Cyber Risk Review

Today's San Jose Mercury News has published Part 1 (registration may be required) of a three-part series on organized cybercrime, often based in Russia, and the widespread use of botnets to steal your identity and money. It also has an engaging slide show on internet crime, along with an interview with Dave DeWalt, the new CEO of McAfee.

The series coincides with the news reported today at the Dark Reading website that a "New York grand jury has indicted 17 people and a corporation on charges of identity theft, worldwide trafficking in stolen credit card numbers, and other crimes committed using the Internet." Those indicted, several with apparent ties to Russia, are said to have trafficked in more than 95,000 stolen credit card numbers and caused more than $4 million in credit card fraud

For those who are interested in this subject, as part of the article I wrote in this month's IEEE Spectrum on Open-Source Warfare, I interviewed Tom Kellermann on how terrorists are using the Internet for money laundering, fundraising, and identify theft. Kellermann was a member of the Treasury Security Team at the World Bank, where he advised central banks on monitoring illicit online activity. Heâ''s currently vice president of security awareness at Core Security Technologies, in Boston.

Tom pointed out, as did Mercury News story, that there is this large and growing underground economy where you essentially can hire software mercenaries to build code to attack a targeted system and to data mine that system for your own use. In this community, a perverse "Robin Hood" mentality prevails: steal and take what you can or barter what you find so that you can support your efforts in the real world.

Reading the Mercury News article and Tom's interview can be disconcerting to say the least. If you wish to stay worried or become slightly paranoid, do a daily read of the Dark Reading website. After about a week, it makes you wonder why anyone, including yourself, ever signs onto the net.


Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Robert Charette
Spotsylvania, Va.
Willie D. Jones
New York City