Hackers Becoming Mafia-esque

From Yahoo Article

Cybercrime is evolving. The lone hacker who steals and resells credit card numbers is being replaced by a well-structured business model. The game is no longer simply about hacking for fame, but rather about creating a business where you have frequent customers who buy your stolen product. The latest research report from web security company Finjan gives a peek at what exactly is going on.
Related Stories

* JavaScript worm from late 2007 happily frolicking in 2008

The company's second quarter 2008 report is based on data from its Malicious Code Research Center (MCRC), which specializes in the detection of dangerous vulnerabilities that could be exploited for malicious attacks. According to Finjan, "cybercrime activities on [the] Internet are booming as never before." The company's employees, masked as potential customers, did some digging while talking to cymbercrime affiliates, and their research showed how the market for pilfered data has evolved over the past couple of years.

In 2006, vulnerabilities were being sold online to the highest bidder. Last year, software packages that provided various ways of attacking websites and stealing valuable data were sold by professional hackers. These toolkits started to contain multiple exploits for new vulnerabilities and became more sophisticated, including update mechanisms for new software flaws and Trojans that adapt to the country of the victim. By the first quarter of this year, criminals began to log into their "data supplier" and could download any information need for their illegal activities.

Now, Finjan claims the situation has gotten even worse. Cybercrime companies that work much like real-world companies are starting to appear and are steadily growing, thanks to the profits they turn. Forget individual hackers or groups of hackers with common goals. Hierarchical cybercrime organizations where each cybercriminal has his or her own role and reward system is what you and your company should be worried about. Targeted attacks against financial institutions, enterprises, and governmental agencies, coupled with excellent management of stolen data, makes these "businesses" highly successful, and makes any organization using the Internet vulnerable.
Bosses, underbosses, and capos

The hierarchy of the digital mob. Image credit: Finjan

Finjan describes the employee structure that these cybercrime companies employ as being similar to the Mafia. In both cases, there is a "boss" who operates as a business entrepreneur and doesn't commit the (cyber)crimes himself, with an "underboss" who manages the operation, sometimes providing the tools needed for attacks. In the Mafia, several "capos" operate beneath the underboss as lieutenants leading their own section of the operation with their own soldiers, and in cybercrime, "campaign managers" lead their own attacks to steal data with their "affiliation networks." The stolen data are sold by "resellers," similar to the Mafia's "associates." Since these individuals did not partake in the actual cybercrime, they know nothing about the original attacks. They do, however, know about "replacement rules" (for example, stolen credit cards that have been reported) and other company-specific policies, just like the sales representatives you talk to in your average store.

Commodities (stolen credit cards and bank accounts) are priced low, while prime articles (stolen healthcare related information, single sign-on login credentials for organizations, e-mail, and FTP accounts) are much more expensive. Not too long ago, credit card numbers and bank accounts with PINs were selling for $100 or more each, but prices have since dropped to $10-20 per item.

Successful attacks can cause long-term damage to the company's victim: loss of valuable data, loss of IP, loss of productivity, impact on profits or stock price, brand damage, law suits, and class actions. Finjan suggests deploying innovative security solutions (such as real-time content inspection) designed to detect and handle recent threats. These solutions analyze and understand what the code intends to do before it does it, without relying on signature updates or databases of classified URLs, therefore assuring that malicious content will not enter the network, even if its origin is a highly trusted site. It's not a surprising suggestion, given that Finjan offers such products, but that said, the company's 21-page report is an informative read, although you'll have to fill out a survey to gain access to it.