Slang of the Crimeware Hackers
Professional hackers are forming new specialized crime-software syndicates, complete with their own illegal lexicon.
If you needed any proof that electronic crime and identity theft on the Internet are increasing, consider the words of Charles Cote.
"In 2006, it was more financially rewarding in the United States to trade in illegal financial information than to sell drugs," he told the Australian MediaConnect Kickstart conference this week.
Cote, the Country Manager for Fortinet Australia, providers of Universal Threat Management (UTM) security solutions, believes that professional hackers are forming new specialised crime-software syndicates, complete with their own illegal lexicon.
These new ad-hoc networks combine specialists in a variety of areas to provide the raw materials needed for e-crime and identity theft. Around the fraudulent activity known as "carding", criminals use a variety of methods to attain and then re-sell stolen financial information to other operators who specialise in taking advantage of it.
The cast of a "Carding" job
The motley gangs of criminal specialists each have a unique slang word to describe their underhanded job titles.
The "Coder"
The coders are your classical hacker types, programmers and authors of crimeware, viruses and code used for criminal purposes. "These are people who are 20-25 years old, probably self taught and able to write code," said Cote. Coders write viruses and sell them three to five thousand American dollars apiece. Coders use the now old-fashioned IRC (Internet Relay Chat) to communicate secretly.
The "Phisher"
Phishers are a specialised kind of online criminal who set up elaborate stings to capture personal financial details, identity information, anything that could be used to bolster their fraud act. They are known for setting up exact duplicates of online banking sites in order to capture people's login details. Phishers also use spyware programs (which may log your keyboard keystrokes), or set up scanners on ATM machines that capture people's debit card details and PIN number.
The "Kids"
Kids are obviously younger people who have become involved in the e-crime marketplace. "These are 15-18 year olds, who trade in stolen information. “They'll sell a block of up to 5,000 credit card numbers. They'll make a number of two cent or five cent transactions to test them. And if one of those hits, they're laughing," said Cote.
The "Mobs"
In this sample criminal network, these characters are the shadiest. Long-term organized criminals, they put up the money for these illegal operations and carry out the fraud required to empty fat bank accounts. "They are the financiers," says Cote. "They will fund the $1,000 to buy the 5,000 credit cards (or personal banking information). If five of those work, they could withdraw tens, hundreds of thousands of dollars."
"E-Gold"
E-Gold is an online web service for money transfers, which is quick and easy to use. This ease of use has made e-gold the conduit of choice for shifting stolen cash, according to Cote. "E-gold does not condone any illegal activity, but they are essentially a very convenient service for money laundering," he said.
The "Drop"
At the end of the carding chain, stolen money is transferred to complicit individuals’ personal accounts. "This is where Western Union and E-gold come in," says Cote. "The drop is someone who provides their personal information to launder the money." In a typical scenario, the drop may withdraw the transferred money as cash, walk across town and then liquidate the cash with a quick and simple service such as Western Union's money transfers. The money is then wired to an account in a country such as Latvia, or a third world state which does not have extradition agreements, and the recipient withdraws the cash.
Law enforcement agencies are virtually powerless to pursue these criminals outside their jurisdiction, and the magnitude of these crimes generally do not warrant further action. What kind of recourse do these victims of identity crime have? "The banks do usually take care of people," said Cote, referring to established insurance policies that cover the losses.
Fortinet's Universal Threat Management system is a hardware and software combination that combines a typical distribution of security functions into one of their hardware security terminals, called Fortigates. The entry-level Fortigate 50 system, costing $3,000-$4,000 Australian dollars can service from 25-50 people and can be situated at the network's DMZ (demilitarised zone). Running an operating system called FortiOS, the advantage of a system like this is that it is faster than a software-based system, according to Cote. "Software-based solutions are inherently slower," he said.
Thoughts on this article? Add a comment below.
Be the first to comment on this article.