Though the FBI is gradually making progress in prosecuting online criminals, the agency is still waiting for a major, newsworthy case like the Enron scandal to bring cybercrime to the forefront of public attention. Only after such an event could the necessary reforms be made to allow authorities to effectively battle online criminals, FBI special agent Shana Boswell-Crowe said.

Uniting Fault-Tolerance with Redundancy: Discover how Dataside was able to deliver a secure and reliable secondary load-balanced data center site to meet the needs of a major financial institution.

Quote:

Fighting cybercrime requires an Enron-like scandal to Force the Hand of Legislators The FBI argued Friday.

Only after such an event could the necessary reforms be made to allow authorities to effectively battle online criminals, according to FBI special agent Shana Boswell-Crowe.

"My theory is that computer crime is kind of like white collar crime before Enron," Boswell-Crowe said during a presentation at the McAfee Latest News about McAfee Avert Labs Day in Mountain View, Calif.
'Large Event' Needed

"White collar crime used to be the bank [employee] sifting some money off, or some corporate guy who was going to get rich anyway," Boswell-Crowe went on.

"I do not think that [cybercrime] has had its day. There has not been something that's large enough to generate large-scale awareness. Awareness is increasing, but we have not had that large event that makes people think: 'This is really bad.'"

Boswell-Crowe complained that, while online crimes are committed within seconds, it still takes large amounts of evidence to obtain a search warrant.

There also is no clear legislation that defines when adware is installed illegally. Unless law enforcement officers are able to prove an intent to cause harm, botnet operators can get away with installing adware on computers.

Consumers, in the meantime, are carrying the burden if they become the victim of key-loggers, because they have technically given up their log-in and password TechNet Security Center: Tools & Guidance to Defend Your Network information voluntarily.
Kids First, Pros Next

Boswell-Crowe claimed, however, that the FBI is making progress in tracking down and prosecuting online criminals.

Early cases have mainly involved teenagers looking to make a quick buck, but forgetting to clean up their tracks.

Tracking down professional organized cybercriminals takes more time, but the FBI is building cases against such organized groups.

Boswell-Crowe declined further comment because the FBI does not discuss cases before they are brought before a judge.

© 2006 VNU Business Online Limited (UK). All rights reserved.
© 2006 ECT News Network. All rights reserved.

Source: Tech News World

PARIS — There are no storefronts or corporate headquarters in the cybercrime industry, just savvy sellers in a murky, borderless economy who are moving merchandise by shilling credit card numbers — “two for the price of one.”

“Sell fresh CC,” promised one who offered teaser credit card numbers. “Visa, MasterCard, Amex. Good Prices. Many countries.”

Electronic crime is maturing, according to security experts, and with its evolution, criminals are adopting conventional approaches like supermarket-style pricing and outsourcing to specialists who might act as portfolio managers or computer technicians.

“It’s a remarkable development of a whole alternative business environment that’s occurred over the last couple years,” said Richard Archdeacon, a senior director of global services for Symantec, an Internet security company with 11 research centers around the world. “What’s been so astonishing is the speed with which it’s developed.”

In the United States alone, victims reported losses of $239 million to online fraud in 2007, with average losses running about $2,530. The complaints are recorded by a special Web-based hotline operated by the F.B.I. and the National White Collar Crime Center, a nonprofit corporation focusing on electronic crime.

The most common frauds were fake e-mail messages and phony Web pages, and the crimes were organized from the United States, Britain, Nigeria, Canada, Romania and Italy, according to an F.B.I. report issued last month.

Despite the increasing sophistication and elusiveness of online criminals, judges remain reluctant to order much jail time for computer crime, according to some national law enforcement officials and major companies like Microsoft.

A case in point is Owen Thor Walker, an 18-year-old hacker from New Zealand who pleaded guilty last week to criminal charges arising from his development of a vast international network of individual computers, which he had infected with hidden software, or “malware,” and remotely controlled.

In the parlance of the trade, he was a “bot herder” who offered his “robot network” for hire to a company in the Netherlands, which wanted to covertly install its advertising software.

Walker’s borderless network first surfaced in an F.B.I. investigation of a computer attack in 2006 that caused the crash of a computer server at the University of Pennsylvania. The F.B.I. singled out a Pennsylvania student in the attack who ultimately led investigators to Mr. Walker.

Mr. Walker’s sentencing is scheduled for May, but the judge on the case indicated that he would consider community detention and work release or some home detention for punishment of the teenager, who has Asperger syndrome, a mild form of autism marked by poor social skills and compulsive behavior.

“Most of the time, it’s very difficult for a judge to understand what’s going on and what the risks are,” said Eric Loermans, chief inspector of a Dutch high-tech crime unit.

Mr. Loermans was part of a cybercrime forum in Strasbourg last week that was convened by the Council of Europe to develop guidelines for closer international cooperation between law enforcement and Internet service providers. More than 200 people representing government agencies and private companies from Europe, Africa and the Americas participated in the conference.

Mr. Loermans’s plainclothes high-tech unit now numbers about 25 people, but the police are also developing training programs for everyone on the staff down to the officer on the beat, according to Mr. Loermans.

“Years ago, we saw cybercrime as a speciality,” he said. “Now we have added cybercrime in every form of police training, so we are raising the level of the entire Dutch police force. There’s no crime anymore where there are no digital components built in.”

David Roberts, chief executive of the Corporate IT Forum, which represents 150 companies in Britain, said his group was pressing for a single confidential channel through which corporate security chiefs could report cybercrimes.

April 19, 2008

Yesterday I reported 832 spams to SpamCop and Knujon. For the past 90 days I've been conducting a casual survey of all that spam (several megabytes a day) to try and determine who is sending what. I don't check all the links -- it would be a full-time job. I check those crooks using Google, Geocities or Blogspot redirect pages, as well as any others who are obviously trying to mask the spamvertised entity.

Herbal remedies and Canadian Pharmacy head the scum list with an average 25% of all spam received. But the interesting point is they seldom use the same spamvertised domain in the same 24-hour barrage. In one day's spam the Herbal rememdies crime cartel had 127 ads. They used 67 different domains. As time goes on, they maintain that kind of average -- but the domain names change. This is a clear indication that they are utilizing an ICANN policy known as "domain tasting" -- or more accurately put: domain kiting.

Here's how it works: Unscrupulous rogue registrars utilize a robot to register hundreds or thousands of domains -- but they don't pay for them. Their robots automatically deploy spam, phishing, identity theft or virus pages on the web, and then begin sending millions of spams directing victims to those pages. At the end of the ICANN "tasting" period of five days, the robots DROP the domains. Moments later, they register them again and the cycle starts all over. Most often they end up with many different domains.

Did you ever buy a domain without paying for it?

This is a sophisticated, supposedly legal version of domain squatting, which has been going on since the Clinton administration deregulated domains. (Thank you Bill, Hillary and Algore!) And when you open something as important as domains to a band of unrelated, unregulated internationals along with any jackleg-out-to-make-a-buck on earth, you're just inviting criminal exploitation.

All domains acquired should be paid for immediately at the point of registration. PERIOD. Rogue registrars should NOT be allowed to "taste" (aka "kite") thousands of domains and then release them only to pick them back up again moments later.

If ICANN wants to offer "grace" or "tasting" period, then the purchaser should be required to request and then obtain a refund. Ideally, via the postal service in WRITING to provide a court admissable paper trail with real, valid signatures.

This would weed out the criminal "tasters."

The side benefit to ICANN would be, in effect, a 'loan' to ICANN of the use of hundreds of thousands of dollars for the period of time between registration and refund -- which could amount to a considerable piece of interest.

At that point ALL domain tasting would probably grind to a dead stop -- because the only people "tasting" (kiting) domains are criminals who would never otherwise purchase the domains -- interested only in exploiting and profiteering off the system.

Let anyone who wants a domain -- for testing or otherwise -- PAY FOR IT. Period. If they don't like it or don't use it, then get a refund like the rest of us do.

Then the world (particularly the search engines and those who use them) would be a much better off.

At any rate, this is just one more indication that ICANN should be dissolved and a new, accountable entity put in charge of the domain system.

THE BEST SOLUTION OF ALL

would be for ALL domains to be permanently registered once and ONLY once. If registration lapses, then the domain is DEAD. They would NEVER be released back for reuse -- they would simply cease to exist. This would solve a number of problems now troubling the internet. After a while there would be only legitimate domains in legitimate use. And there would be far fewer domains. Honorable intentions would prevail.

End of story

Fred Showker

Thanks for reading...