Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

The Year of 2008 In Cybercrime

Posted by CmdrTaco on Mon Dec 15, 2008 11:00 AM
from the a-whole-lot-less-britney dept.
Security
BobB-nw writes "Underground botnet markets and high-profile spam cases headlined the year in tech crime. One of the most disturbing cybercrime trends in 2008, many security analysts say, has been the emergence of a full-blown underground economy where credit card information, identity theft information, and spam and phishing software are all available for relatively low prices. 2008 also saw major developments in the cases against three major spammers in the United States."
+ -
story

Related Stories

Submission: The year in cybercrime (malware madness, etc.) by Anonymous Coward
[+] Employees the Next (Continuing) Big Security Risk? 111 comments
surely_you_cant_be_serious writes "A nationwide survey finds that most companies consider their systems vulnerable to attack. Historically, crime rates increase during recessions — and some believe that cybercrime may well follow suit, especially given massive layoffs and the dim prospects many laid-off employees face in finding a new job. 'One thing companies can start doing is monitoring their networks on an ongoing basis so that they understand the normal pattern of data flow and usage, Brill said. In many cases, companies may not have the internal capability to do this, but outsourcing options are available. Kroll Ontrack, for instance, will be rolling out a 24/7 monitoring service for its global clients manned from a US location by professionals in early 2009.'"
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

The Year of 2008 In Cybercrime 47 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Almost a dupe, but yet. (Score:5, Insightful)

    by ColdWetDog (752185) on Monday December 15 2008, @11:06AM (#26120547) Homepage
    Worse. ANOTHER stupid, mindless Networkworld slide show.

    Can someone please rustle up a good old Scientology bashing article, please?

    • Re:Almost a dupe, but yet. (Score:4, Insightful)

      by LMacG (118321) on Monday December 15 2008, @11:12AM (#26120595) Journal

      A cynical person might begin to wonder if there's some kind of deal between NW and /. in order to drive traffic to NW so they get the ad-impressions. Now where would be find anybody so cynical on this website?

      • Hmm, NW, as in NetworkWorld, as in submitter "BobB-nw"....

        The SD editors have made it clear on numerous occasions that they have absolutely no editorial judgment whatsoever, they just post anything that comes across their desk and looks at all shiny or sparkly. They don't even seem to follow the links in most submissions before posting. It's highly unlikely that either "BobB-" or "-nw" paid them anything other than attention.

      • Sounds like a good plan, but slashdot is probably the worst place to do advertising like that, especially as so many of us will* be using AdBlock/NoScript or Squid filtering, thus negating the ads.

        * Should be - I recall a stat a little while back that had something like 40% of /. traffic as IE still. The numbers may be wrong.

    • Re: (Score:3, Insightful)

      by owlnation (858981)
      Networkworld = dumbfotainment.

      Editors, please banish anything from this site to Idle -- slashdot's garbage can in other words. Better still, just banish it.

  • "cyber"? (Score:4, Funny)

    by syrinx (106469) on Monday December 15 2008, @11:12AM (#26120589) Homepage

    It's 2008, not 1998; aren't we done with "cyber" yet?

    • Re:"cyber"? (Score:5, Funny)

      by Yvan256 (722131) on Monday December 15 2008, @11:18AM (#26120635) Homepage Journal

      Indeed, it should be an iCrime to talk about cybercrime.

    • Re: (Score:1, Redundant)

      by owlnation (858981)

      It's 2008, not 1998; aren't we done with "cyber" yet?

      iCrime?

    • It's 2008, not 1998; aren't we done with "cyber" yet?

      No, kids in rivets and pink/black vinyl pants carrying cutesy, plastic Japanese backpacks need labels too...

    • "In the year two thousaaaaand. In the year two thousaaaaaaaaand!"

      The cyber-term "cyber" will become an ubiquitous cyber-prefix to all cyber-nouns. And half of all cyber-verbs.

      • Re: (Score:2)

        by plover (150551) *

        The cyber-term "cyber" will become an ubiquitous cyber-prefix to all cyber-nouns. And half of all cyber-verbs.

        It'll just get creepier. Just as we are now all cyber-complacent, the digerati will start shortening it to cy-. Cyverbs will creep into the cylanguage. We already have cyborgs, why not cyarms and cylegs? They'll "log on" to the cyweb with their cyphones.

        Ish. Someone get me a cygun before this goes any further. Or a cylon. That'll stop 'em.

  • Emergence? (Score:5, Insightful)

    by MosesJones (55544) on Monday December 15 2008, @11:12AM (#26120593) Homepage

    Hasn't there always been an underground crime racket in things like check fraud, ID fraud, ID forging, financial fraud, theft etc. It isn't that this is an emerging market, more than it is where the old market has moved into. In the same way as Wallmart moved from the real to the virtual so are the criminals.

    Sure its slightly different in that you don't get mugged and it can be better automated and scaled, but fake or duplicate passports have been around for years as has the ID theft problem. Hell in a world where Illinois can elect 4 out of 8 corrupt governors its hardly surprising that there is a problem with fraud and extortion.

    This isn't news about a market that is new, its news about how existing crime organisations are going into new markets, just like the Mafia et al shifting from alcohol and protection into drugs. There has always been a problem with organised crime and there has always been an underground market for illegal information and products (after all these are just different illegal shipments).

    This reads a bit like the .com stories of 1999 which said that there was a new magic economy that would replace the old one, then it turned out that mainly it was the boring old economy that worked in the new world. I'd imagine that the same is pretty true for the cybercrime world, same bosses, different henchmen who have more brains than muscles.

    • Re:Emergence? (Score:5, Interesting)

      by LilGuy (150110) on Monday December 15 2008, @12:49PM (#26121719)

      There surely has. I found my way into such a vast place back when I was 13 and discovering IRC. People hawked credit card info like there was no tomorrow, and others sold bots you could add to a net to perform DDoS attacks, all very cheap.

      Nothing has changed in the 12 years since except perhaps now clueless reporters are discovering the dark side of the Internet.

  • Rather obvious transition (Score:5, Insightful)

    by geekmux (1040042) on Monday December 15 2008, @11:14AM (#26120613)
    20 years ago, we didn't have the term "brick and mortar" to differentiate between a vendor and an e-vendor. Is it REALLY that much of a shock that the Black Market, which has been around for hundreds of years, now has an online shopping cart?

    • Sorry mate, but in merry olde England, brick and mortar was a valid saying 20 years ago, but it had not yet been applied to online vendors/retailers. I do like the thought of the black market having an online shopping cart though. Sort of like a bacon sandwich vending machine!

    • Re:Yeah, cybercrime is nice, but... (Score:5, Insightful)

      by Beardo the Bearded (321478) on Monday December 15 2008, @11:49AM (#26120903)

      Yes, it does.

      No operating system is perfectly secure. Even Linux, with its non-root mentality, has exploits for it. I've got 74 updates waiting for download right now, many of which are security updates. (Let's just say 1/4 for the sake of argument.)

      Windows was wiiiide open for years, which is why there are so many exploits for it. We've all read the "Surviving the First Day of Windows XP" guide; we know how open that OS was. That's not to say it's the only shaky OS. It's just the most famous and the most available.

      The folks who break into our computers spend and make fortunes on security. I've spent about $100 in the last 10 years securing my computer. The only things that keeps me from getting cracked are my obscurity and my neural network. In other words, I don't have anything valuable or desirable, and I'm not dumb enough to open random attachments.

      Any online system is crackable, given enough time and resources. These cybercriminals have more of both than we do.

      Thinking for even one second that you're fully secure because you're using Linux makes you part of the problem.

      • Re: (Score:1)

        by Anonymous Coward

        No, I think I'm fully secure because I:

        * Run a hardware firewall between my cablemodem and my Linux box, AND an iptables firewall on my Linux box,

        * Drop packets that aren't part of an established or related session (instead of rejecting them), so to most scans I'm a black hole,

        * Always clear all my data when exiting Firefox, including cookies and everything else, and periodically clobber my .firefox directory with a clean version I keep handy,

        * have no open ports or services that someone could latch onto (i

        • Re: (Score:1, Insightful)

          by Anonymous Coward

          Basically you're just saying that you're as secure as the next guy using Windows XP with sufficient knowledge.

          Nothing new there, move along.

          The problem is that the majority of people having a computer connected to the Internet lack the skills to secure it no matter what OS they are running.

          And before they have learned how to secure it they have already made holes in the default security in order to make, for example, a torrent client work.

      • Re: (Score:2)

        by rs232 (849320)
        "Windows was wiiiide open for years, which is why there are so many exploits for it"

        How do you explain the current phishing infestation ?

        'We've all read the "Surviving the First Day of Windows XP" guide; we know how open that OS was'

        It's news to me that it was considered so open. I can't find a link to the original but this says that to secure XP you enabled the XP firewall [sans.org]. Not much of an improvement then.

        "Thinking for even one second that you're fully secure because you're using Linux makes yo

        • Re: (Score:3, Informative)

          by Beardo the Bearded (321478)

          XP didn't always have that security center.

          Before the firewall was put on by default in SP2, a fresh install of XP had - at best - 5 minutes between the time you connected it to the Internet and the time someone else had full control of your machine. It was unbelievable.

          Phishing is nothing new. It's the same ancient techniques used by snake oil salesmen and corrupt businesses since we started using money as a trade medium.

          You're right about hacked servers. It's a problem that won't go away until they make b

  • New developement? (Score:4, Insightful)

    by N1AK (864906) on Monday December 15 2008, @11:23AM (#26120681) Homepage

    One of the most disturbing cybercrime trends in 2008, many security analysts say, has been the emergence of a full-blown underground economy where credit card information, identity theft information, and spam and phishing software are all available for relatively low prices.

    I'm not a 1337 hacker, I'm not a computer expert, and I'm certainly not savvy to the cutting edge of crime but I'm sure this isn't remotely new. Is anyone else reading this and thinking that this was the case at least as far back as 2006?

    • Re: (Score:2)

      by LilGuy (150110)

      It goes back WAY further than 2006. It goes back at at least the latter part of the 90s. I actually traded a few cards myself back when I was an underage idiot some 10 - 12 years ago. It was much easier to get away with back then it would seem as it was before the invention of that CV2 number, and most websites would let you order crap without checking the holder's info... but essentially its the same today as it was back then.

      • The approach might be the same, but the widespread use of credit cards and personal information online surely means that in the past few years, it is a much larger problem than it was 10 years ago. But I'd say that as for 2008, this is nothing new.
      • "It goes back WAY further than 2006 .. It was much easier to get away with back then it would seem as it was before the invention of that CV2 number"

        CV2 numbers are already hacked [bbc.co.uk] through the use of 'bugging' devices that record card wipes and key presses, usually with the collusion of the staff.

        "but essentially its the same today as it was back then

        Correct, a total failure of the so-called security experts to devise a secure online commercial transaction system ..
  • And not a word about Gary Mckinnon and the US's ongoing struggle to try and extradite him
    • Which is easier, trying to stem the phishing epidemic or putting away a UFO nut ..

      "The Americans have a secret spaceship?" I ask ..

      ".. What were the ship names?"

      "I can't remember," says Gary.

      "I was smoking a lot of dope at the time. Not good for the intellect [hostingprod.com]."
  • A biggest black eye for IT is the ease with which criminals can use zappers [vancouversun.com] to dupe accounting packages.

      • how many cookies does one site need?

        The Vancouver Sun [vancouversun.com] needs as many cookies as it can set. Considering the subscription base consists mostly of Wasps in a sushi based economy!

  • what OS .. (Score:3, Interesting)

    by rs232 (849320) on Monday December 15 2008, @01:23PM (#26122223)
    What OS does the vast majority of this 'identity theft', spam and phishing run on ?

    • What OS does the vast majority of this 'identity theft', spam and phishing run on ?

      OSX, but the users don't realise it...

  • the solution .. (Score:3, Insightful)

    by rs232 (849320) on Monday December 15 2008, @01:40PM (#26122485)

    The solution is to stop relying on Credit Card numbers for online verification. Using something like a smartcard, for each transaction, use a card-reader to generate a unique one time session-code. The transaction from the card-reader to the server is encrypted by this one-time session code. No CVC2 number, no PIN or card number need be entered or sent over the connection. To verify card present, the card generates a one-time four digit passcode that is syncronized with the server and this is typed in by the user, only then is the transaction completed. At worst all a key logger would record, is a defunct four digit code and session key.

    • Re: (Score:2)

      by mlts (1038732) *

      Even better would be a two-fold solution:

      1: Make SMS messages not cost so much, or have it where they are free for the receiver.
      2: For an online verification, the user gets via SMS the name and ID of the business, how much is being asked for as payment, other pertinent info (so the customer can tell if the SMS is genuine or a fake), and finally a 4-6 digit PIN that the customer types in as validation for the transaction. For someone to spoof the transaction, they would have to generate a bogus one with t

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2010 Geeknet, Inc.