Wednesday, October 27, 2010

Good news, of a kind, from a dark world

From Josephn Menn at BoingBoing ...

As a fan of BoingBoing dating from a decade ago, when it was delivered on horseback, I wanted to share something positive with fellow readers in my first guest post. Unfortunately, the thing I've been most passionate about in my reporting and writing since 1999--cybercrime and tech security--doesn't lend itself to much that's happy. What I'm offering today is a compromise. It was good news to me personally, and it will be good news to those of you who have my read my book, Fatal System Error. For the rest of you, it won't be pleasant, and I'm sorry about that.

On Friday, I got a Skype message from a longtime source of mine: "My friend got his daughter back." We spoke on Sunday, and I will tell you what I can from that talk. To begin with, though, my source uses the fake name Jart Armin of HostExploit.

Like the people who work at Spamhaus, Jart is one of those people dedicated to tracking the worst cyber gangs who works in anonymity in order to protect himself. I don't like quoting people I can't name, but I did so in the book with Jart because he has done important research and because he is entirely right to be afraid of the people he has been tracking.

To explain that in the book, I briefly told the story of a colleague of Jart's who was investigating mob activity in St. Petersburg, Russia. The colleague made the mistake of working with the local police. Before he finished his assignment, the man's teenage daughter was kidnapped from her Western country, and the investigator got a message that if he dropped the case, the rest of his children might be okay.

That was five years ago. I had to leave the story hanging in the book because there had been no closure. A couple of weeks ago, the man got a new message. His daughter was in Kazakhstan, and he could have her back as long as he agreed not to look into certain of the gang's activities. One factor in the change of heart was the additional attention that Fatal System Error brought to the mob. The family has been reunited, though the young woman is not the same as she was. She was fed drugs and used to service men. A grim story, but at least it has an ending now, and I wanted to update those who knew the first part.

There are many reasons why cybercrime is as bad as it is, and getting much worse. One of them is lack of awareness of how dangerous and well-connected the gangs are. The most serious identity thieves and fraudsters are not isolated teenage script kiddies. They are mobsters who kill people, and worse, though those stories are seldom told. Folks need to know just how bad they are, every bit as much as they need to know the stories of the heroes who are risking their lives to stop them.

For those interested I strongly recommend you read Menn's book Fatal System Error.


Jared Coppotelli said...

Due to the influx of cyber attacks, Robert S. Mueller, the director of the FBI in 2004, publically stated that he wanted cyber-crime to be one of the agency’s top three investigative priorities in the coming years. Based on recent data released by Symantec regarding the expeditious increase in the frequency of cyber attacks around the world, Mueller correctly predicted the increasing significance of cyber criminals. According to the October 2010 edition of MessageLabs intelligence report at Symantec, about 77 cyber attacks occur every day, as opposed to the average of one cyber attack every week five years ago. While there are many different types of security attacks, a senior analyst at Symantec firmly believes that e-mail attacks are one of the most damaging and malicious types of attacks. This is surely evidenced in the USAA blog post that Professor Moran posted, where users were prompted to complete a new type of confirmation form. The link to this false confirmation form was actually a phishing attempt that may have been able to steal customer information such as credit card security codes, card numbers, PIN numbers, online IDs, and passwords. To make note of an interesting trend in cyber attacks, Paul Wood, a Symantec analyst, has said that although the number of unique attack exploits being deployed has diminished slightly, the number of attacks used by each exploit has increased. To note another trend in cyber attacks, the retail industry accounts for over 25 percent of all cyber attacks, as opposed to the 0.5 percent that it represented only two years ago. A large part of the reason for the increase in retail cyber attacks is that cyber criminals are able to use social engineering techniques to distribute legitimate looking e-mails that actually contain malware. MessageLabs warns us that although there is an increase in cyber attacks in the retail industry, the attacks can be shifted to any industry, which speaks to the vulnerability of all industries to cyber attacks.

Kaley said...

This article helps address two important misconceptions about cybercrime - one, that it is the purview of misguided, lonely teenagers a la Wargames. Dangerous people, with 'hard' real life criminal power, are major players. Two, the real life physical influence of cybercrime isn't limited to just seedy areas of Russia or poor Eastern European/Central Asian countries, as many people in America might think. The investigator's daughter was kidnapped from a "Western country" (likely somewhere in Europe) and taken to Kazakhstan.