Online crime as ugly as ever

 According to the keynote speaker at this year's Conference on Email and Antispam (CEAS), spam is still driven by bands of underground Internet miscreants driven by a lust for money and mischief.

Rob Thomas, CEO and research fellow with Internet security think-tank Team Cymru, opened the third annual gathering of antispam researchers and software engineers with a lively presentation on the 'underground economy.'

Thomas said in his work with clients he has come across villains who are driving a mature and robust economy that continues to expand.

"It's grown well beyond [credit] cards, warez and porn... now you can get everything; credit cards, CVV [credit card verification numbers], bots, bot code, DoS nets" and even U.S. visas, birth certificates and passports, which can go for as much as $500 each.

Thomas went on to describe the early union of spammers and bot herders, a term for individuals who use scores of machines running automated software to distribute spam, generating a substantial revenue opportunity for spammers and created the myriad of email headaches that network administrators face today.

Today Thomas said the underground economy is rife with data stolen and traded illegally in much the same way that traders in a bazaar or flea market sell their wares. In fact, he said, stolen data is costing businesses in the UK just under £100,000 each hour.

Included in this information Thomas said are "fulls" or fully identifying information of distinct victims including names, addresses, phone numbers, mother's maiden names, Social Security numbers, secret questions, secret answers, banking information and more. While credit cards may not be quite as alluring as they once were, numbers from the major credit cards firms are available, including Visa, MasterCard and Discover and even the coveted American Express Centurion cards, "they love those, and yes, they do trade them".

Thomas went on to talk about the communication methods used by these miscreants to interact including a variety of different instant messaging, peer-to-peer and stolen Skype VoIP accounts. He said the Skype accounts used to conduct miscreant business are usually used in pairs and, once used, are disposed of..

Most online criminals, according to Thomas, by and large are not all that tech savvy, and for them "it's not about technology, it's about crime," since most of these individuals were "selling drugs on the street and then found that it was a lot easier to clean out bank accounts from their La-Z-Boy."

And when it comes to online fraud, spammers aren't strictly interested in credit cards. Thomas said online banking accounts are just as susceptible to subversion and hijacking. He pointed out that access to a bank account containing roughly $3 million dollars had been sold from one criminal to another for just pennies on the dollar.

While the bank in question compensated the victim, in this case Thomas pointed out that someone with that much money has pull with the bank, "but if it had been someone with $800, which we more commonly see, what does the person with eight hundred bucks have in the way of clout?"

Thomas noted out that it's a problem that isn't going away. "People are getting nickeled and dimed, but for these people nickels and dimes are all they have."

Victor R. Garza is a technology/security consultant and lecturer at the Naval Postgraduate School in Monterey, Calif.