Cyber Crime might have been begun as an attempt at gaining egotistical rights and infamy through high-profile website attacks and viruses, but now it has turned out to be a profession. Today the threats are targeted, detached, and the only purpose behind launching a cyber attack is to make money.
The cyber criminals steal your money and information from the comfort of their own homes, potentially plundering a hefty amount of money with a little effort. The demographics of a classical cyber criminal have not remained the same which they were twelve years ago and are witnessing a rapid makeover.
The game is not just limited to crackerjacks, and even the people with comparatively low technical skills steal thousands of dollars without leaving their homes. The cyber crime world is dominated by the individual and small groups. However, large organized crime groups also capitalize the internet.
The cyber criminals can trade drugs to make more money with far less risk then the traditional drug smugglers. It is the only time when cyber criminals need to leave their PC for cash collection, but sometimes they even don’t need to do so.
The rose of cyber crimes is inseparably associated to the pervasiveness of online bank accounts and credit card transactions. This financial data can be pinched clandestinely, through a process of virus-driven automation – with callously competent and purportedly never-ending frequency.
The cyber criminals exploit a selection of methods, each involving their own relative combinations of skill, risk and expense, to obtain the credit card/bank account. Often the cyber criminals not fit a specific profile and through proxies and spoofing, they can effectively conceal their tracks. Usually they do not rely upon the same tactics and change them at regular intervals. They also have the proficiency in hiding their malicious code and tools through obfuscation.
Buying the ‘finished product’ is the simplest way for the cyber criminals to conduct their deed. Here I’ll use the example of an online bank account. The product acquires the information needed to get authorization over bank account having a six-figure balance. This information can be obtained in turn of $400. Remember that the deals of cyber criminals are always carried out in dollars.
$400 may sound like a modest amount, but considering the work involved and risk, it is a sufficient amount for the criminals who provide the details. Here it is also worth mentioning that usually this kind of cyber criminals belong to the poor countries in South-East Asia, South America or Eastern Europe. IRC (Internet Relay Chat) chatroom is usually the souk for this transaction.
Based upon level of crime, expertise and the money pinched, these protagonists of the crime community are divided into three main categories.
Coders – these individuals are the master blasters of hacking community with several years experience in the sculpture. Equipped with the list of established contacts, ‘coders’ create tools, such as mailers and Trojan, or service used in cyber crimes. For every criminal activity they are connected with, the Coders make several hundred to several thousands dollars.
Kids – these individuals are hailed as the labor force of crime community and they are usually the teenagers. They purchase, trade and resell fundamental elements of cyber scams such as proxies, hacked hosts, php mailers, credit card numbers etc. Like coders, they these so-called infants could not steal hefty amount and earn upto $100 a month.
Drops – the job of drops is to convert the ‘virtual money’ earned through cyber crime into cash. They feature the ‘safe’ address for the items bought with the information theft to be delivered, or else ‘safe’ valid bank accounts for cash to be transferred into illegitimately, and paid out for legitimately. Drops are usually from the countries where e-criminal laws are slack such as Malaysia, Indonesia and Bolivia.
Today most of the cyber criminals relay upon the phishing tools to gain the control of a bank account. There are several other techniques also used in cyber crimes but due to limited space, they couldn’t be fully explained here.
The phishing tools can be attained economically. What it entails is a scam page or scam letter, a fresh spam list, selection of php mailers’ for spamming out 100,000 emails, a hacked website to host the scam page for some days, and lastly, a theft but valid credit card for registering a domain name for the website.
By sending out 100, 000, a cyber criminal can earn $60 in six hours. This sort of phishing tactic, unearth 15-20 bank accounts. If the criminal merely sell the information to his counterpart, he’ll get a market value of $200 – $2,000 in e-gold. The ROI (return of investment) could fluctuate but involving the ‘drops’ to cash the virtual money ensure better returns. The drops may slash the up to 50% of the worth of account as their ‘commission’.
Due to the risks involved and the subsequent police factor, the pishers often distance themselves from the loot and avail the services of serial drops who are not acquaint to each other. In bigger operations, offshore accounts are perpetually used to mount up the criminal plunder despite of their stark expensiveness due to ultimate safety.
The comparison between cyber crime and illegal narcotics business reflects the illustration of the daunting competence of cyber criminals. One is quicker, more profitable and less risky while the other is long-term, violent, less productive and extremely treacherous.
Companies are spending billions of dollars in terms of anti-virus and anti-spyware solutions, intrusion prevention devices and other security tools to keep their nodes protected from viruses, bots worms and Trojan attacks, but despite of their all of their measures, the security violation is consistently increasing.
What is needed to war against cyber crime is the consolidation of strong international digital legislation and of cross-border law enforcement synchronization. However, the organizations those are targeted by the cyber criminals should be more inventive and quick-responsive. For building a strong security infrastructure they should opt to deploy the multi-threat security systems, instead of installing, managing and maintaining malicious security software and complementary devices.