Cybercrime is part of online economy says study
A study by Rand Corp. and commissioned by the security firm Juniper Networks found a well-organised, multi-billion-dollar underground economy that has become "a playground of financially driven, highly organised and sophisticated groups."
The evolution of cyber-crime creates new challenges for security professionals trying to protect computer networks, says Nawaf Bitar, Juniper's general manager for security.
"We have long suspected that cyber-criminals were sophisticated and that they had an organisational structure, but no one had studied this," Bitar told AFP.
"The success of this market is driven by accelerated economics, and the way to address this is through economics."
The report says the black markets are growing in size and complexity and that this activity mirrors the normal evolution of a free market, with both innovation and growth.
Juniper's security vice president Michael Callahan said this cyber underground has all the characteristics of an economy, including its own currencies - chiefly cryptographic payment forms such as Bitcoin.
Callahan said the underground economy is characterised by specialisation and resilience, so that if one market participant leaves, another steps up.
Silk Road
"We saw this when (the black market bazaar) Silk Road went down, and within a day other participants started filling that gap," Callahan said. "It's one of those signs this is a mature economy."
The report notes that, just as in some organised crime groups, there is a code of conduct that helps reassure customers.
"You have honour among thieves," Callahan said. "They work to a level of conduct. They know it is in all of their best interests to follow the rules. As in other markets, these people know that your reputation is key."
The report suggests that about 30% of the sellers of financial data are "rippers," who fail to deliver promised goods or services.
These abuses generally occur in the "lower" levels of the black market that are easiest to access. The report said that these rippers tend to get reported and then often quickly removed.
The study found these markets span the globe from China to Eastern Europe and Latin America, with many US-based participants and more cross-pollination between these cyber-criminals than ever before.
Tools
The cyber-crime world features "storefronts" like other forms of e-commerce, with hacker tools and services bought and sold.
The tools available include those used in the attack on US retail company Target, where upwards of 110m customers may have had their personal data stolen.
For those who lack technical savvy, new services are offered. Rand found one can obtain a Distributed Denial of Service (DDoS) attack - in which hackers overwhelm a server to interrupt access - for as low as US$50 for a 24-hour attack.
Bitar said the cyber-security community needs to shift its focus because of the new threat and because the traditional methods of using firewalls and other defensive measures are not enough.
"We need to use active resistance rather than passive resistance," he said, adding that this could involve setting traps, using encryption and delivering bogus information that disrupts efforts by hackers and attacks.
But he said he strongly opposes the idea of "hacking back" at the attackers.
"I believe that is wrong. You can harm innocent bystanders," he said.
Source: AFP via I-net Bridge
Source: I-Net Bridge
For more than two decades, I-Net Bridge has been one of South Africa’s preferred electronic providers of innovative solutions, data of the highest calibre, reliable platforms and excellent supporting systems. Our products include workstations, web applications and data feeds packaged with in-depth news and powerful analytical tools empowering clients to make meaningful decisions.
We pride ourselves on our wide variety of in-house skills, encompassing multiple platforms and applications. These skills enable us to not only function as a first class facility, but also design, implement and support all our client needs at a level that confirms I-Net Bridge a leader in its field.
Go to: http://www.inet.co.za