Keep Your 40 Acres, Just Send the Mules

I suppose I can boil down my complaints about U.S. law enforcement's attempts to do something effective about rampant and metastasizing cybercrime to two things. The first is that our guys don't have good relations with Russia and other countries that are knowingly harboring the worst criminals. And the second is that they don't have bad relations with those countries--not bad enough to blow the whistle.

Instead, U.S. authorities are the co-dependents in a perennially depressing romance, always thinking that real change in their partner is right around the corner. Think about Lucy holding the football for Charlie Brown.

After spending a couple of vacation days this week at a cybercrime conference aimed mostly at bankers--'cause hey, that's how I roll--I'm still convinced that we are in much bigger trouble than people realize. The Zeus family of financial computer trojans, which are probably on millions of PCs and often escape the notice of antivirus software, is truly impressive. Even if your bank cares enough about you to hand over a gadget with ever-changing one-time passwords, Zeus can intercept them and do other neat tricks, like redirecting you to a "down for maintenance" page while it cleans out your account. It can then do math on the fly so that when you check your balance, it appears to be right where it should be. I'm pretty sure it can walk on its hands while juggling with its feet, but you should check with one of the people who have lost or nearly lost their businesses, like Karen McCarthy. Read the rest

U.S. Mobsters, Behind in Cybercrime, Could Win Tuesday

[image: PartyPoker founder Ruth Parasol]

I know what patriotic Americans reading about the lucrative feats being pulled off by organized cyber criminals in Russia, Ukraine and elsewhere are thinking. Can't mobsters from the good old U.S. of A. compete in today's fast-moving global marketplace?

It's a sad fact that the West is lagging behind in giant-scale Internet fraud. But I don't think we need to lobby for a Five Families bailout just yet, especially if the Republicans capture the House tomorrow and kill Rep. Barney Frank's effort to legalize online gambling.

True, the other side has unfair advantages, including stunningly corruptible business-oriented law enforcement and the lack of a Silicon Valley to siphon off programming talent with high-paying straight jobs. In fact, some countries essentially sport a pre-fabbed mob infrastructure. Even legitimate enterprises typically hire their own mafia patron to negotiate cop-shakedowns and fend off other mobsters wanting handouts, so a greater union is pretty much the natural course of things once a hacking group gets big.

Read the rest

Good news, of a kind, from a dark world

As a fan of BoingBoing dating from a decade ago, when it was delivered on horseback, I wanted to share something positive with fellow readers in my first guest post. Unfortunately, the thing I've been most passionate about in my reporting and writing since 1999--cybercrime and tech security--doesn't lend itself to much that's happy. What I'm offering today is a compromise. It was good news to me personally, and it will be good news to those of you who have my read my book, Fatal System Error. For the rest of you, it won't be pleasant, and I'm sorry about that.

On Friday, I got a Skype message from a longtime source of mine: "My friend got his daughter back." We spoke on Sunday, and I will tell you what I can from that talk. To begin with, though, my source uses the fake name Jart Armin of HostExploit.

Like the people who work at Spamhaus, Jart is one of those people dedicated to tracking the worst cyber gangs who works in anonymity in order to protect himself. I don't like quoting people I can't name, but I did so in the book with Jart because he has done important research and because he is entirely right to be afraid of the people he has been tracking.

To explain that in the book, I briefly told the story of a colleague of Jart's who was investigating mob activity in St. Petersburg, Russia. The colleague made the mistake of working with the local police. Read the rest