A new report sheds some light on the structure and inner workings of todays cybercrime organization based on online communication with resellers of stolen data.
The Finjan "Q2 Web Trends Security Report" says cybercrime is no longer the domain of just loosely affiliated hackers trading stolen booty online. Instead, hierarchical cybercrime organizations operate in a manner akin to traditional organized crime, from the Godfather mob boss all the way down to the foot soldiers.
Yuval Ben-Itzhak, CTO at Finjan, says the Mafia is an apt analogy for how organized cybercrime operates. The main findings from Finjans investigation of the underground economy is that its becoming very organized and stratified, with the big boss several layers away from the actual hack and sale of stolen data.
Finjan researchers posed as potential buyers of stolen data and communicated directly with several resellers via ICQ Messenger sessions. That really helped us to confirm and create this report... It shows how well they are organized, Ben-Itzhak says.
Ben-Itzhak says the resellers said they didnt know exactly how the data was stolen, but that they were willing to put the Finjan researchers in touch with their boss, who had information on how the data was collected. The researchers werent able to pinpoint the geographic location of the resellers. We dont know where they are from... We could tell their English was broken, but we dont know where they are," he says.
Finjan concluded that the boss of a cybercrime organization acts as the entrepreneur (and keeps his hands clean). Next in line is the underboss, who manages the operation, provides the Trojans for attacks, and oversees the command and control of Trojan attacks.
Then come the campaign managers, who use their own affiliation networks to attack systems and steal data, which is then sold by the resellers, according to Finjan. The bad guys get rewarded for their business successes: The campaign manager, for instance, gets paid a commission for the number of users he successfully infects.
Cybercrime expert Guillaume Lovet, senior manager for the threat response team at EMEA Fortinet Technologies, says that, although the report does an important job of raising awareness on cybercrime, it really doesn't break any new ground on the underground economy, and that other researchers have previously made similar contact with the bad guys.
Lovet took issue with the Mafia analogy used by Finjan, noting that command-and-control doesnt manage infections as the Finjan report said -- it controls botnets. "The C&C does not manage and control infection campaigns. It controls resulting botnets -- it's a different thing, Lovet says. And yes, botnets have a central command... just like a legitimate business. Or the Navy."
Among other findings in the Finjan report: cybercrime organizations launch campaigns, independent attacks each with their own groups of attackers, often targeting certain types of Websites, for instance.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.