FBI lists Top 10 posts in cybercriminal operations
Cybercrime organizations often run like corporations, staffed by experts in specific jobs
Computerworld - WASHINGTON -- Criminal hacker organizations are operating with increasing corporate-like efficiency, specialization and expertise, according to the FBI.
From a business perspective, these criminal enterprises are highly productive and staffed by dedicated people willing to operate worldwide, around the clock "without holidays, weekends or vacations," according to Steven Chabinsky, deputy assistant director in the FBI's cyber division. "As a result, when an opportunity presents itself these criminals can start planning within hours."
"The cyber underground now consist of subject matter experts that can focus all their time and energy on improving their techniques, their goods and services," Chabinsky told an audience today at the FOSE conference, a government IT trade show, held here.
During the presentation, Chabinsky presented a list of the top 10 positions in cyber crminal organizations. They are:
1. Coders/programmers, who write the exploits and malware used by the criminal enterprise. Contrary to popular belief, Chabinsky noted that coders who knowingly take part in a criminal enterprise are not protected by the First Amendment.
2. Distributors, who trade and sell stolen data and act as vouchers for the goods provided by other specialists.
3. Tech experts, who maintain the criminal enterprise's IT infrastructure, including servers, encryption technologies, databases, and the like.
4. Hackers, who search for and exploit applications, systems and network vulnerabilities.
5. Fraudsters, who create and deploy various social engineering schemes, such as phishing and spam.
6. Hosted systems providers, who offer safe hosting of illicit content servers and sites.
7. Cashiers, who control drop accounts and provide names and accounts to other criminals for a fee.
8. Money mules, who complete wire transfers between bank accounts. The money mules may use student and work visas to travel to the U.S. to open bank accounts.
9. Tellers, who are charged with transferring and laundering illicitly gained proceeds through digital currency services and different world currencies.
10. Organization Leaders, often "people persons" without technical skills. The leaders assemble the team and choose the targets.
Patrick Thibodeau covers SaaS and enterprise applications, outsourcing, government IT policies, data centers and IT workforce issues for Computerworld. Follow Patrick on Twitter at @DCgov, or subscribe to Patrick's RSS feed . His e-mail address is firstname.lastname@example.org.
- University of North Florida breach exposes data on 107,000 individuals
- Zeus Trojan bust reveals sophisticated 'money mules' operation in U.S.
- GAO slams White House for failing to lead on cybersecurity
- Man charged with attack on Web site of Fox News' Bill O'Reilly
- Heartland breach expenses pegged at $140M -- so far
- IT contractor gets five years for $2M credit union theft
- Democracy would suffer if Google left China, says MIT panel
- Gonzalez accomplice gets five years for hacking TJX
- Threat of cyberattacks from overseas high, federal IT execs say
- Botnets 'the Swiss Army knife of attack tools'
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Cybersecurity for Dummies eBook This book provides an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success! All Cybercrime and Hacking White Papers | Webcasts