Application security, Breach, Threat Management, Data Security, Incident Response, Malware, Phishing, TDR

From RSA: Criminal underground is flourishing

An underground economy has emerged in which cybercrooks are leveraging freely available tools, sophisticated methods and a chain of specialization that resembles a real corporation to pull off massive digital heists, according to an RSA Conference panel on Wednesday that examined the modern online criminal ecosystem.

Spammers are tapping into the power of massive fast-flux botnets that allow sites hosting phishing and spam attacks to go virtually undetected, the panel said.

“It's almost impossible to take these things down because the DNS (domain name system) changes every five minutes or so,” said Larry, lead investigator at Spamhaus, which tracks spammers. He does not use his last name.

Larry said spammers are getting into the game with the help of easily available tools such as Dark Mailer, a simple-to use kit for delivering unwanted mail.

“You'll have teenage kids in the middle of Missouri that will stumble across this,” he said. “There's no need to be a college graduate.”

The organization of spamming operations has matured, as well, said Joe St Sauver, manager of Internet2 Security, a networking consortium based at the University of Oregon in Eugene that is focused on internet technologies.

He said junk mailers have turned to an affiliate model in which they seek people who have products to market.

Malware writers, meanwhile, are recruiting more and more to people to serve as so-called money mules, unsuspecting job seekers who serve as middlemen and women to transfer stolen funds between bank accounts, Lawrence Baldwin, chief forensics officer of, said.

Often the positions are advertised as a way for people to work from home while earning big bucks.

“If you have millions of compromised accounts, you need tens of thousands of mules,” he said.

There is plenty of need for help, Baldwin said.

He said he is aware of at least 30 instances in the last couple of months in which hackers have infiltrated the networks of retailers and other mid-size businesses in an attempt to steal large amounts of data.

“The scary part is they are getting in in large numbers," he said. “They are going after to where the data is.”

Hardly any of these instances have been publicly reported, he said

The panel suggested that users contact their legislators to tell them spam and phishing remain a problem. Credit card companies, meanwhile, must ensure they are not serving bogus underground operations, such as spam sites and forums where credit card numbers and other account information are bought and sold (using legitimate credit cards).

The panel agreed the end-user needs to be more mindful of these threats, but individuals whose PCs are infected may need help from internet service providers in removing the malware, St Sauver said.

But tackling a global problem will not be easy, Baldwin admitted.

“It's a virtual infrastructure,” he said. “It transcends geography.”

The panel was moderated by Patrick Peterson, vice president of technology at Cisco's IronPort.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.