Cyber criminals are increasingly using sound business principles to increase profits from compromised machines, a Web security firm reported on Tuesday.
After contacting a variety of illicit online operations dealing in financial data, researchers at security firm Finjan found that cybercriminals are organizing in hierarchies similar to mafia groups, which took their organizing principles from corporations. Each group has a boss that acts as an entrepreneur and an underboss that manages the command-and-control centers of the botnets and provides technical tools such as the Trojan horses. The people who actually commit the crimes -- the associates -- are arranged in several groups, or campaigns, under campaign managers, the company found.
"Individual hackers operating independently or groups of hackers with common goals have been replaced by hierarchical cybercrime organizations where each cybercriminal has his own well-defined role and reward system," Finjan said in its Web Security Trends Report.
While many bot masters maintain their own network of compromised systems, law enforcement has had some success in investigating and prosecuting such individuals. International criminal organizations tend to be able to dodge law enforcement officials more effectively, leading officials to stressed that corporations need to reliably report cybercrime incidents to the government.
Last year, reports of damage from online fraud increased, reaching $237 million according to the FBI's Internet Crime Complaint Center.
Security firm Finjan found other similarities between the underground economy and typical businesses. Prices of credit cards numbers and bank account data has dropped to $10 to $20 per item, down from $100 or more. The price also depends on the quality of the data: Bank account details that have been validated fetch a higher premium than a large dump of unchecked data, the company said.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos