Wednesday, April 17, 2024

Black Markets and the Online Mob

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Once the domain of uber savvy hackers and forward-thinking mafioso,

today’s online crime requires little more than a cursory knowledge of

programming and a downloadable tool kit to get started.

Progressive criminals saw the evolution of technology as a means for

upgrading their own malicious activities. Hackers, crackers, phishers,

pharmers and social engineers used their knowledge stores to one-up the

average individual in a vicious game of ‘you are you but I also can be


Identity theft was buoyed by the black market’s supply and demand. Yet

even criminal consumers are a fickle lot, and what was valuable last year

is not so lucrative by this year’s standards. According to Bindview’s

RAZOR research team — a group of people focused on incorporating the

latest up-to-date changes in the threat, vulnerability, and regulatory

landscape into Bindview’s products — credit card numbers were worth

approximately $25 each wholesale and $100 each retail in 2002. Fast

forward to 2005 and they’ve dropped to $1 to $5 wholesale and $10 to $25


Yet ‘products’ such as email addresses weren’t on the map in 2002 but are

currently worth $.01 to $.05 each. A well-programmed bot could find many

hundreds of valid emails a day, turning a tidy profit for black


Criminals themselves saw a shift in who is doing the digital break-ins. A

few years ago, hackers generally were techie types with too much time on

their hands who wanted to make a name for themselves in the hacker

underground. Now, they’re often hackers for hire, making a buck by

stealing corporate information or working hand-in-hand with spammers. And

the kids aren’t missing out on the ‘fun’ either, using plug-and-play

theft kits to make their work easier.

”The ease with which data can be stolen depends on the tools being used

and the thief’s level of sophistication in traversing through the

network,” says Jim Hurley, senior director of RAZOR Research, for

Houston, Texas-based Bindview. ”Creating a breach ranges in difficulty

from being intimately familiar with the innards of OS design,

construction and network protocols to having absolutely no knowledge —

because you don’t need it with the vast availability of pre-built tools.

Sniffers, keyloggers, rootkits, loaders, Trojans and virus kits are but a

few of the many offerings on thousands of accessible sites.”

In the recent past, online theft and criminal activity poured forth from

highly advanced or severely disadvantaged nations. But today’s online

crime is far from being country specific. If you know how to compile a

program, you can make changes to the source code of an application and

make it do something else.

Just as online auctions launched a flurry of overnight entrepreneurs, so

has the prevalence of online crime kits. You don’t need a long list of

contacts to get started on the dark side. Once a would-be criminal has

found themselves some interesting information, it’s not that hard to find

a buyer using Web sites, bulletin boards, IM, email, cell phones and of

course, the very lucrative Web auction ring.

Make no mistake, though the hierarchy has shifted from organized crime

families, it is very much alive in the form of organized Web auction

rings — well-oiled machines that include many layers of people

performing very specific roles and functions. From the top down they

include the inner ring, evaluators, inspectors, enforcers/contacts,

trusted fences and the buyer and seller.

Web auction rings, otherwise known as Web Mobs, have proved to be a very

nasty problem for Federal investigators due to their cross-country

logistics. Once sufficient evidence has been gathered to crack an auction

ring, authorities must work within international boundaries, time zones

and with foreign legal statutes.

”What’s not well known is they’re not in the business of stealing things

and theyre not hackers,” says Hurley. ”It’s best to think of them as a

fence between the buyer and the seller. They’re not technologists and

they don’t care to be, they just want to make sure that their activities

are not traceable and these are the organizations that are operating

around the world.”

So what’s for sale in this more accessible market? Falsified deeds, birth

and death records, letters of credit, health insurance cards, source

code, diplomas and even people are available for the right price. The

anonymity and relative ease of criminal activity is gaining in

attractiveness to the barely skilled programmers looking to cash in.

The modus operandi of today’s cyber criminal includes commonly known

tricks of the trade, starting with the path of least resistance, i.e.,

social engineering. According to Hurley, criminals go after their victims

using a predictable set of steps: reconnaissance, target, evaluate the

environment, install new service or backdoor, cover your tracks, hit pay

dirt and run or decide to hang around to exploit and reuse the target,

keep ownership of the device, or not, and then move on to the next


With so much information so relatively easy to get to, it’s a feast of

sorts for the would-be Web Mobber. Using established channels spanning

international date lines, and employing thousands of zombie machines,

it’s more difficult than ever to locate these extensive criminal networks

but easier than expected to join one.


So what can be done to protect our organizations from this type of


”There’s what I’ll call best practices and then there’s reality,” says

Hurley. ”Based on our research over the past two to three years, there

are significant differences in performance results that companies are

experiencing with their security programs. There are some common things

that are done very well among the best-class enterprises suffering the

least amount of breaches and damages. But even having said that, there’s

probably no way to defeat a serious security threat today and it wouldn’t

matter what the tool is. The only way to do that would be to unplug the


According to Hurley, the firms that have a good chance of avoiding

victimization are the ones with a very active risk management program in

place. ”An executive team devoted to solving security issues, where the

IT security function isn’t buried in a hole somewhere in IT but rather

implemented as a risk management function, cross-company and


Although the U.S. government has been working in concert with

international authorities to painstakingly dismember online Web Mobs, our

indictments are but a grain of sand in the vast amount of criminal

collectives forming and disbanding in a constant game of hide and seek.

Individually, the indictments are a win, but with the ease and prevalence

of online hacking tools and the lucrative nature of buying and selling

through organized Web Mobs, many more will don the black hats as they

continue to cross-over.

The reality of it is that weve only just scratched the surface.

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles