Organized CybercrimeOrganized CybercrimePRESENTATION

ONCYBER CRIME

HISTORY

“With just a few keystrokes, cybercriminals around the world can disrupt our economy.” - Ralph Basham, Director of the U.S. Secret Service at RSA 2005.

“With just a few keystrokes, I can turn those pundits off and watch porn instead.” – jrandom, NMRC, 2005

OutlineOutlineThe Players

The Weapons

Precision Tactics

Examples

The PlayersThe PlayersFormer Soviet Military

Russian Mafia

Professional Hackers

Spammers

Traditional Mafia

Basic Cybercrime

Organizations

Former Soviet MilitaryMilitary industrial complex in Soviet

Russia was even more corrupt than their USA counterparts

With the collapse of communism, many upper military personnel in Russia had few skills that paid well

Good at money launderingGood at moving goods across bordersConnections with international crime

Russian Mafia

Dolgopruadnanskaya is the second-largest gang operating out of Russia. They are considered ruthless and also are believed to be behind numerous current cybercrime activities.

Russian MafiaCybercrime elements are considered “divisions”

The actual hackers themselves are kept compartmentalized

Due to protection from a corrupt Russian government, most “big cases” do not net the big players, e.g. Operation Firewall

When new hacking talent is needed, they will force hackers to work for them (or kill them and/or their families)

Professional Hackers

Paid per the job, usually flat rates

State-side hackers can earn up to $200K a year

The work is usually writing tools for others to use, developing/finding new exploits, and coding up malware

Spammers

They earn millions per year selling their direct mail services

They are the main employer of professional hackers

Traditional Mafia

They are currently leaving most of the “work” to others

Online ventures are sticking close to such things as pr0n, online gambling, etc

They are taking advantage of technology, using computers heavily, and using reliable encryption

Basic Cybercrime Organizations

Fluid and change members frequently

Although the most troublesome, they are considered the bottom feeders

Think criminal script kiddiesThis is usually who the Feds get, not the big

guys

The WeaponsThe WeaponsBotnets

Average size is 5000 computers, some have been as large as 500,000 computer.

Phishing

You guys *do* know what phishing is, right?

The usual Internet attack tools

Metasploit, etc