Which of the four top cyber criminals described in this case poses the biggest threat to businesses?
Which of the four top cyber criminals described in this case poses the biggest threat to businesses?
REAL WORLDCASE 3Cyber Scams: Four Top Cyber Criminals—Who They Are and
What They Do
Cyber scams are today’s fastest-growing criminal niche. Scores of banks and e-commerce giants, from JPMorgan Chase & Co. to Wal-Mart.com, have been hit, sometimes repeatedly, by hackers and online fraud schemes. The 2005 FBI Computer Crime Survey estimated annual losses to all types of computer crime—including attacks of viruses and other malware, financial fraud, and network intrusions—at $67 billion a year. Of the 2,066 com panies responding to the survey, 87 percent reported a security incident. In addition, the U.S. Federal Trade Commission savs identity theft is its top complaint.
To track cyber crime, law enforcement officers work with companies such as eBay or Microsoft, as well as with legal authorities around the globe. eBay has 60 people that combat fraud, while Microsoft’s Internet Safety Enforcement team has 65 operatives, including former law enforcement agents and federal prosecutors. To document the extent of the activityBusinessWeek reporters scoured underground Web sites where stolen data are swapped like so many baseball cards on eBay.
Consider this e-mail promoting the launch of an online crime trading bazaar, vendorsname.ws, last year: “During the battle with US Secret Service, [email protected]# &! All those bastards and now are running a brand new, improved and the biggest carders’ forum you ever seen.” The message brags about its array of stolen goods: U.S. and European credit card data, “active and wealthy” PayPal accounts, and Social Security numbers. Those who “register today” get a “bonus” choice of “oneCitybank account with online access with 3K on board” or “25 credit cards with PINs for online carding.”What follows is a look at four individuals who have been identified by multiple law enforcement authorities as high-priority targets in their investigations. It’s no coincidence that all are Russian. Strong technical universities, comparatively low incomes, and an unstable legal system make the former Soviet Union an ideal
breeding ground for cyber scams. Also, tense political relations complicate efforts to obtain cooperation with local law enforcement. “The low standard of living and high savviness is a bad combination,” argues Robert CChesnut, a former federal prosecutor who is a senior vice president directing antifraud efforts at eBay.Among the most pernicious scams to emerge in the last few years are so-called reshipping rings. The king of these rings is a Russian-born hacker who goes by the name Shtirlitz—a sly reference to a fictional Soviet secret agent who spied on the Nazis. In real life, Shtirlitz is being investigated by the U.S. Postal Inspection Service in connection with tens of millions of dollars’ worth of fraud in which Americans signed up to serve as unwitting collaborators in converting stolen credit card data into tangible goods that can be sold for cash. “We think he is involved in the recruitment of hundreds of people,” says William A. Schambura, an analyst with the U.S. Postal Inspection Service. Investigators believe that people like Shtirlitz use stolen credit cards to purchase goods they send to Americans whose homes serve as drop-off points. The Americans send the goods overseas, before either the credit card owner or the online merchant catches on. Then the goods are fenced on the black market.BusinessWeek found that reshipping groups take out advertisements in newspapers and spoof ads from online job sites. “We have a promotional job offer for you!!” beckons one e-mail for a “shipping-receiving position” from UHM Cargo that appeared to come from Monster.com. It states that “starting salary is $70–$80 per processed shipment. Health and life benefits after 90 days.” Officials do not know Shtirlitz’s real name but believe he is 25–27 years old and lived in the San Francisco area at one time after his parents emigrated. They do not know where he is now but believe he is active. In one forum of CardingWorld.cc, a person with the alias iNFERNis, posted this request on December 23, 2005: “Hi, I need eBay logins with mail access, please icq 271-365-234.” A few hours later, Shtirlitz replied: “I know good vendor. ICQ me: 80–911.”Once equipped, someone could log into those eBay accounts and use them to buy goods with the owners’ money while emptying the money out of their PayPal accounts. “The Web sites are more like a dating service,” notes YohaiEinav, an analyst at RSA Security Inc. “Then you can conduct transactions in private chat rooms. I can click on someone’s name and start doing business with them.” The technical tools to steal credit card numbers and online bank account log-in data are often just as valuable as the stolen goods themselves. A cyber criminal known as Smash is being investigated by the Postal Inspection Service on the suspicion that he helps hackers hack. The picture, or avatar, that accompanies Smash’s posts in online chat rooms shows a fallen angel. Around 25–30 years old and based in Moscow, he is believed to be an expert in building spyware programs, malicious code that can track Web surfers’ keystrokes and is often hidden in corrupted Web sites and spam e-mail.
The U.S. enforcement officials say Smash’s Russia-based company, RAT Systems, openly hawks spyware on the Web atwww.ratsystems.org. On its home page, RAT Systems denies any malicious intent: “In general, we’re against destructive payloads and the spreading of viruses. Coding spyware is not a crime.” Yet the “terms of service” guarantee that its spyware products will be undetectable by the antivirus software made by security companies such as McAfee Inc. and Symantec Corp. One product, called the TAN Systems Security Leak, created to attack German companies, sells for $834.
Postal Inspection Service officials are also investigating Smash’s activity as a senior member of the International Association for the Advancement of Criminal Activity, which they describe as a loose-knit network of hackers, identity thieves, and financial fraudsters. Smash and another sought-after hacker named Zoomer jointly operate IAAcA’s Web sitewww.theftservices.com, one of the most popular and virulent stolendata trading sites, according to U.S. officials. On May 11, 2005, Massachusetts Attorney General Tom Reilly filed a lawsuit against Leo Kuvayev and six accomplices, accusing them of sending millions of spam e-mails to peddle counterfeit drugs, pirated software, fake watches, and pornography. Kuvayev, a 34-year-old native of Russia who uses the nicknameBadCow, is one of the world’s top three spammers, according to antispam groupSpamhaus. State officials allege that Kuvayev and his associates used a number of Web-hosting services from the United States and around the world to launch attacks.
Massachusetts was able to go after Kuvayev because he listed a Massachusetts address on his driver’s license and conducted business using a Boston post office box. On October 11, 2005, after none of the defendants appeared to answer the charges, a Superior Court judge issued a default judgment against them. The judge found the spammers in violation of state and federal consumer protection laws and ordered a permanent shutdown of dozens of illegal Web sites. Kuvayev and his codefendants were ordered to pay $37 million in civil penalties for sending nearly 150,000 illegal e-mails.
Federal law enforcement officials believe Kuvayev’s operation was pulling in more than $30 million a year. State officials suspect Kuvayev fled to Russia before he was sued. “The problem is, Russia does not have any anti-spamming laws at the moment,” says U.S. Postal Inspection Service senior investigator Gregory Crabb. “It’s hard to catch someone who isn’t breaking the law.”Bank robbers rob banks because that’s where the money is. For cyber criminals, the best loot is often found inside the networks of credit card processors, the middlemen that handle card transactions for merchants and banks. Postal Inspection Service officials say they are investigating Roman Khoda, aka MyO, on the strong suspicionthat he is connected to the theft of a million credit card numbers in recent years. A 26-year-old Russian with a university degree in physics, Khoda once worked with the leading members of carderplanet, one of the largest online marketplaces used to buy and sell pilfered bank account and card data, until it was broken up by U.S. and foreign officials in August 2004. Yet Khoda is unlike some cocky hackers who often write their own digital signatures into malicious code, says Crabb; Khoda operates with stealth. At carderplanet and successor Web sites, he has not left a detailed trail connecting him directly to stolen data.Still,Crabb says that officials know that Khoda and two accomplices conducted extensive due diligence on the computer networks of recent targets they intended to break into, even setting up fake companies with accounts at the credit card processors to test for holes in their systems. Then they lugged PCs to a rented apartment on the Mediterranean island of Malta, according to Crabb. Using proxy servers in the United States, China, and Ukraine to hide their Internet connection, Khoda& Co. then unleashed their break-in attacks. Source: Adapted from Spencer Ante and Brian Grow, “Meet the Hacker BusinessWeek, May 29, 2006.
CASE STUDY QUESTIONS
1) List several reasons “cyber scams are today’s fastestgrowing criminal niche.” Explain why the reasons you give contribute to the growth of cyber scams
2) What are several security measures that could be implemented to combat the spread of cyber scams? Explain why your suggestions would be effective
3) Which of the four top cyber criminals described in this case poses the biggest threat to businesses? To consumers? Explain the reasons for your choices, and describe how businesses and consumers can protect themselves from these cyber scammers.