The buying and selling of hacking tools, e-crime kits, malware, and stolen credit card numbers, in a cyber crime flea market environment, may seem as if it stretches the bounds of reality. But, guest writer Paul E. Lubic, Jr., explains in this eye popping report, that this is in fact, a new cyber crime reality.
Here’s Paul’s report:
The global cyber crime marketplace is alive, real, and growing. In a recent article, Global Cyber Crime…, I alluded to the existence of a market for renting botnets, purchasing malware, and obtaining stolen personal information.
At that time, this market of buyers and sellers existed on a small number of black hat-type websites. However, now these brazen thieves have come out in the public to exchange their criminal wares.
According to an article in the Register, Scotland Yard cuffs teens for role in cybercrime forum, a public forum of 8,000 attendees was held in London. The two teens who were involved in organizing the forum are not the story here. It’s the fact that there were vendors there, probably in show booths giving away trinkets for stopping by, that were selling hack-tools, e-crime kits, malware, and 65,000 credit card numbers.
I applaud Scotland Yard for arresting the teen organizers, but I don’t understand why they didn’t arrest those attendees and vendors who were trafficking in these crime-related tools and illegal credit card information. What is wrong with this picture? I don’t think it’s because of ignorance—Scotland Yard evidently knew laws were being broken or they wouldn’t have arrested the organizers.
Could it be that British computer laws don’t address the marketing of these products? Perhaps no one realized the gravity of the situation—they were selling Zeus, the malware that steals banking and credit card information and instructions on how to use it.
Maybe there were undercover agents making purchases and gathering evidence for future arrests. Or it could be all of the above; but the bottom line is that a lot of criminals and malware could have been taken off the street…but weren’t.
The message being sent to the cyber criminal community is that as long as the forum is in England, and you don’t get involved in the actual organization of the forum or conference, you’re free to ply your wares and sell or purchase tools with which to break laws and steal from the masses.
However, this forum, as disturbing as it might be, is just a harbinger of a much greater global cyber crime picture that concerns me. It should concern you too.
The messages we should be taking from this are:
- The criminals are becoming emboldened, almost unafraid of being arrested. This is because there is so much money in cyber theft that it’s worth the risk; coupled with the fact that this is a new industry and the early participants will become the most rich.
- The amount of cyber crime being committed is expanding at an alarming rate. Anyone is able to get into the cyber crime business for as little as a few hundred $US, and because of this, there is an explosion of cyber crime underway as we speak.
- The world’s law enforcement community is woefully undermanned and under educated in cyber crime. This area of law enforcement needs to be funded at a much greater level than the present “handful” of cyber crime officers in each organization today.
- We need to be afraid…very afraid of this problem. For all the reasons stated in items 1-3, we will remain the target of cyber crime for the foreseeable future.
Guest writer Paul E. Lubic, Jr. is a long time IT professional who has held the positions of programmer, IT Security Manager and Chief Information Officer. His interests lie in the IT security area, but he writes on all categories of technology.
Paul is a mature and seasoned writer, with a rare ability to break down complex issues into an easy to understand format. Check him out at his Blog – Paul’s Home Computing.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.
Bill Mullins' Weblog - Tech Thoughts 