Sponsor for PC Pals Forum

Author Topic: Boom times for hi-tech fraudsters  (Read 693 times)

Offline Clive

  • Administrator
  • *****
  • Posts: 75153
  • Won Quiz of the Year 2015,2016,2017, 2020, 2021
Boom times for hi-tech fraudsters
« on: September 28, 2005, 13:32 »
By Mark Ward
Technology Correspondent, BBC News website  

In the real world it's a fair bet that burglars live in the same town or city where they commit their crimes.

Not so on the net where hi-tech criminals can be a continent away from their victims and often route control commands through a chain of computers to hide their tracks.

One area turning out to be a hotbed of hi-tech crime is Eastern Europe. Enormously successful tech savvy gangs have been traced to Russia, Romania, Ukraine, Estonia, Latvia and Lithuania.

Crime spree

Andrew Shearer, who studied computer crime in Eastern Europe for his MA in History at the University of Keele, believes part of the reason for this growth of cyber crime groups is cultural.

Russia's shadow economy has a very long history, said Mr Shearer.

"It's a way of life," he said, "a way of getting round official restrictions. Evading taxes is a national pastime."

"Many people did not want to get involved with the state and so worked in the shadow economy and derived their living from that," he said.

The legacy of this is that the network to commit crimes and deal with the proceeds is well established.

"It's a very loose and fluid way of organising crime," he said adding that it has a very different character to Mafia groups elsewhere that keep criminality within an extended family.

Add to this a history of the KGB actively recruiting hackers and lots of unemployed scientists and you have a great recipe for a skilled, criminally-minded digital underground.

"A lot of those in the scientific and technical community were well trained but had no jobs and it's understandable that they would work for criminal means," said Mr Shearer.

Mikko Hyppönen, chief research officer at Finnish computer security firm F-Secure, agrees that Eastern Europe has a ready pool of technically smart talent to call on.

"If there are a lot of people with a lot of computer skills but they do not have many chances to use those skills to make a living then they will start to find alternative uses for those skills," he told the BBC News website.

What these people have realised now is that hi-tech crime can be very lucrative.

"Hackers and virus writers used to do it just to show they could," said Mr Hypponen. "Sooner or later though they started to figure they could make real money out of it."

Many are making significant sums of money from their dark digital trade.

Lance James, chief technical officer for Secure Science, who spends his time tracking down hi-tech crime groups estimates that each phishing gang is making between $100,000 to $300,000 per month.

His investigative work leads him to believe that there are between 50 and 60 Eastern European groups involved in phishing. Approximately 75% of all the phishing e-mails sent out originate from only 42 of these crime groups.

This type of computer crime involves sending out e-mails that look like they come from legitimate financial institutions and try to con people into handing over login details for online accounts.

Many of the Eastern European crime groups were very well organised, said Mr James.

"They are professional, they have built an entire business around it," he said. "Most of the phishers are not tech savvy but they know hackers and virus creators."

They tended to hire the technicians for each project and use them to set up systems online to support phishing attacks.

Phishing lure

First the groups spend a lot of time testing phishing e-mails to ensure they get through anti-spam and anti-virus filters.

They then set up "base camps" that co-ordinate the phishing attack. These hold lists of those e-mailed and the so-called 'bot nets of compromised PCs used to send out the fraudulent messages.

Also created are "dead drops" which store all the data gathered by each attack.

Some groups have a hit list of more than a million addresses, others use tighter targeting and stagger attacks over weeks and months, said Mr James.

A distinction is now forming between groups happy to try to trick people into handing over login details and those that use worms and trojans to steal the information.

The conmen send fewer more targeted messages than the worm writers who send huge amounts to ensure they hit enough victims.

Groups in different nations also work in different ways. Russian phishing gangs tend to be tight communities that prefer communicating with closed circle chat programs such as ICQ.

By contrast Romanian gangs are much more open and instead use well-known IRC chat channels to keep in touch.

Many have proved so successful at what they do that now they have stepped back from phishing for themselves and instead are selling kits that tell people how to do it themselves.

The manuals and faqs provided tell people how to set up phishing networks and how to launder the cash that they get back.

Cleaning the huge amounts of money that some groups have stolen has forced a change in the types of online accounts that some phishing gangs are keen to compromise.

Many Russian phishing gangs are now trying to get hold of accounts that are happy to have large amounts of money moving through them so they can clean the cash.

 http://news.bbc.co.uk/1/hi/technology/4286276.stm


Show unread posts since last visit.
Sponsor for PC Pals Forum