Advertisement
<a href="http://abaca.com/free_trial.html"><img src="/a-ab/missing.gif" /></a>
  • About the Author
  • About this Blog

    • Posts Tagged: RSA

    A Little Sunshine / The Coming Storm / Web Fraud 2.036 Comments
    17
    Mar 10

    Researchers Map Multi-Network Cybercrime Infrastructure

    Last week, security experts launched a sneak attack to disconnect Troyak, an Internet service provider in Eastern Europe that served as a global gateway to a nest of cyber crime activity. For the past seven days, unnamed members of the security community reportedly have been playing Whac-a-Mole with Troyak, which has bounced from one legitimate ISP to the next in a bid to reconnect to the wider Internet.

    But experts say Troyak’s apparent hopscotching is expected behavior from what is in fact a carefully architected, round-robin network of backup and redundant carriers, all designed to keep a massive organized criminal operation online should a disaster like the Troyak disconnection strike.

    Security firm RSA believes Troyak is but one of five upstream providers that encircle a nest of eight so-called “bulletproof networks” – Web hosting providers considered impervious to takedown by local law enforcement (pictured in red in the graphic below). RSA said this group of eight hosts some of the Internet’s largest concentrations of malicious software, including password stealing banking Trojans like ZeuS and Gozi, as well as huge repositories of personal and financial data stolen by these Trojans and a notorious Russian phishing operation known as RockPhish.

    Continue reading →

    A Little Sunshine / Target: Small Businesses / The Coming Storm37 Comments
    9
    Mar 10

    Cyber Crooks Leave Traditional Bank Robbers in the Dust

    Organized cyber criminals stole more than $25 million from small to mid-sized businesses in brazen e-banking heists in the 3rd quarter of 2009 alone, federal regulators said last week. In contrast, traditional stick-up artists hauled less than $9.5 million out of U.S. banks over that same time period last year.

    Speaking at the RSA Security Conference in San Francisco last week, David Nelson, an examination specialist with the Federal Deposit Insurance Corporation (FDIC), said online banking attacks against small businesses of the sort I have chronicled countless times over the past year netted thieves $25 million between July and September of 2009.

    I wondered how that stacked up against real-life bank robbers here in the U.S., so I had a look at the FBI‘s published bank crime statistics for that same time period last year. Turns out, traditional bank robbers committed a total of 1,184 bank robberies during those three months, netting slightly more than $9.4 million (including $3,071 in travelers checks).

    In fact, real-life bank robbers stole a total of just over $30 million in the first three quarters of 2009, just $5 million more than cyber crooks did in the third quarter of last year alone.

    Small wonder that the haul from cyber bank robberies has overtaken that of physical heists:  Cyber thieves take far fewer risks to life, liberty and limb than do real-life bank robbers. In that same three month period last year, the FBI says bank robberies at bricks-and-mortar institutions caused five deaths — all them perpetrators of the crime.

    What’s more, the perpetrators of these incessant attacks against small businesses banking online for the most part reside in countries that are traditionally beyond the reach and influence of U.S. law enforcement. Sure, bank robbers occasionally kill people (more often themselves) while they’re stealing your money, instead of silently lifting it out of your bank account from afar like cyber thieves. That alone makes them a more emotional high-value target for the feds. But let’s face it: Traditional stick up artists are a lot easier to collar. For one thing, by necessity they are all here in the United States.

    In addition, while traditional bank robbers are limited to the amount of money they can physically carry from the scene of the crime, cyber thieves have a seemingly limitless supply of accomplices to help them haul the loot, by hiring so-called money mules to carry the cash for them.

    Continue reading →

    Other30 Comments
    4
    Mar 10

    Krebsonsecurity Author Twice Honored

    There is perhaps no greater compliment than to have your most esteemed peers recommend your work.  I am now blogging from the RSA Conference in San Francisco, and over the past two days krebsonsecurity.com has received two peer recognition awards, one from the SANS Institute – among the nation’s top security research and training groups – and another from the Security Bloggers Network, an organization that has sought to recognize blogs that provide valuable content on computer security issues.

    The SANS Institute polled 75 cybersecurity journalists and asked them to rank the top peers in their field. True to form, I showed up late to the awards ceremony on Tuesday, and Alan Paller, director of research for SANS, called me up on stage and said I’d received twice as many votes as the next guy in the contest, Robert McMillan, a reporter whose work is almost certainly the most widely syndicated and quoted of virtually anyone in this industry. Likewise, I am proud to have shared this honor with reporters whose work I recommend and admire, including USA Today’s Byron Acohido, Wired.com’s Kim Zetter, as well as Dan Goodin from The Register.

    In related news, the delegates who were party to the Security Bloggers Awards at RSA this year picked krebsonsecurity.com as the top “non-technical security blog.” Somehow, I managed to show up late for this as well. Again, it was wonderful to have been nominated alongside security bloggers such as Taosecurity’s Richard Bejtlich, and security curmudgeon-in-chief Bruce Schneier.

    Newer Entries →