Safety net - Cybercriminals adapt to new security measures

On February 10 2009, Jane's Intelligence Review published an article by Steve Santorelli and Levi Gundert from Team Cymru, entitled "Safety net - Cybercriminals adapt to new security measures". An extract from this article is reproduced below, with permission of Jane's Intelligence Review. JIR subscribers may read the full article on the Jane's web site.

On 16 September 2008, a cybercriminal using the nickname Master Splyntr announced he was closing a forum on the website, saying: "Recent events have proven that despite our best efforts to expel and deactivate the accounts of suspected law enforcement, reporters and security agents, it is obvious that we have not been entirely successful."

The demise of this forum, which had been primarily dedicated to facilitating the communication and trade between data thieves, forgers and fraudsters worldwide, sent shockwaves through the underground economy.

A month later, online criminal networks were further disrupted by a revelation regarding the Darkmarket operation. In late 2008, a German radio station leaked German police documents showing that Darkmarket had been a sting operation, run since 2006 by investigators from the National Cyber Forensics and Training Alliance (NCFTA), an agency funded by the FBI and based in Pittsburgh, Pennsylvania. There had been rumours that this was the case after one criminal noticed some suspicious login activity from Master Splynter, which apparently allowed the FBI to log and analyse every login and discussion on the forum, but the warnings were dismissed.

While the long-term impact of this operation remains to be seen, the infiltration and subsequent use of Darkmarket demonstrates the continuing evolution of law enforcement agencies' efforts to disrupt and at times pre-empt trends within global cybercrime. Historically, the advantage has been with the criminals, as law enforcement bodies have generally reacted to trends in the development of criminal expertise rather than playing a pre-emptive role.

This is in part the result of constant criminal innovation, with new online scams and schemes emerging each year, and also constraints on law enforcement agencies. These constraints include inadequate resources, jurisdiction, training, procedures and legislation as they pertain to online crime. On the rare occasions when suspects are traced and found to be in a country where action will be taken, judicial penalties rarely fit the crime's global impact. Rather than serving as a deterrent, such cases fuel the perception that online crime has a favourable risk-to-reward ratio.

340 of 4,796 words - Read the full article (Jane's Intelligence Review subscribers only)