RSA 2009: The Elusive Structure of the Cyber-Criminal Economy
Brian Prince writes on eWeek:
As it turns out, stealing credentials is actually the easy part of cyber-theft. The hard part is using them to steal the get away with pilfering bank accounts.More here.
Fortunately for phishers, they have no shortage of help in that regard. This ecosystem of hackers, malware writers and money mules was on full display at this week’s RSA Conference, where researchers described an increasingly compartmentalized hacker underground where thieves can buy subscriptions to online fraud services.
“As soon as you pay for the subscription your Trojan will start being distributed, you will have access to all these machines, you will have access to all of these machines, you will have access to all of the credentials – bank credentials and credit cards – that are being collected by the Trojan you are distributing. But you don’t have to do anything,” explained Uri Rivner, head of new technologies for RSA Consumer Solutions in EMC’s RSA security division.
Subscriptions can cost $300 a month, he said. Renting out networks of compromised computers can cost as little as $23 for 1,000 bots, Rivner said. However that price won’t buy an attacker a monopoly.