
What OS does the vast majority of this 'identity theft', spam and phishing run on ?
davecb5620@gmail.com
The solution is to stop relying on Credit Card numbers for online verification. Using something like a smartcard, for each transaction, use a card-reader to generate a unique one time session-code. The transaction from the card-reader to the server is encrypted by this one-time session code. No CVC2 number, no PIN or card number need be entered or sent over the connection. To verify card present, the card generates a one-time four digit passcode that is syncronized with the server and this is typed in by the user, only then is the transaction completed. At worst all a key logger would record, is a defunct four digit code and session key.
davecb5620@gmail.com
XP didn't always have that security center.
Before the firewall was put on by default in SP2, a fresh install of XP had - at best - 5 minutes between the time you connected it to the Internet and the time someone else had full control of your machine. It was unbelievable.
Phishing is nothing new. It's the same ancient techniques used by snake oil salesmen and corrupt businesses since we started using money as a trade medium.
You're right about hacked servers. It's a problem that won't go away until they make banks financially responsible for the security breaches.
---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.