Cybercriminals Are Adopting Corporate Best Practices

← Back to Stories (view on slashdot.org)

Cybercriminals Are Adopting Corporate Best Practices

Posted by msmash on Tuesday April 12, 2016 @07:31AM from the professionalism-in-everything-we-do dept.

Orome1 writes: Cybercriminals are adopting corporate best practices and establishing professional businesses in order to increase the efficiency of their attacks against enterprises and consumers. This new class of professional cybercriminal spans the entire ecosystem of attackers, extending the reach of enterprise and consumer threats and fueling the growth of online crime. Low-level criminal attackers are even creating call center operations to increase the impact of their scams. "Advanced criminal attack groups now echo the skill sets of nation-state attackers. They have extensive resources and a highly-skilled technical staff that operate with such efficiency that they maintain normal business hours and even take the weekends and holidays off," said Kevin Haley, director, Symantec Security Response. "We are even seeing low-level criminal attackers create call center operations to increase the impact of their scams."

66 comments

Min score:

Reason:

Sort:

Relief! Finally! by 140Mandak262Jamuna · 2016-04-12 07:35 · Score: 4, Funny

I was very much worried about the cyber criminals. Despaired what/who could stop them.
Finally, relieved. Corporate best practices! If that does not kill their efficiency and agility, nothing will. Hope the also implement agile rally scrum thingies complete with kanban board and daily dissing of waterfall development. Seven layers of managers telling the lone code monkey what to do, quarterly story point estimates, progress reports, burn down charts, ... the works. So much time will be spent in measuring progress and in planning meeting, nothing will ever get done. Great!

--
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
1. Re:Relief! Finally! by Anonymous Coward · 2016-04-12 07:47 · Score: 1
  
  I was very much worried about the cyber criminals. Despaired what/who could stop them.
  Finally, relieved. Corporate best practices!!
  Yes! They will employ ITILv2 experts and Service Delivery managers to "improve" their business models,
  Who could think of more expert types? :-)
2. Re:Relief! Finally! by mlts · 2016-04-12 07:59 · Score: 4, Insightful
  
  I am not surprised. It can be asserted that malware is the best written software in existence today, because it had to be small, work flawlessly, and do its job well. Unlike most shops where "it builds, ship it" is the mantra, malicious software has to fly under the radar, or it will be detected and destroyed pretty quickly.
3. Re: Relief! Finally! by Anonymous Coward · 2016-04-12 08:01 · Score: 0
  
  Don't forget the business consultants! Maybe if we're lucky we'll pickup some work as their labor costs will increase due to unionized programming labor and government regulations and they'll offshore work to programmers in the USA!
4. Re:Relief! Finally! by Anonymous Coward · 2016-04-12 08:59 · Score: 0
  
  Yup, nothing will drop efficiency like an agile rally scrum.
5. Re:Relief! Finally! by PopeRatzo · 2016-04-12 09:17 · Score: 4, Funny
  
  I am not surprised
  Neither am I. After all, corporations have adopted criminal best practices for decades.
  
  --
  You are welcome on my lawn.
6. Re:Relief! Finally! by Lumpy · 2016-04-12 09:48 · Score: 1
  
  Exactly! soon they will stop being productive and have meetings about meetings trying to decide when the next meeting should be held..
  
  --
  Do not look at laser with remaining good eye.
7. Re:Relief! Finally! by Anonymous Coward · 2016-04-12 10:08 · Score: 0
  
  Right. This summary got me wondering: what's the difference between these "criminal enterprises" and brokers? Or our government, now that the criminals have the appearance of white collar workers? After all, there are several white collar workers who seem to do the jobs of criminals.
8. Re:Relief! Finally! by Greyfox · 2016-04-12 10:43 · Score: 3, Funny
  
  Funnily, none of those things on their own will actually kill your productivity. What will is jumping on the bandwagon of the month without giving everyone time to get used to whatever process you put in place. And the thing about organized crime is, if your manager is bad, you just kill them. So I suspect that a lot of organized criminal enterprises might actually end up being nicer workplace environments than many of the companies that I've worked for in the past. And although their retirement packages might suck, they couldn't be any worse than corporate America right now.
  
  --
  I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
9. Re:Relief! Finally! by Barlo_Mung_42 · 2016-04-12 18:20 · Score: 1
  
  Just came in to make sure something like this was the top comment. Right then, carry on.
Difference by Anonymous Coward · 2016-04-12 07:36 · Score: 2, Insightful

As the criminals become more like tech companies and the tech companies become more criminal, we soon can't tell the difference.
1. Re:Difference by TheReaperD · 2016-04-12 08:55 · Score: 1
  
  It'll be easy to tell the difference: Who pays their brib.. er.. campaign contributions to the politicians and who doesn't.
  
  --
  "Be particularly skeptical when presented with evidence confirming what you already believe." -
2. Re:Difference by Anonymous Coward · 2016-04-12 15:03 · Score: 0
  
  I had considered this blurring of lines as well and it reminded of what was said not too long of comedy and news. I think it was Jon Stewart who said that we now get our news from comedians and our comedy from the news.
Nature abhors a vacuum. by Anonymous Coward · 2016-04-12 07:36 · Score: 0

Don't know it feels about being anthropomorphized though.
The days of rationing are over.
Maybe the "defenders" should too by Anonymous Coward · 2016-04-12 07:38 · Score: 0

instead of insisting on selling scary stories and imperial textiles, obliterating useful words while at it.
Question by The-Ixian · 2016-04-12 07:39 · Score: 4, Funny

Do low-level criminal attackers create call center operations to increase the impact of their scams?
I don't think this summary answered that question adequately.

--
My eyes reflect the stars and a smile lights up my face.
1. Re:Question by wardrich86 · 2016-04-12 07:54 · Score: 4, Funny
  
  It'd still be better than calling Comcast
2. Re:Question by TheReaperD · 2016-04-12 08:56 · Score: 2
  
  Yea, they actually wan't to provide good service to their "customers," unlike Comcast.
  
  --
  "Be particularly skeptical when presented with evidence confirming what you already believe." -
3. Re:Question by Pseudonym · 2016-04-12 11:20 · Score: 1
  
  Female cybercriminals still only get 77% of the loot that male cybercriminals do. Equal takings for equal crimes, I say!
  
  --
  sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
4. Re:Question by Krishnoid · 2016-04-12 12:11 · Score: 1
  
  High-quality call-center based customer support? That should trivially distinguish them from the legitimate businesses.
5. Re:Question by Anonymous Coward · 2016-04-12 22:53 · Score: 0
  
  wan't
  
  wat
6. Re:Question by rs1n · 2016-04-13 03:20 · Score: 1
  
  It'd still be better than calling Comcast
  I'm pretty sure a significant number of people would put Comcast in the same category as criminals.
7. Re:Question by wardrich86 · 2016-04-13 04:16 · Score: 1
  
  wa't
8. Re:Question by TheReaperD · 2016-04-13 09:27 · Score: 1
  
  That's what I get for typing on no sleep. *sigh*
  
  --
  "Be particularly skeptical when presented with evidence confirming what you already believe." -
Great, now even cybercriminals file TPS reports by Irick · 2016-04-12 07:41 · Score: 4, Funny

Where am I going to fantasize about escaping the mediocrity of corporate existence now?
Hmmm.... by Anonymous Coward · 2016-04-12 07:42 · Score: 0

401k? Paid vacation? Medical Benefits?
As they say.. by Virtucon · 2016-04-12 07:43 · Score: 2

When the going gets weird, the weird turn pro.

--
Harrison's Postulate - "For every action there is an equal and opposite criticism"
1. Re: As they say.. by Anonymous Coward · 2016-04-12 08:02 · Score: 0
  
  - Hunter S. Thompson (properly quoted)
that's why it's called Organized Crime by turkeydance · 2016-04-12 07:43 · Score: 3, Funny

and the boss still sucks.
1. Re:that's why it's called Organized Crime by Tablizer · 2016-04-12 08:25 · Score: 1
  
  There must be some interesting forms at such orgs:
  Strike Category:
  1. (_) Intimidation Only:
  1.1 (_) Fake horse head in bed
  1.2 (_) Real horse head in bed (high budget only)
  1.3 (_) Install Windows 10 on home PC
  1.4 (_) Smash car:
  . . . . [_] Windshield [_] Body [_] Tire pop
  2. (_) Injury:
  2.1 (_) Strike to Knee: # of strikes: _____
  2.2 (_) Gut hit: # of hits: _____
  3. (_) Finish Off:
  3.1 (_) Cement galoshes
  3.2 (_) Swimmin' with d' fishies
  3.3 (_) Car "accident"
  3.4 (_) Other: ____________________
  
  --
  Table-ized A.I.
2. Re:that's why it's called Organized Crime by ole_timer · 2016-04-13 01:11 · Score: 1
  
  Yes, but he has a bat in his hand.
  
  --
  nothing to see here - move along
Who are they recruiting? I suspect... apk by Anonymous Coward · 2016-04-12 07:44 · Score: 0

See subject: What I said here, & getting more than willing candidates https://tech.slashdot.org/comm...
* I follow many various security blogs during the day & see the mechanics @ work in modern malwares - it's NOT just 'script kiddie' work, but fairly sophisticated stuff that rookies out of academia might not be able to manage, but real pros (& they 'open source' their engines or SELL them too, which leads to more variations of it still).
In that link above which deals in zero days 'exploding' lately? It's NOT just lately & more malware than ever has arrived last year alone (& I long ago suspected this is the cause, jobs disappearing + imprisonment for school loan debt being their impetus) - that link has more in it substantiating my claims.
Am I right? Who knows... but it makes sense.
APK
P.S.=> This is what happens when "the 'holy dollar' becomes your GOD" or when it gets taken from people who tried to better their lives via education only to find the rich want to get richer, offshoring good paying jobs to pay down debt (& it's not that 'business is evil' it's just a machine to make profits, but when they buy up lawmakers to get whatever they want done at the expense of the rest of the constituent population, they control payroll, 1st as it's easiest measure which in turns, keeps mgt. safe (they're just men trying to protect themselves & their families too, not evil - the machine itself is out of control & good gov't. no longer acts as a FAIR referee between business and ethics for people) - you go to jail if you don't pay it, so imo, some of these kids take a shot at less immediate jailing (or never being caught period) to pay that school loan debt down because the jobs are GONE with the dawn overseas... apk
1. Re:Who are they recruiting? I suspect... apk by Anonymous Coward · 2016-04-12 09:34 · Score: 1
  
  this can't really be APK, there's no mention of HOSTS files anywhere.
Baloney by Anonymous Coward · 2016-04-12 07:49 · Score: 0

Most phishing attacks are easy to spot from lapses in grammar, spelling and layout. Though *some* may be putting on polish, most are lazy.
1. Re: Baloney by Anonymous Coward · 2016-04-12 07:59 · Score: 0
  
  I work for a company with a hundred thousand employees, and I'm exposed to lapses in grammar, spelling and layout on a daily basis.
2. Re:Baloney by TheReaperD · 2016-04-12 08:59 · Score: 1
  
  From what I've read, not all those lapses are on accident. Phishers and money scammers make more money on the stupid and greedy who are willing to overlook glaring logic errors either because they don't understand them or they want a payoff so badly they ignore them. It cuts down the amount of effort wasted on the non-gullible.
  
  --
  "Be particularly skeptical when presented with evidence confirming what you already believe." -
Since when do noisy call centers full of by Nutria · 2016-04-12 07:56 · Score: 1

Indians speaking horrible English "increase the impact of their scams"?
Unless by "increase the impact" they mean, "make it an obvious scam"...

--
"I don't know, therefore Aliens" Wafflebox1
1. Re:Since when do noisy call centers full of by duke_cheetah2003 · 2016-04-12 08:06 · Score: 5, Insightful
  
  Indians speaking horrible English "increase the impact of their scams"?
  Unless by "increase the impact" they mean, "make it an obvious scam"...
  Oh I dunno, having Indians being their call center goons would legitimize them even more, since they'd be on par with actual legitimate businesses.
2. Re:Since when do noisy call centers full of by Nutria · 2016-04-12 08:37 · Score: 1
  
  The legitimate Indian call center employees that I have spoken to have pretty good command of English with a -- while noticeable -- mild accent.
  The Indian scammers who call me are definite rejects based on their strong accents and inability to do anything but poorly follow a script.
  
  --
  "I don't know, therefore Aliens" Wafflebox1
3. Re:Since when do noisy call centers full of by Nutria · 2016-04-12 09:35 · Score: 1
  
  "James Ellis from the Dish Network" (he just called me) does not have a strong Indian accent.
  
  --
  "I don't know, therefore Aliens" Wafflebox1
4. Re:Since when do noisy call centers full of by Anonymous Coward · 2016-04-12 10:21 · Score: 0
  
  The legitimate Indian call center employees that I have spoken to have pretty good command of English with a -- while noticeable -- mild accent.
  The Indian scammers who call me are definite rejects based on their strong accents and inability to do anything but poorly follow a script.
  That second scenario sounds like Dell tech support about 15 years ago.
  The only way I know the difference is that the scam phone calls have a lot of static, like scammers couldn't afford to use fiber optic cable for their overseas calls.
But what will low-level criminal attackers do? by blind+biker · 2016-04-12 08:01 · Score: 1

Will they create call center operations to increase the impact of their scams?
I mean, will they create call center operations to increase the impact of their scams?

--
"The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
1. Re: But what will low-level criminal attackers do? by Anonymous Coward · 2016-04-12 08:08 · Score: 0
  
  To be fair "legitimate" businesses also use those.
That's a glass-half-full interpretation by Anonymous Coward · 2016-04-12 08:02 · Score: 0

Put another way, contemporary corporate practices are indistinguishable from those of scam artists.
Nah by s.petry · 2016-04-12 08:02 · Score: 1

Corporate Practices translated to Crime: Their Lobbying group will ensure that they never ever get prosecuted for stealing your stuff. They are calling it PHUCKU, or Political Harassment Until Crime Kills U.

--
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
They've been doing it for years by Anonymous Coward · 2016-04-12 08:07 · Score: 0

They've been doing it for years, just look at Credit Suisse: http://www.bloomberg.com/news/articles/2016-03-16/credit-suisse-accused-of-money-laundering-in-wealth-manager-case
How do I apply? by Anonymous Coward · 2016-04-12 08:09 · Score: 0

I'd love to get weekends off.
1. Re: How do I apply? by Anonymous Coward · 2016-04-12 08:39 · Score: 0
  
  I work in software for the marijuana industry, and everyone leaves at 5. First tech job I've ever had like that.
2. Re: How do I apply? by TheReaperD · 2016-04-12 09:01 · Score: 1
  
  I work in software for the marijuana industry, and everyone leaves at 4:20. First tech job I've ever had like that.
  FTFY
  
  --
  "Be particularly skeptical when presented with evidence confirming what you already believe." -
Maybe the luddites are right by davidwr · 2016-04-12 08:13 · Score: 1

Maybe there is something to be said for keeping some of your "in house" data only on paper or at least on disconnected computers to make infiltration and ex-filtration harder.
Yes, there is some data that you must have accessible from the outside. For example, if you are a doctor's office your current clients will want to be able to cancel or change future appointments without having to talk to a live human being. But you don't necessarily need all of your former patents' complete medical and payment histories or even their names on an internet-connected computer.
You'll still need off-site backups of your non-Internet-accessible data though: fire destroys both disks and paper, and rogue employees and state-level actors can still compromise your paper and offline records if they care to do so. Heck, even a police raid that takes "all of your computers and papers" is much easier to recover from if you have off-site backups that weren't named in the warrant.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Fuck it by Anonymous Coward · 2016-04-12 08:29 · Score: 0

OK. I'm done.
From now on, any country that doesn't help with a ransomware investigation...
We give the criminals an offer for a fair trial if they come to us. If they don't...
We bomb the criminals.
No need to worry. by malditaenvidia · 2016-04-12 08:37 · Score: 1

It's okay, John McAfee will keep us safe.
I'm having definite Sneakers flashbacks... by Etcetera · 2016-04-12 08:43 · Score: 1

Cosmo: There I was in prison. And one day I helped a couple of nice older gentlemen make some free telephone calls. They turned out to be, let us say, good family men.
Martin Bishop: Organized crime?
Cosmo: Hah. Don't kid yourself. It's not that organized.

--
Hire a Linux system administrator, systems engineer,
1. Re:I'm having definite Sneakers flashbacks... by Anonymous Coward · 2016-04-12 15:08 · Score: 0
  
  A computer matched her with him? I don't think so.
  MARTY
Who pays for criminal services? by Anonymous Coward · 2016-04-12 08:54 · Score: 0

Maybe the business clients who pay for the criminal services are the ones pushing for criminals to use business methods?
Cybercriminals adopt ITIL by sbjornda · 2016-04-12 09:47 · Score: 1

Cybercriminals adopt ITIL. What could possibly go wrong?? Or do I mean, what could possibly go right?? I'm so confused.
--
.nosig
Cybercriminals adopting corporate best practices? by khz6955 · 2016-04-12 11:22 · Score: 1

Dear slashdot, whenever I see 'cyber' in a sentence I always wonder what technically clueless idiot got paid to type it up.
Seven layers of managers? by khz6955 · 2016-04-12 11:27 · Score: 1

"Seven layers of managers telling the lone code monkey what to do" ref

Haaa, that got me laughing, I only had the three managers myself :)
Not really a surprise. by idbeholda · 2016-04-12 11:29 · Score: 1

If you're doing something illegal, you'll take every measure to avoid being caught in the act.
Methodologies by suupaabaka · 2016-04-12 11:47 · Score: 2

It won't be long til we see PRINCE2 for Cybercrime, with strong focus on ITIL methodologies.
Only PM professionals with 5+ years experience in cybercrime need apply.
BS article by Anonymous Coward · 2016-04-12 13:13 · Score: 0

Be advised the linked article is not a piece of journalism but rather a thinly veiled advertisement for security services.
Comment removed by account_deleted · 2016-04-12 19:18 · Score: 2

Comment removed based on user account deletion
nothing changes by Anonymous Coward · 2016-04-12 19:22 · Score: 1

My favorite cartoon:
A teenager saying to dad: Dad, i'm gonna make a carrier in organized crime field.
Dad: Government or private sector?
Mafia by Anonymous Coward · 2016-04-12 21:20 · Score: 0

... establishing professional businesses ...

This is no different to drug lords running legitimate road freight businesses to connect drug dealers to their illegal import businesses.
redundant redundancy by Rudisaurus · 2016-04-13 05:33 · Score: 1

Does anyone actually edit Slashdot article summaries anymore? Both the 3rd and 7th sentences of the summary read, "low-level criminal attackers are even creating call center operations to increase the impact of their scams". I think we all got the point the first time it was made. Does anyone actually edit Slashdot article summaries anymore?

--
licet differant, aequabitur