X

Cyber-capos: How cybercriminals mirror the mafia and businesses

Finjan report shows how cybercriminals offer "crimeware-as-a-service" and have a hierarchy like the mafia.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
See full bio
Elinor Mills
2 min read

Cybercrime, the harvesting and sale of credit card and other data for online fraud and theft, is a "shadow economy" that mimics the real business world in its practices and the mafia in its structure, according to a new report from security firm Finjan.

"The current cybercrime organizations bear an uncanny resemblance to organized crime organizations such as 'La Cosa Nostra,'" concludes Finjan's Malicious Code Research Center's Web Security Trends Report for the second-quarter of 2008 (survey required before downloading the 21-page report).

This diagram shows the organizational chart of a typical cybercrime group. It is very similar to the structure of another type of criminal enterprise, the mafia, according to a Finjan study. Finjan

There's a boss that heads up the organization for both the cybercrime gang and the mafia. The boss does not commit the crimes. Under him is the "underboss" who manages the operation, providing the Trojans for attacks.

Underneath the second-in-command are several "capos" or "campaign managers" who have their own "affiliation networks" perform attacks and steal data, just like "soldiers" do the "dirty work" in the mafia. "Resellers" similar to "associates" in the mafia, trade, or "fence" the stolen data.

The business of cybercrime has evolved from auctioning vulnerabilities online to the highest bidder in 2006 to creation of "one-stop-Crimeware-shops" where hackers sell toolkits to less tech-savvy attackers in 2007. The toolkits have gotten more sophisticated and providers are even now offering "Crimeware-as-a-Service," ala the Web's software-as-a-service model, the report says.

Cybercriminals have even built into the systems ways for buyers of credit card numbers to do real-time verification of the data to see whether it has expired, said Paul Ferguson, an advanced threats researcher at security firm Trend Micro.

"It's become very professionalized...a cradle-to-death software life-cycle regime, just like The Sopranos," Ferguson said in an interview in May. "They are pushing the money up the tree. It's a multitrillion-dollar enterprise...It's not just a kid in his basement anymore."

While inflation is raising prices in the real world, prices for credit card numbers and bank accounts with personal identification numbers have dropped from $100 or more to $10-$20 each, according to the report. (McAfee Avert Labs discovered a price list of its own earlier this year.)

Finjan also has located crimeware servers, where stolen data is stored, that function as "drop zones" of organized attacks and interviewed resellers of data to find out how the system is structured and how it works.

This diagram illustrates the operations of a crimeware server, showing the flow of crimeware and revenues forming a "closed " business loop. Finjan