Monday, January 29, 2007

Underground Economies

I just read an interesting article[pdf] from a recent issue of ;login:
It begins with an important figure: -$336(mil) was lost to online fraud
in the US last year. In a recent case, a Michigan treasurer fell
victim to a 419 scam and lost county funds!

Keep in mind that the above figure is likely an underestimate.
Identity theft (and similar online crime) is especially strong in
countries where computer skills are high and good job opportunities
low. And what is being done about this problem by credit card
companies, isps, the government, etc. ? "Not much," according
to the two CYMRU Team authors. If predictions are correct, and
I believe they are, these underground economies should experience
a boom in 2007.

This reminds me of a telemarketing call I recently got. It was from
my bank. A sales rep droned on and refused to let me say anything.
It was obvious that he was just reading a script. First, he told me
about the growing threat of identity theft. Then, he said that for a
low monthly fee, my bank would take steps to ensure that my
information (including social security number) would be safe.
So I have to pay extra money have my info guarded? Shouldn't
every possible safeguard be standard for a company I entrust
with my personal information (and money!) Where is the funding,
or even a plan to troubleshoot this situation? [It's likely that my
banks protection does nothing more than take my money. Oh,
and i hung up on the sales rep]

Another example related to this "underground economy"-
I've recently quoted HolyFather, writer of the HackerDefender
rootkit. In an interview, he talked about how hew has done
freelance programming for people who needed various kinds
of malware.

"IDG News: Did you code viruses or Trojans previously? Do
you do other kinds of software development?

HF: I code (mostly) security stuff. I can code Trojans, viruses,
whatever. But I have never coded a virus or Trojan for me. It
was always commercial stuff.

IDG News: Could you explain that more. Commercial for who
or what?

HF: I'm the coder. This means (people) hire me to code something.
I do accept or I do refuse (their) job offers; security stuff (including
trojans/virus/spyware) is what I can code and usually do not refuse
to make. For who? Who needs and pays."

No comments: