There was a short story in the Wall Street Journal earlier this week about plans by the US Federal Bureau of Investigation (FBI) to break up the operations cyber criminals are using to convert stolen funds into readily available cash.
According to the WSJ, the FBI is going to go after the "money mules" - i.e., individuals who "receive transfers of stolen funds in their banks accounts." These transfers are made to look legitimate, after which the mules withdraw the money and send it the cyber criminals, usually in another country.
Some people become mules on purpose, while others are tricked into becoming them, says the WSJ article.
"Criminals often advertise for logistics positions on job-listing Web sites like Monster.com or Careerbuilder.com to appear legitimate. While the listing companies work to ferret out criminal postings, they can't catch them all, and some desperate job seekers apply for these positions, " the WSJ article says.
Brian Krebs, a Washington Post reporter who covers the IT security beat, wrote a detailed story in 2008 about how a person can easily be tricked into becoming a money mule, and the significant risks involved. If you have a chance, read his story.
The FBI is skeptical that people actually believe that these are legitimate jobs, however.
In fact, the FBI hopes that some high profile prosecutions will inform the public of the problem, and deter individuals who might otherwise be tempted from being so enticed.
The WSJ article also says that the FBI is currently working on over 250 cases of cyber crime.
In related news, a ComputerWorld article reports that a single Eastern European gang Anti-Phishing Working Group (APWG) security researchers have code-named "Avalanche" was responsible for about two-thirds of all the phishing scams in the second half of 2009. The information is contained in a new APWG report.
There was no mention in the WSJ report on how many of those 250 FBI cases are related to phishing.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.