[Infowarrior] - Cybercops Without Borders

[Richard Forno]

(c/o S.T)
http://www.forbes.com/2009/06/01/cyberbusts-security-internet-technology-security-cyberbusts.html?partner=links

Cybercops Without Borders
Andy Greenberg, 06.01.09, 06:00 PM EDT


For years, cybercrime has been moving to Eastern Europe and Asia. Now  
U.S. law enforcement is following it.

  The Year's Most Notorious Cyberbusts Glancing at his file, there's  
little in the case of 23-year-old Ovidiu-Ionut Nicola-Roman to  
distinguish him from the average cybercriminal. Beginning in 2005, he  
was a member of a massive "phishing" scheme that harvested millions of  
e-mail addresses from the Web and used a program called "E-mail Sender  
Express" to barrage those addresses with spam messages at a rate of  
around 30,000 an hour.

Those e-mails lured users to Web sites that impersonated banking pages  
requiring account information, realistically spoofing businesses like  
Wells Fargo ( WFC - news - people ), Regions Bank, Charter One and  
PayPal. The scheme brought in thousands of credit card numbers and  
PINs, each of which was used to siphon off cash from ATMs at a rate of  
as much as $1,000 per card.

All of those tactics follow the typical playbook of modern malicious  
hackers. But Nicola-Roman holds a distinction nonetheless: In March,  
he became the first foreigner to be extradited to the U.S. and  
convicted of phishing.

In Depth: The Year's Most Notorious Cyberbusts
For years, profit-motivated cybercrime has been exploiting the  
geographic flexibility of the Internet, migrating from the U.S. and  
Western Europe to Eastern Europe and Asia, where digital crimes are  
equally lucrative and far harder to prosecute. But over the last year,  
U.S. law enforcement has been increasingly willing to follow  
cybercriminals to those far-flung destinations, both to help local  
authorities track down and arrest cybercriminals and to extradite them  
into the American legal system.

Though the U.S. Department of Justice doesn't track cybercrime  
statistics--domestic or international--department officials insist the  
number of computer crime prosecutions that reach beyond U.S. borders  
is on the rise. "Unquestionably, we're seeing an increase in the  
international cases of cybercrime and intellectual property crime,"  
says John Lynch, the deputy chief of the Department of Justice's  
Computer Crime and Intellectual Property Section (CCIPS). "As a  
result, we're increasingly cooperating with our international partners."

The dismantling of the phishing scheme involving Nicola-Roman is an  
example of American law enforcement's increasingly cozy relationship  
with foreign cybercrime investigations. Along with the 23-year-old  
Nicola-Roman, authorities arrested 37 other members of that  
cybercriminal ring last May. Those globally dispersed defendants were  
based in countries stretching from the U.S. to Romania to Pakistan.

Nicola-Roman, who was sentenced in March to 50 months for his role in  
the scheme, may have merely been unlucky: He was arrested and  
extradited to the U.S. during a trip to neighboring Bulgaria. But the  
29 other Romanians arrested in the case are likely to follow close  
behind. On May 8, U.S. Secretary of State Hillary Clinton and Romanian  
Foreign Minister Cristian Diaconescu announced that they had signed a  
Mutual Legal Assistance Protocol, along with an extradition treaty  
between the U.S. and Romania.

U.S. law enforcement's renewed focus on international cybercriminals  
officially began in April of last year, when then-U.S. Attorney Gen.  
Michael Mukasey told an audience at the Center for Strategic and  
International Studies that the country needed to launch a new program  
of cooperation between governments to stop cybercrime.


"We will step up what we are already doing with our international  
partners to get these criminals wherever they hide," he said. "We have  
people assigned overseas who train and help our counterparts, to  
strengthen law enforcement efforts around the world. International  
borders pose no hindrance to criminals, so we're making sure those  
borders do not pose an obstacle to effective enforcement."

That initiative has yielded several high-profile results. Less than a  
month after the arrest of the 38-person Romanian phishing crew,  
Spanish officials granted the extradition to the U.S. of another  
Romanian, 22-year-old Sergiu Daniel Popa, who was accused of running  
his own phishing ring and of possessing equipment for manufacturing  
false credit cards.

In August, the FBI indicted 11 members of a sophisticated retail store  
hacking organization with elements based in the Ukraine, Estonia,  
China and Belarus. One, Ukrainian Maksym Yamstremskiy, was extradited  
to the U.S. while on vacation in Turkey, and Aleksandr Suvorov, an  
Estonian, was extradited from Germany.

That international retail hacking ring, which the U.S. Department of  
Justice says stole tens of million credit card numbers, was no  
ordinary cybercrime operation. Beginning in 2005, the widespread  
organization used a technique known as "wardriving"--testing wireless  
networks for security vulnerabilities--to identify targets. When  
members found that retailer TJ Maxx, for instance, used an outmoded  
and easily hacked wireless standard, they broke into the store's  
network from a car in its parking lot and stole more than 45 million  
credit card numbers, by the company's account. The trick was repeated  
at other retailers and restaurants including Boston Market, Dave &  
Busters and Sports Authority.

But even as law enforcement has toppled major identity theft schemes  
around the world, there's no indication those initiatives have slowed  
international cybercrime's steady growth. According to an April study  
from Gartner Research, more than 5 million Americans lost money to  
phishing schemes in 2008, a 40% increase from the year before,  
although the average amount lost in each scam decreased, largely due  
to strengthened bank safeguards.

Spam e-mail volumes, which dropped nearly 75% after the shutdown of  
the notorious Web host McColo last November, have staged a comeback.  
According to a May report from Symantec ( SYMC - news - people ), spam  
accounted for 90% of all e-mails and grew 5% between April and May.

Targeted data thefts, like the kind performed by the TJX ( TJX - news  
- people ) hackers, are also on the rise. The Identity Theft Resource  
Center reported in January that 2008 saw 646 data breaches, a 47%  
increase over the year before. And later that month, credit card  
processing company Heartland Payment Systems revealed that it had been  
targeted by seemingly international hackers who had planted malicious  
software on its systems, exposing as many as 100 million customers'  
accounts--perhaps the largest breach to date.

Those numbers show that law enforcement alone can't stop the growing  
ranks of cybercriminals, says Dave Jevans, chairman of Anti-Phishing  
Working Group, a cybersecurity industry consortium. "We're starting to  
see more international prosecutions, getting more international  
cooperation. But is there less cybercrime? No. Is it less  
sophisticated? No," Jevans says. "The problem is getting worse."

Even with international partnerships, Jevans points out, the feds  
haven't been able to capture the so-called Russian Business Network  
(RBN), a syndicate of organized cybercriminals thought to be based in  
St. Petersburg. In recent years, the shadowy RBN is suspected of  
becoming a hub for online crimes ranging from phishing to child  
pornography, and is suspected to have created the Storm worm that  
infected millions of computers in 2008.

That means American law enforcement needs to cooperate not just with  
foreign governments, but with the private sector, Jevans says-- 
leveraging the analysis of cybercrime within information security  
companies like McAfee ( MFE - news - people ), Symantec or other tech  
firms.

"In the cybersecurity industry, companies are gathering and analyzing  
massive amounts of information tracking crimes and learning patterns.  
We have to share that information with banks and with law  
enforcement," Jevans says. "Arresting people alone may be a deterrent,  
but it hasn't made a measurable impact in reducing the scope of the  
problem."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://attrition.org/mailman/private/infowarrior/attachments/20090602/f87588e1/attachment-0001.html