TH E CYB ER U N DERGROU N D ECONOMY
the underground economy: priceless
Rob Thomas is a long-time network security professional and founder of Team Cymru. He has written many papers on information security and spoken at numerous conferences worldwide on the topic of Internet security. firstname.lastname@example.org Jerry Martin is an advocate of the complete information assurance process: riskassessment, policy development, solution deployment, and user education. He has worked in several information security positions, including at the U.S. Air Force. email@example.com
is just as seedy and illegal as its physical counterpart. The primary objective of those who operate there is money. The National Cyber Security Alliance published some data a while ago that concisely describes theproblem:
1. Fully 61% of U.S. computers are infected with spyware. 2. Americans say they lost more than US$336 million last year to online fraud. These ﬁgures are largely based on self-reporting, which is often suspect. Given the enormous quantity of data witnessed on numerous Internet Relay Chat (IRC) channels, both numbers may be underreported. Given these staggering numbers, one might well askwhat is being done to address this criminal activity. Lamentably, the answer is, “Not much.” The popular school of thought is that ﬁnding and prosecuting these perpetrators of ﬁnancial fraud and outright theft is too costly, too resource-intensive, and just too hard. This article will expose the infrastructure the miscreants have established; the open arrogance the buyers, sellers, traders, andcashiers exhibit; the activities and alliances in which the underground denizens are involved; the method by which they receive their ill-gotten goods; the blatant manner in which they advertise; and the personal data that is harvested every single hour of every day of the year. Numerous snippets of captured IRC chatter will illustrate the points raised, although the nicknames and the informationharvested are obfuscated. The miscreants can make a handsome living through these activities. Even those without great skills can barter their way into large quantities of money they would never earn in the physical world. It is important to note that these miscreants are located all over the globe, and thus they may be earning well above the average income for their areas.
EntireIRC networks—networks, not just single servers—are dedicated to the underground economy. There are 35 to 40 particularly active servers, all of which are easy to ﬁnd. Furthermore, IRC isn’t the only Internet vehicle they use. Other conduits include, but are not limited to, HTTP, Instant Messaging, and Peer-to-Peer (P2P).
; LO G I N : D E C E M B E R 2 0 0 6 T H E U N D E R G R O U N D E CO N O MY:P R I C E L E S S 7
Increasingly, many of the miscreants utilize encryption in these services, such as VPNs or SSL. The following table illustrates the number of cards compromised in three months for a single server! Month 2005/10 2005/11 2005/12 Amex 70 51 89 Visa 28942 31932 26492 MasterCard 11820 13218 10662 Discover 1064 1214 1079
The miscreants in the underground economy are typicallyself-policing. Each IRC network will normally have a channel, such as #help or #rippers, dedicated to the reporting of those who are known to conduct fraudulent deals. The operators of these networks will ban the nicknames of those who have a proven history of fraud. This is a form of self-regulation that ensures the sellers and buyers have a “pleasant” experience and attempts to elicit repeatvisits. The miscreants keep meticulous records of those who have defrauded them, and they are quick to share those records with everyone. As with all criminal societies, there is a fair amount of fraudulent dealings and “ripping” (bad business deals). The tale goes something like this: Miscreant advertises a need for roots, which are compromised UNIX systems on which someone has obtained root...
Leer documento completo
Regístrate para leer el documento completo.