Monday, June 11, 2007

Sopranos Fall Short of Organized Crime's Impact on Cyber Crime

Friends of ours: Soprano Crime Family

The world of Tony Soprano ended Sunday night with the final episode of "The Sopranos." Over seven years, the award-winning HBO TV series offered insight into the business of the modern Mafia, albeit based on a fictional crime family in New Jersey.

We got glimpses of garbage contracts, construction scams, protection rackets, illegal gambling, truck hijacking and credit card fraud. But missing from the list of criminal enterprises was cybercrime. Tony Soprano was a face-to-face communicator, someone who is wary of wiretapping and other forms of electronic surveillance. He wasn't a laptop user, and he didn't appear to cash in on the myriad ways to get rich from Internet-related scams.

Richard Stiennon, chief marketing officer at security firm Fortinet Inc., says this is where "The Sopranos" fell short in its depiction of modern organized crime.

"Here they are beating people up with baseball bats, and a lot of the criminals have moved online," Stiennon said. "The opportunity has been growing with the growth of the Internet. Cybercriminals are looking to expand. They need an organization to exploit those opportunities. It's like organized crime 2.0."

Stiennon has been an expert on security for a while. For work, at PricewaterhouseCoopers, he was a "white hat" hacker. He would break into corporate networks to tell companies where their vulnerabilities were. He succeeded every time, he said.

Now at Fortinet, which supplies security appliances that protect networks, Stiennon has been going around giving talks on how we have to worry about how much money is flowing through the illegal crime networks online.

Of course, a lot of security tech vendors want us to be scared. They'll make more money if we buy enough armor to protect ourselves. "Some like to take the attitude that this is all vendor hype," Stiennon said. "The problem is, there is so little revelation of actual attacks. Companies like to stay out of the news, even when they're attacked."

But others are raising the same alarms about organized crime. Like the Mafia depicted on the show, the nature of cybercrime has evolved over the past seven years from "script kiddies," or young kids who used automated programs to create "cybergraffiti," to organized efforts aimed at stealing a lot of money.

Michelle Dennedy, chief privacy officer at Sun Microsystems Inc., said that in the past couple of years, the FBI and Secret Service have been warning that they're encountering much more organized crime activity in cyberspace. "Stealing identities is the new bank job," Dennedy said. "They go to chat rooms where they trade credit cards, using code words. I don't know if you need to have mob bosses behind it. But it is organized crime."

Christian Desilets, research attorney for the National White Collar Crime Center, said the "Tony Soprano types" may indeed be missing out on electronic crime. But Desilets added, "We do see them in offshore betting, but not as much in electronic crimes. But the electronic criminals are organized. There are very sophisticated operations linked to the Russian Mafia."

In its annual report on organized crime and the Internet last week, McAfee Inc. said that new criminal organizations are emerging to prey on Internet users and that they're becoming more sophisticated and scoring bigger paydays.

One study that McAfee cited said banks lost $2 billion through illegal access to online bank accounts last year. In 2005, the FBI estimated computer crimes cost U.S. corporations $67 billion.

With such stakes, you can bet most organized criminals are involved. The FBI notes that a number of crime syndicates are based in Russia but that many cross borders.

Stiennon contends that organized criminals online now are split up, like vendors in a flea market. Some sell hacking tools for spying on people or stealing identities. Others use those tools to steal credit cards and data, including programs that harvest identities from unsuspecting Internet users.

The FBI periodically shuts down these sites. The criminals put credit cards up for sale. Still others will buy the cards and use them to buy merchandise in electronics stores.

Since organized criminals have traditionally been linked to credit card fraud, expanding into online credit card theft is an easy expansion. Here and there, evidence of organized criminals using technology is emerging.

In 2005, thieves stole $423 million from the London branch of the Sumitomo Mitsui Bank. They did so by posing as janitors, putting "keystroke loggers" that captured keystrokes on computers, thereby stealing passwords from clerks who handled wire transfers.

Authorities traced the crime to a gang in Israel, and Stiennon noted that one person held for the crime was later killed.

In a series of incidents ranging from mid-2005 through January 2007, more than 45 million credit card numbers were stolen from TJX Cos., the owner of the TJ Maxx, Marshalls and other retail chains. Stiennon said many of those card numbers have been used around the world in various kinds of fraud. One ring of criminals used the card numbers to buy more than $8 million in merchandise in Florida.

Other big cases have involved the purchase and sale of controlled drugs via Internet pharmacies or credit card theft.

Extortion, one of the oldest traditional mafia tactics, has moved online as hackers threaten to shut down Web sites unless they're paid off.

Meanwhile, the federal budget aimed at stopping cybercrime doesn't add up to much, Stiennon said. "The sequel to the Sopranos will be cybercrime, with a lot of young kids using computers," Stiennon said. "Tony, assuming he's still alive, will be typing LOL (laugh out loud)."

The cost of cybercrime

2 million: Number of Americans whose online bank accounts were robbed
$2 billion: Total losses for the banking industry from such thefts
$30 million: Credit card company fraud losses from online crime, 30 percent of total fraud losses
15 million: Number of Americans who reported being victims of identity theft in the 12 months ending mid-2006, up 50 percent from 2003
$3,257: Average loss from identity theft in 2006, up 131 percent from 2005

Source: McAfee North American Criminology Report: Organized Crime and the Internet, 2007


Thanks to Dean Takahashi

No comments:

Post a Comment