Review of Organised Cyber Crime

Uploaded on 2015-06-04 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

cybercrimes-june_2010.jpg

Technology has allowed users worldwide an ease of access from online banking to instantaneous communication via email or phone.

Criminals have also benefited from those same technological innovations, giving them a greater access to victims and targets, worldwide communication, and minimizing attribution. Cybercrime is an area that has flourished, as it requires little resources, no traveling, and a skill set that is readily available to learn. 

This has made cybercrime a serious threat to both national and international security. In 2014, McAfee estimated that the cost of global cybercrime is 0.8% of global GDP; that’s over $400 billion USD in losses to cybercrime. Furthermore, unlike in traditional criminal activity, organized cyber-criminal groups prefer to remain unknown, which makes tracking cybercrime activity incredibly difficult.

Both groups and individuals use many of the same tactics, but it is the transnational reach that many organized criminal groups had before the increased use of technology that makes this hybrid of ‘traditional’ crime – human and drug trafficking for example – and cybercrime specifically threatening. It is important to address the threat that both organize cyber criminals, and organized cyber-criminal groups pose to international security. The organized criminal groups that are very well known for their cyber activity include the Russians, African criminal groups including those in Nigeria and Ghana, and the Chinese. How they use cyber space for criminal activity will be important to note throughout the paper, as they use different tactics, have different drivers, and organizational structures.

Organised Cyber Criminals

While the main focus of this paper will be on organised criminal groups, it is important to note that cyber criminals are as organised, as well resourced, and as successful as many organisations. 

For example, Albert Gonzalez is responsible for one of the biggest credit card frauds in history taking place from 2005 – 2007. Over 18 months, Gonzalez stole 45.6 million credit and debit card numbers from TJX Companies Inc., owning T.J. Maxx, Marshalls, HomeGoods, and Winners. During this time he also was responsible in the Dave & Buster’s hacking job, resulting in accessing 5,000 payment cards from New York. During this time, Gonzalez was actually a government informant for the U.S. Secret Service, helping to put away a number of cyber criminals and hackers while launching scams and attacks of his own. In 2010, Gonzalez was convicted for the theft of over 90 million credit and debit card numbers. 

Max Butler is another example of an exceptionally organized cyber-criminal having been both a white hat hacker for the US Government, and later a black hat hacker after acquiring over two million credit card accounts, totaling $86.4 million dollars in fraudulent credit card charges. Both Gonzalez and Butler were driven by the “thrill” of cyber theft, and the personal gratification they received in proving they could hack into such complicated and well-protected systems. This is different from criminal organizations, which are driven by profit, rather than personal ambition or sheer boredom.

Russian Organised Cyber Crime

The Russians are some of the most successful and well-resourced organized cyber criminals groups. This talent is due to ex-KGB spies using their skills and expertise for monetary profit, and establishing the Russian Business Network (RBN) after the Iron Curtain lifted in the 1990s. The RBN has both incredible patience and resources, allowing its members to hack information from high-ranking personnel, usually in the form of credit card and identity theft. In 2008, RBN was responsible for the RBS WorldPay scam in which they not only hacked past WorldPay’s sophisticated encryption system, but also gathered information pertaining to a number of debit cards. In twelve hours, the RBN withdrew $9 million, using fake debit cards, from over 2,100 ATMs in over 280 cities worldwide. While credit card fraud is on the decline – due to an excess supply on the black market – Russian groups are continuing to profit, finding new ways to use their cyber skills.

Pavel Vrublevsky and Igor Gusev are well known for their role in spam and Internet pharmacies, pulling off some of the largest and notorious spamming attacks. Both Vrublevsky and Gusev profit from online pharmacies and spamming, with Vrublevsky owning Chronopay and RX Promotion, and Gusev owning SpamIt and GlavMed. In 2003, Vrublevsky and Gusev co-founded ChronoPay, which is now run by Vrublevsky, as the two had a falling out that created intense competition and rivalry within the Russian cybercrime market. Chronopay is best known for MacDefender, a ‘scareware’ scam that uses false security alerts to make users purchase useless and fake antivirus software. MacDefender targeted, and continues to target, millions of Mac users. 

Alongside this, Chronopay and SpamIt are used to prop up illegal online pharmacies; RX Promotion (Chronopay) and GlavMed (SpamIt) where knock off prescription drugs are sold to customers. Between May 2007 and June 2010 GlavMed processed over 1.5 million orders from over 800,000 consumers.[32] On top of this both companies have repeat orders and customers accounting for between 9% – 23% (RX Promotion) and 27% – 38% (GlavMed) of overall revenue. These orders include, but are not limited to, painkillers like Oxycodone and mental health pills including Adderall, and erectile dysfunction pills, most popularly Viagra.

To run these large spam campaigns, Chronopay and SpamIt hire botmasters, responsible for creating and running botnets – spam engines used for infecting PCs, Macs, and other digital devices. 
In 2012, Grum, became known as the largest spam botnet during a 2010 leak of the SpamIt database, exposing Ger@ of running the Grum botnet. When in commission, Grum could send more than 18 billion emails per day, and accounted for over a third of all junk email. 

Another spammer alleged to work with SpamIt was Oleg Y. Nikolaenko, dubbed “The King of Spam,” known for the Mega-D botnet, which was capable of sending over 10 billion spam messages per day, and said by the United States Justice Department to have infected more than half a million PCs, earning Nikolaenko hundreds of thousands of dollars. 
Recent closing of SpamIt caused a drop in spamming numbers worldwide, but it is expected that spamming will continue in some capacity because “sending spam to everyone on the planet gets you new customers on an ongoing basis.”

Cyber Defense Review

« Keeping Passwords Safe From Cracking
Hackers Build New Tor Client Designed to Beat the NSA »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Cyber Conflict Studies Association (CCSA)

Cyber Conflict Studies Association (CCSA)

Cyber Conflict Studies Association (CCSA) is a non-profit organization dedicated to leading a diversified research agenda in the field of cyber conflict.

Libraesva

Libraesva

Libraesva specialize in Email Security. From Email Security, Phishing Awareness and Email Archiver. We can assist you with any email issues you may have.

National Cyber Security Centre (NKSC) - Lithuania

National Cyber Security Centre (NKSC) - Lithuania

NKSC is the main Lithuanian cyber security institution, responsible for unified management of cyber incidents, monitoring and control of the implementation of cyber security requirements.

Illumio

Illumio

Illumio delivers adaptive security for every computing environment, protecting the 80% of data center and cloud traffic missed by the perimeter.

IS Decisions

IS Decisions

IS Decisions builds affordable and easy-to-use Access Management software solutions, allowing IT teams to effectively secure access to Active Directory infrastructures, SaaS apps and data within.

Apicrypt

Apicrypt

Apicrypt enables secure communications between health professionals by using strong encryption technologies.

macmon secure

macmon secure

macmon secure develops network security software, focussing on Network Access Control.

Viscount Systems

Viscount Systems

Viscount Systems is a global security software solutions company that is changing the way access control is deployed and managed in the enterprise.

ResponSight

ResponSight

ResponSight is a data science company focusing specifically on the challenge of measuring risk and identifying changes in enterprise/corporate networks using behavioural analytics.

New Enterprise Associates (NEA)

New Enterprise Associates (NEA)

As one of the world’s largest and most active venture capital firms, NEA has developed deep domain expertise and insight into our industries of focus - technology and healthcare.

Socure

Socure

Socure’s identity verification increases auto approval rates, reduces false positives and captures more fraud. In real time.

Privafy

Privafy

Privafy helps mobile service providers, IoT manufactures , and enterprises redefine the way they protect Data-in-Motion.

SHIELD

SHIELD

SHIELD are the world’s leading cybersecurity company specializing in cyber fraud and identity solutions.

AVEVA

AVEVA

AVEVA has a long history in providing Supervisory Control and Data Acquisition software for meeting complex and evolving automation requirements.

Locuz

Locuz

At Locuz, we’ve made it our mission to help businesses like yours create an actionable digital strategy.

Nightwing

Nightwing

Nightwing is the intelligence services company that continually redefines the edge of the possible to keep advancing our national security interests.