Slashdot Mirror

← Back to Stories (view on slashdot.org)

Curbing the For-Profit Cybercrime Food Chain

Posted by samzenpus on from the going-directly-to-the-source dept.

msm1267 writes: A new report coauthored by Google researchers and a host of academics explains that firewalls, two-factor authentication and other traditional defensive capabilities put security teams in a constant dogfight against cybercrime. Instead, the focus, they says, should be on attacking the criminal infrastructure. The report outs a number of soft spots and inter-dependencies in the criminal underground that could be leveraged to cut into the efficacy of cybercrime. "Commoditization directly influences the kinds of business structures and labor agreements that drive recent cybercrime," the researchers write. While shutting down the black market is easier said than done, the paper notes a few ways to deter the behavior of attackers, if not fully break the chain.

19 comments

  1. Foreign Crimes by JimSadler · · Score: 1

    Just how are we to deal with criminals who steal from us who live in nations that will not arrest culprits? Russia leaps to mind.

    1. Re:Foreign Crimes by Anonymous Coward · · Score: 0

      Just how are we to deal with criminals who steal from us who live in nations that will not arrest culprits? Russia leaps to mind.

      That's racist.

    2. Re:Foreign Crimes by Anonymous Coward · · Score: 0

      Well we used to have some methods to do this but we no longer enjoy some of the sources and tools thanks to information leaks by the likes of snowden. And in case anyone is wondering I am not trolling. His actions have directly affected the ability of the US to defend itself against dangers of nation-state actors on the internet.

    3. Re:Foreign Crimes by Anonymous Coward · · Score: 0

      You may think that if you don't understand the problem. You'd be an idiot to both think that the tools are no longer in use, and that having them protects you against other groups and their tools.
      Maybe you were dropped on your head, I don't know.

    4. Re: Foreign Crimes by Anonymous Coward · · Score: 0

      And you are a mangina. It is not racist to hate Russians, or French or Sudanese. These are nations and cultures, the protected groups right now are biological distinct races, females and sexual deviants. Get your PC right (oh and go check your privilege)

      Now as to the issue at hand, what happens when you disrupt a billion dollar industry? Thats right. They come and kill you and your family. Nobody is going to take the fight to anyone, a bullet in the face will shut anyone up who gets in the way.

    5. Re: Foreign Crimes by Anonymous Coward · · Score: 0

      The traffic has to take a route to its target. If responsible countries just started blackholing packets to or from countries that aren't responsible, the problem would correct itself. That's how the Internet is supposed to work - you route around the problem. Sure, they could find just one ISP to allow their packets out through Mongolia, but then you blackhole Mongolia. It's all very easy. It's just that nobody has the stones to do it.

    6. Re:Foreign Crimes by Wycliffe · · Score: 2

      Just how are we to deal with criminals who steal from us who live in nations that will not arrest culprits? Russia leaps to mind.

      You don't need to arrest them, just stop the money from reaching them. A lot of current cybercrime are being transacted via credit cards, western union, etc..
      You could eliminate most spam, most phishing, and even some of the illegal drug trade if you could make it more difficult to send money to the criminals.
      Bitcoin will make it hard to eliminate all the illegal drug trade but my guess is most of the Viagra sold via spam is being purchased with credit cards and
      if you can prevent the credit card transaction from going thru then you would eliminate many of those transactions.

  2. Cyber-gangsters are for Cows by Anonymous Coward · · Score: 0

    You are all Cows. Cows say Mooooo. MOOOOOO! MOOOOOOOO! Mooooooo cows Mooooooooo. MOoooooooo say the cows. YOU GANGSTER COWS!!!

  3. Cybersecurity Cyberdefensive Cybercapabilities .. by nickweller · · Score: 1

    "A new report coauthored by Google researchers and a host of academics explains that firewalls, two-factor authentication and other traditional defensive capabilities put security teams in a constant dogfight against cybercrime."

    None of these ineffective measures would be necessary if researchers could design a client side 'computer', that can distinguish between code and data and won't execute code downloaded over the Internet.

  4. Re:Cybersecurity Cyberdefensive Cybercapabilities by Anonymous Coward · · Score: 0

    "A new report coauthored by Google researchers and a host of academics explains that firewalls, two-factor authentication and other traditional defensive capabilities put security teams in a constant dogfight against cybercrime."

    None of these ineffective measures would be necessary if researchers could design a client side 'computer', that can distinguish between code and data and won't execute code downloaded over the Internet.

    Just design computers to recognize the evil bit. Problem solved.

  5. Just behind the curve of ad-based malware... by xxxJonBoyxxx · · Score: 2

    The actual article seems to be:
    http://static.googleuserconten...

    Oddly enough, they don't mention how wonderfully effective AdBlock software has been to help people avoid the recent rise of ad-based malware.

  6. Only three banks. Interesting by raymorris · · Score: 4, Informative

    The paper references an interesting conclusion from another paper:
    -----
            Levchenko et al. found that only three banks were responsible for accepting payments for 95% of the spam URLs .
            Brand holders impacted by fraud and trademark
    abuse can alert the credit card networks involved, resulting in
    merchant banks severing relationships with known criminals.
    McCoy et al. found that persistent brand holder intervention
    from 2011â"2012 disrupted payment processing for criminals
    for months at a time

    ----

    Those three banks certainly would be good targets, to --persuade- them to stop providing payment processing to spammers. The only US bank on the list is Wells Fargo.

    1. Re:Only three banks. Interesting by Zontar+The+Mindless · · Score: 2

      This would be the same Wells Fargo that, when I tried to change the US address for my account to an overseas one, responded by closing it--in effect stealing about a thousand dollars from me?

      --
      Il n'y a pas de Planet B.
    2. Re:Only three banks. Interesting by Anonymous Coward · · Score: 0

      Probably. Years back Wells Fargo bought out the bank I was then maintaining accounts at. I closed those and opened at a different bank. At the time it was mainly to do with the difference in policies, fees, etc., but it hindsight it's been a pretty smart move all around.

  7. Re:Cybersecurity Cyberdefensive Cybercapabilities by NotInHere · · Score: 2

    Data are programs and programs are data. There is no real distinction between those two. Also, currently I think that the human component is the weakest part of the system. Of course, the "big bugs" get the news coverage, and some are really serious like heartbleed, mostly because it persists in millions of non-updated devices, but most times, modern cybercriminals just use other means, where the user an some authorization step of some form in order to install the payload, be it the "it department" calling, the classical "password update procedure please visit this website" e-mail, or infected warez the user got via bittorrent.

  8. Follow the money by JustAnotherOldGuy · · Score: 4, Insightful

    Follow the money.

    Seriously, how hard is that? These criminals use credit cards and bank accounts...and the card companies KNOW that they're processing fraudulent transactions but they make money from each transaction so in the end they turn a blind eye.

    Same goes for the banks- most of them KNOW they have criminals passing money through their institutions. But hey, who's gonna turn down a "customer" with 10 million dollars to deposit? No one, that's who.

    Yes, I know it's not that simple, but my point stands: choke off their ability to use the financial system and this stuff will get much much harder for them. I mean, fuck, when ransomware demands a credit card for payment, there's your first lead. Yes, some of them want a Western Union transfer, but even so...follow the money. FOLLOW THE FUCKING MONEY.

    --
    Just cruising through this digital world at 33 1/3 rpm...
    1. Re:Follow the money by swb · · Score: 2

      I've thought for years that this would be a good strategy and wondered why it never happened.

      I would go a step further and warn banks, hosting companies, and other otherwise legitimate businesses who provide the "air supply" that they are facilitating criminal enterprises and that they should stop. Those that get found repeatedly doing business with them should face RICO prosecutions.

      At the end of the day,though, I sometimes wonder if there's this attitude that any business that involves mostly upper class people and doesn't involve drugs or violence is somehow OK, no matter how much fraud it perpetuates.

      I mean, how can you explain telemarketing scams? They've been around forever, since the days of telephone technology so basic you could almost trace the calls with a multimeter.

    2. Re: Follow the money by Anonymous Coward · · Score: 0

      Indeed. If RIAA and MPAA can jail the people behind The Pirate Bay then the gouvernment surely could jail (or at least put pressure on) the banks and credit card companies.

    3. Re: Follow the money by MrKrillls · · Score: 2

      I generally try to stay positive when posting in Slashdot, but in this case, I just feel negative. I don't think the government gives a hoot about cybercrime, other than when government worker accounts are compromised. There's a giant empty spot where there should be hundreds or thousands of cyber detectives.

      --
      Don't step on the baby.