Sizing Up Online Criminal OrganizationsBy Ericka Chickowski | Posted 2008-08-22 Email Print
Know the Risk: Digital Transformation's Impact on Your Business-Critical Applications REGISTER >
For those online criminals who are not limited by the law, regulation and security technology, the ways of making money with online scams, identity theft, and hacking are limited only by criminal creativity. There is a thriving underworld of online criminals who are having a major impact on the lives of the innocent and the those trying to protect themselves in the age of security.
Sizing Up Online Criminal Organizations
The truly dangerous element to all of these specialized pockets of crime is the fact that many of them cooperate with one another. Some groups are partnering with others, and certain rings have just always been a part of a greater circle of crooks led by a shadowy figure who might be heading organizations that perpetrate more than just cybercrime.
“You have a lot of smaller bit players who are individuals operating on their own, but I think there's very much a one-sided world in cybercrime where there's a very small number of groups who are responsible for a large percentage of the activity,” Ramzan says.
A lot of the individual crooks and the smaller crews try to make it difficult for researchers to identify them by muddying the waters further—after all, they and their employers make their money from being unobtrusive, and they don’t want their revenue streams interrupted by cops and security sleuths. A larger organization will disassociate itself from its foot soldiers if they are caught. So the organization will constantly switch their online handles, change the names of their groups and so on.
“There will be two or three of them, and later on there’ll be another member, and different members will drop out, or they'll change their name entirely, but it will be the same three guys,” Jackson says.
All of these factors contribute to a sometimes maddening puzzle for investigators sifting through server logs, illicit hacker forums, incident reports and anecdotes from colleagues to put the puzzle pieces together and form a picture of the influential groups on the
rise—the ones most likely to strike legitimate businesses and consumers again.
Where does the tail of the tiger end and the body begin? Who’s actually pulling the strings? Who’s the mastermind of an operation? These are questions investigators are constantly looking to answer.
*Want more info on the most notorious organized hacking organizations? Take a glance at Baseline's 10 Notorious Cyber Gangs.
“I wish it were easier, that there [were] some identifiable quote unquote gangs, but unfortunately there's not,” Ferguson says. “Several operations are ongoing [and] have global footprints that are all interconnected. More or less, we’re pretty much referring to the same operatives every time, because a lot of the same guys who are behind some of this stuff have their fingers in multiple pots.”
Of course, all hope is not lost. There are ways to track activity, follow patterns and figure out who’s who, says Ramzan.
“You know when you have serial killer who has tell-tale signs? It is a similar thing with these groups. Sometimes they have similar signatures we [can use to recognize that] they're the ones responsible for an attack,” he says.
Researchers like Ramzan, Ferguson, Dunham and Jackson are not necessarily trying to put identified cybergangs into a scrapbook with mug shots next to them. In a lot of ways they just need a little bit of definition to help them predict the criminals’ next moves so they can protect customers and the public at large.
While it would be nice, the investigators don’t necessarily need to know their employee roster or how many people work for them. Sometimes they just need to know what skills these gangs possess. From there they can categorize groups and assess their risk levels.
“It is hard to say [which is] the most dangerous hacking group,” Jackson says. “I think when you're talking about threat agents and cybercrime activity, two big factors in determining who's really the biggest threat are how good are they technically, and their institutional knowledge. If they attack U.K. banks, how well do they know how the U.K. banking systems work and how their online banking services are implemented and where their weaknesses are?”
* Take a glance at Baseline's 10 Notorious Cyber Gangs.