Monday, April 26, 2010

Charting Cybercrime

Brian Krebs pointed me to this Google mashup created by Aaron Jacobson of Authentify. It uses media reports to chart online banking heists. As you can see the damage has been widespread and costly. Krebs provides his thoughts on the mashup here.

View Cybertheft Victims in a larger map

6 comments:

Jamee said...

After looking at the map and viewing where most of the online banking heists occur, it makes me want to move to the West Coast. I think it's interesting that Krebs that there's a relationship between the locations and the mules. I found it more interesting that it is seemed like it was smaller banks and more community banks that were hit the most. I think that it has more to do with the lack of resources to combat the cybercriminals that larger banks and companies may have access to. It also might have something to do with the fact that it is easier to get a hold of information about online banking heists against smaller banks because larger banks may have more people to perform damage control and not allow the news to get out about the heists and the amount of money lost. It is interesting that cybercrime is becoming more and more prevalent, today the FBI assigned a new director for the cybercrime division:
http://www.infosecurity-us.com/view/9025/fbi-names-new-cybercrime-director/

This sets a precedent because it reveals that cybercrime is more present than we think. Just because we don't receive reports about it everyday doesn't mean that it is not occurring every second and not effecting your daily life.

Marisa said...

I was struck by the fact that locales can be explained by time zone - with Krebs mentioning that "the thinking is that the criminals — most of whom reside in the Eastern European Time Zone (EET), don’t want to spend all night managing these mules. As such, they crooks tend not to solicit mules from those living in the Western United States." With this truly global era afforded by advances in technology and new tools constantly available to cybercriminals, it strikes me as ironic that some things remain constant - one needs to manage, and even criminals like to have a bedtime. It also reinforced the story from class about how, if I remember correctly, a criminal's whereabouts were inferred, even though he used a proxy server, because most of his activity was from 12-8 his local time.
Furthermore, I echo Jamee's statement on the types of banks hit and amounts stolen - there were only 2 over $1 million victimes and most were under $250,000. Initially I reflected back on 'red lines' and the tales of companies who would acquiesce to losing a certain amount of money - until I looked at the targets. Not only were they small, as Jamee mentioned - but also in large part they were schools, towns and manufacturing companies, so not only could they have lacked the capacity to defend themselves, they may not have ever expected to be targets in the first place

Marisa W. said...

It is interesting to see the possibility that time zones are an important factor in cybercrime. This certainly is something that would be useful to take into account when tracking the general location of cybercriminals. However, there may be a chance that this distribution is based on something more than just the time zone in which criminals reside.

The US population is more concentrated in the areas where there are more victims on the map. Is it possible that there are more occurrences in these places because there are more people there? Also, the data was collected from the Washington Post and Krebsonsecurity.com. The blogger at Krebsonsecurity is from the DC area, where the Post is also located, so it makes sense that these sources would focus on or get more reports regarding instances occurring in their region of the country.

Finally, would criminals really be hindered by time zones? I think some might be, but if they are already putting in such substantial effort and risking so much with these endeavors, it seems that the time of day would not prevent criminals from accessing other potentially profitable money mules.

izzy said...

Call me stating the obvious, but this is just sad. These aren't huge corporations that were stealthily infiltrated, these are small companies that have had huge amounts of money stolen from them. I mean who would want to steal $700,000 dollars from the Western Beaver County School District? Or $160,000 from the Delray County Public Library. These aren't multibillion dollar companies, they are entities with limited funds already who probably don't even have the technological abilities to combat these attacks. Essentially, these are sitting ducks. I'm impressed there aren't more of them.

Aaron said...

One reason there are so many non-profits and public agencies on the maps is a reporting bias: for-profit businesses aren't likely to report this kind of a breach, for fear it will hurt their business.

As far as cybercrime being more present than we think, yes--and in fact it's even more prevalent than it looks on the map. The FBI estimates over $500 million in losses from commercial wire fraud in 2009 alone. That means fewer than 5% of victims have gone public. Imagine the same map, but with 20 times as many blue dots...

Aaron said...

One reason there are so many non-profits and public agencies on the maps is a reporting bias: for-profit businesses aren't likely to report this kind of a breach, for fear it will hurt their business.

As far as cybercrime being more present than we think, yes--and in fact it's even more prevalent than it looks on the map. The FBI estimates over $500 million in losses from commercial wire fraud in 2009 alone. That means fewer than 5% of victims have gone public. Imagine the same map, but with 20 times as many blue dots...