Saturday, October 24, 2009

FBI & SOCA Plot Cybercrime Smackdown

Via The Register UK -

The FBI and the UK’s Serious and Organised Crime Agency have drawn up a program for dismantling and disrupting cybercrime operations. The effort relies on a better understanding of the business models of carders, malware authors and hacker groups which have increasingly come to resemble those of legitimate businesses.

The three prong strategy aims to target botnet and malware creators, so-called bullet-proof hosting providers that offer hosting services to cybercrooks, and digital currency exchanges. Digital currency exchanges such as WebMoney and Liberty Reserve are central to the operation of the black economy, according to Andy Auld, head of intelligence at SOCA’s e-crime department.

During a keynote presentation at the RSA Europe Conference, Auld and FBI special agent Keith Mularski used the Russian Business Network (RBN) cybercrime network as an example of the type of criminal enterprise they were targeting. The now disbanded group used an IP network allocated by RIPE, a European body that allocates IP resources, to host scam sites, malware and child porn.


The RBN – described as a purpose-built criminal ISP – allegedly paid off local police, judges and government officials in St Petersburg.

"This was a well organized organization not a cottage industry,” Auld explained. “RBN was the e-crime component in a wider criminal portfolio.

“There were strong indications RBN had the local police, local judiciary and local government in St Petersburg in its pocket. Our investigation hit significant hurdles.”

Auld said that although western law enforcement efforts were frustrated, the group was put under surveillance for a short time, during which the group travelled around the Russian city in an Armoured Audi A8 that was always escorted by a Range Rover.

As the heat was turned up on RBN, the group applied a disaster recovery plan, activated in November 2008. However, foreknowledge allowed the FBI and SOCA to shut down new systems before RBN was able to complete its migration.

“All we achieved was disruption, not a prosecution,” Auld explained. “We believe RBN is back in business, pursuing a slightly different business model.”


SOCA and the FBI intend to infiltrate groups or cultivate inside sources. The law enforcement agencies will also go after the money by targeting electronic exchanges that are used to transfer funds between criminals. Working with internet governance organisations, such as groups that allocate IP addresses to crooks without realising that the address space will be used for cybercrime, also form part of the clampdown.

The two law enforcement agencies also want to encourage the targets of cybercrime to improve their security while going after locations where crackers upload and store stolen data.

“Traditional policing is reactive,” Auld explained. “Cybercrime enforcement, by contrast, has to be pro-active.”

No comments:

Post a Comment