Review of Organised Cyber Crime

Uploaded on 2015-06-04 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

cybercrimes-june_2010.jpg

Technology has allowed users worldwide an ease of access from online banking to instantaneous communication via email or phone.

Criminals have also benefited from those same technological innovations, giving them a greater access to victims and targets, worldwide communication, and minimizing attribution. Cybercrime is an area that has flourished, as it requires little resources, no traveling, and a skill set that is readily available to learn. 

This has made cybercrime a serious threat to both national and international security. In 2014, McAfee estimated that the cost of global cybercrime is 0.8% of global GDP; that’s over $400 billion USD in losses to cybercrime. Furthermore, unlike in traditional criminal activity, organized cyber-criminal groups prefer to remain unknown, which makes tracking cybercrime activity incredibly difficult.

Both groups and individuals use many of the same tactics, but it is the transnational reach that many organized criminal groups had before the increased use of technology that makes this hybrid of ‘traditional’ crime – human and drug trafficking for example – and cybercrime specifically threatening. It is important to address the threat that both organize cyber criminals, and organized cyber-criminal groups pose to international security. The organized criminal groups that are very well known for their cyber activity include the Russians, African criminal groups including those in Nigeria and Ghana, and the Chinese. How they use cyber space for criminal activity will be important to note throughout the paper, as they use different tactics, have different drivers, and organizational structures.

Organised Cyber Criminals

While the main focus of this paper will be on organised criminal groups, it is important to note that cyber criminals are as organised, as well resourced, and as successful as many organisations. 

For example, Albert Gonzalez is responsible for one of the biggest credit card frauds in history taking place from 2005 – 2007. Over 18 months, Gonzalez stole 45.6 million credit and debit card numbers from TJX Companies Inc., owning T.J. Maxx, Marshalls, HomeGoods, and Winners. During this time he also was responsible in the Dave & Buster’s hacking job, resulting in accessing 5,000 payment cards from New York. During this time, Gonzalez was actually a government informant for the U.S. Secret Service, helping to put away a number of cyber criminals and hackers while launching scams and attacks of his own. In 2010, Gonzalez was convicted for the theft of over 90 million credit and debit card numbers. 

Max Butler is another example of an exceptionally organized cyber-criminal having been both a white hat hacker for the US Government, and later a black hat hacker after acquiring over two million credit card accounts, totaling $86.4 million dollars in fraudulent credit card charges. Both Gonzalez and Butler were driven by the “thrill” of cyber theft, and the personal gratification they received in proving they could hack into such complicated and well-protected systems. This is different from criminal organizations, which are driven by profit, rather than personal ambition or sheer boredom.

Russian Organised Cyber Crime

The Russians are some of the most successful and well-resourced organized cyber criminals groups. This talent is due to ex-KGB spies using their skills and expertise for monetary profit, and establishing the Russian Business Network (RBN) after the Iron Curtain lifted in the 1990s. The RBN has both incredible patience and resources, allowing its members to hack information from high-ranking personnel, usually in the form of credit card and identity theft. In 2008, RBN was responsible for the RBS WorldPay scam in which they not only hacked past WorldPay’s sophisticated encryption system, but also gathered information pertaining to a number of debit cards. In twelve hours, the RBN withdrew $9 million, using fake debit cards, from over 2,100 ATMs in over 280 cities worldwide. While credit card fraud is on the decline – due to an excess supply on the black market – Russian groups are continuing to profit, finding new ways to use their cyber skills.

Pavel Vrublevsky and Igor Gusev are well known for their role in spam and Internet pharmacies, pulling off some of the largest and notorious spamming attacks. Both Vrublevsky and Gusev profit from online pharmacies and spamming, with Vrublevsky owning Chronopay and RX Promotion, and Gusev owning SpamIt and GlavMed. In 2003, Vrublevsky and Gusev co-founded ChronoPay, which is now run by Vrublevsky, as the two had a falling out that created intense competition and rivalry within the Russian cybercrime market. Chronopay is best known for MacDefender, a ‘scareware’ scam that uses false security alerts to make users purchase useless and fake antivirus software. MacDefender targeted, and continues to target, millions of Mac users. 

Alongside this, Chronopay and SpamIt are used to prop up illegal online pharmacies; RX Promotion (Chronopay) and GlavMed (SpamIt) where knock off prescription drugs are sold to customers. Between May 2007 and June 2010 GlavMed processed over 1.5 million orders from over 800,000 consumers.[32] On top of this both companies have repeat orders and customers accounting for between 9% – 23% (RX Promotion) and 27% – 38% (GlavMed) of overall revenue. These orders include, but are not limited to, painkillers like Oxycodone and mental health pills including Adderall, and erectile dysfunction pills, most popularly Viagra.

To run these large spam campaigns, Chronopay and SpamIt hire botmasters, responsible for creating and running botnets – spam engines used for infecting PCs, Macs, and other digital devices. 
In 2012, Grum, became known as the largest spam botnet during a 2010 leak of the SpamIt database, exposing Ger@ of running the Grum botnet. When in commission, Grum could send more than 18 billion emails per day, and accounted for over a third of all junk email. 

Another spammer alleged to work with SpamIt was Oleg Y. Nikolaenko, dubbed “The King of Spam,” known for the Mega-D botnet, which was capable of sending over 10 billion spam messages per day, and said by the United States Justice Department to have infected more than half a million PCs, earning Nikolaenko hundreds of thousands of dollars. 
Recent closing of SpamIt caused a drop in spamming numbers worldwide, but it is expected that spamming will continue in some capacity because “sending spam to everyone on the planet gets you new customers on an ongoing basis.”

Cyber Defense Review

« Keeping Passwords Safe From Cracking
Hackers Build New Tor Client Designed to Beat the NSA »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cypress Semiconductor

Cypress Semiconductor

Cypress is a semiconductor design and manufacturing company providing embedded devices for secure IoT applications.

InteliSecure

InteliSecure

InteliSecure offer Professional Services, Security Assessments and Managed Services for data and threat protection.

KPN Security

KPN Security

KPN Security is the largest and most complete provider of IT security services in the Netherlands.

Sistem Integra (SISB)

Sistem Integra (SISB)

SISB provide IT Security Infrastructure & Development, Mechanical & Electrical Services, Fire Safety & Detection Services, Facilities Management & Application Development.

Spanish Network of Excellence on Cybersecurity Research (RENIC)

Spanish Network of Excellence on Cybersecurity Research (RENIC)

RENIC is a membership based sectoral association that includes research centers and other agents of the research cybersecurity ecosystem in Spain.

Uniwan

Uniwan

Uniwan is an IT services company specializing in networking and security.

SMESEC

SMESEC

SMESEC is a lightweight Cybersecurity framework for protecting small and medium-sized enterprises (SME) against Cyber threats.

Statice

Statice

Statice develops state-of-the-art data privacy technology that helps companies double-down on data-driven innovation while safeguarding the privacy of individuals.

Fly Ventures

Fly Ventures

Fly Ventures is a seed-stage venture capital fund for outstanding teams building Enterprise and Deep Tech startups in Europe.

Atakama

Atakama

With Atakama, data remains encrypted until the very moment it is used, and the ability to decrypt is based on zero trust architecture.

Have I Been Pwned (HIBP)

Have I Been Pwned (HIBP)

Have I Been Pwned is a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach.

Citadel Cyber Security

Citadel Cyber Security

Citadel is a leading 'One Stop Shop' provider of consulting services in cyber and information security. Our experts operate in hundreds of business organizations in Israel and around the world.

NCC-CSIRT (Nigerian Communications Commission)

NCC-CSIRT (Nigerian Communications Commission)

NCC has established a CSIRT for the telecommunication industry to provide services and support for the prevention and management of potential cyber security related emergencies.

Central Intelligence Agency (CIA) - USA

Central Intelligence Agency (CIA) - USA

The CIA is an independent agency responsible for providing national security intelligence to senior US policymakers. This includes cyber security related activities.

Forward Networks

Forward Networks

Forward Networks - transforming networks to be more reliable, agile, and secure.

Scinary Cybersecurity

Scinary Cybersecurity

Scinary was founded in 2015 on the premise that cybersecurity should not be limited to just large corporations or large government entities.