Somewhere in St. Petersburg, Russia’s second largest city, a tinystartup has struck Internet gold. Its dozen-odd employees are barelyold enough to recall the demise of the Soviet Union, but industryanalysts believe they’re raking in well over $100 million a year fromthe world’s largest banks, including Wells Fargo and Washington Mutual.
Their two-year rise might be the greatest success story of theformer Eastern Bloc’s high-tech boom — if only it weren’t so illegal.But the cash may be coming from your bank account, and they could beusing the computer in your den to commit their crimes.
The enigmatic company, which the security community has dubbed “RockPhish,” has rapidly grown into a giant of the Internet underground byperfecting a common form of Internet crime known as “phishing.” Thethieves capture people’s personal computers, then use them to sendphony e-mails that trick other users into revealing private financialinformation.
“Rock is the standard. They’re the Microsoft. Everyone else is a bitplayer,” said Jose Nazario, a researcher at security company ArborNetworks.
As big as Rock Phish has become, though, it is a sliver of a much larger problem.
Read the rest…
Editor's Note: Below are some of the more famous procerdures found lurking in the cybercriminal mind. When you realize that 93% of attacks target financial institutions, 92% target software applications and 90% are conducted by "organized crime" then add the fact that graphical user interfaces can be cloned, as can bank websites, the future of a software PIN debit application is behind the eight ball.
Vocabulary of cybercrime
- Bot-herders: Those who control the armies of computers known as botnets.
- Botnet: A “robot network,” or collection of zombie PCs, usually controlled by Internet crooks who have surreptitiously installed malware on people’s computers
- DNS Hijacking: Users type in a website and unbeknowst to them, they are taken to a cloned site whereby they enter their private information which is then used at the genuine website to log-in. Usually targeted at financial institutions.
- Drive-by download: A user visits a Web site containing malicious code that installs itself on the user’s PC.
- The Bad GUI: A cloned Graphical User Interface which replicates the genuine and fools user's into entering their valuable financial information like PIN's or Username's and Passwords. (see picture on right and below left)
- Keylogging: Software that records a user's keystrokes to steal passwords, usernames, credit card numbers, etc. (see picture below right)
- Malware: Any computer software created with malicious intent.
- Phishing: Sending e-mailsthat appear to come from a trusted entity (such as a bank or well-knowncompany) that trick people into giving up personal and financialinformation.
- Spam: Unwanted e-mails sent to users to get them to buy something, take an action or reveal information.
- Trojan: Malicious computer software disguised as a useful program that tricks users into opening or installing it.
- Virus: Computer code that infects a file or program, then takes actions and spreads when the user opens that file or program.
- Worm: A self-replicating computer program that transfers itself between PCs, often clogging the network as it spreads
- Zombies: What makes your financial information the walking dead...here's more on Cybercrime from Symantec:
Liketraditional crime, cybercrime can take many shapes and can occur nearlyanytime or anyplace. Criminals committing cybercrime use a number ofmethods, depending on their skill-set and their goal. This should notbe surprising: cybercrime is, after all, simply 'crime' with some sortof 'computer' or 'cyber' aspect.
The Council of Europe's Cybercrime Treaty uses the term'cybercrime' to refer to offenses ranging from criminal activityagainst data to content and copyright infringement [Krone, 2005].However, others [Zeviar-Geese, 1997-98] suggest that the definition isbroader, including activities such as fraud, unauthorized access, childpornography, and cyberstalking. The United Nations Manual on thePrevention and Control of Computer Related Crime includes fraud,forgery, and unauthorized access [United Nations, 1995] in itscybercrime definition.
As you can see from these definitions, cybercrime can cover avery wide range of attacks. Understanding this wide variation in typesof cybercrime is important as different types of cybercrime requiredifferent approaches to improving your computer safety.
Symantec draws from the many definitions of cybercrime and defines it concisely as any crime that is committed using a computer or network, or hardware device.The computer or device may be the agent of the crime, the facilitatorof the crime, or the target of the crime. The crime may take place onthe computer alone or in addition to other locations. The broad rangeof cybercrime can be better understood by dividing it into two overallcategories, defined for the purpose of this research as Type I and TypeII cybercrime.
Type I cybercrime has the following characteristics:
- It is generally a single event from the perspective of the victim.For example, the victim unknowingly downloads a Trojan horse whichinstalls a keystroke logger on his or her machine. Alternatively, thevictim might receive an e-mail containing what claims to be a link toknown entity, but in reality is a link to a hostile website.
- It is often facilitated by crimeware programs such as keystroke loggers, viruses, rootkits or Trojan horses.
- Softwareflaws or vulnerabilities often provide the foothold for the attacker.For example, criminals controlling a website may take advantage of avulnerability in a Web browser to place a Trojan horse on the victim'scomputer.
Examples of this type of cybercrime include but are not limited to phishing, theft or manipulation of data or services via hacking or viruses, identity theft, and bank or e-commerce fraud.
Type II cybercrime, at the other end of the spectrum,includes, but is not limited to activities such as cyberstalking andharassment, child predation, extortion, blackmail, stock marketmanipulation, complex corporate espionage, and planning or carrying outterrorist activities. The characteristics of Type II cybercrime are:
- It is generally an on-goingseries of events, involving repeated interactions with the target. Forexample, the target is contacted in a chat room by someone who, overtime, attempts to establish a relationship. Eventually, the criminalexploits the relationship to commit a crime. Or, members of a terroristcell or criminal organization may use hidden messages to communicate ina public forum to plan activities or discuss money launderinglocations, for example.
- It is generally facilitated by programs that do notfit into under the classification crimeware. For example, conversationsmay take place using IM (instant messaging) clients or files may betransferred using FTP.