Cybercrime Is funding organized crime

Published 25 July 2007

Cybercrime is so profitable that organized crime is using it to fund its other exploits; U.S. law enforcement receives more cooperation from abroad in fighting back

The trend is clear: Organized crime is moving into the realm of cybercrime, using hackers to run scams and break into systems. Not only that: Cybercrime has been so profitable for organized crime that they’re now using it to fund the rest of their underground operations. “In terms of the risks and rewards, there’s a higher chance of getting more, financially, using the world of computer crime. Organized crime is realizing this,” says Assistant U.S. Attorney Erez Liebermann, chief of the computer hacking and intellectual property section in New Jersey’s U.S. Attorney’s Office. “We have suspicions of organized crime being behind some cybercrime that we’re investigating here. The attorney general has issued reports about organized crime and terrorist links using computer crime, hacking and intellectual property crimes as a way of raising revenue. It’s being used to fund organized crime.”

Analysts at San Diego, California-basedWebsense, a Web security company, reported late last year that the mob was likely to band together more closely with hackers in 2007 to form a more organized cybercrime community. Information Week’s Sharon Gaudin writes that the bolstered online crime cooperative has begun buying, selling, and trading ready-made cyberattack toolkits and exploiting zero-day vulnerabilities. Dan Hubbard, VP of security research at Websense, noted that organized criminals have realized that the Internet has been an untapped resource for earning them profit. As a result, ready-made tools and exploits to steal personal, business, and financial information are the hottest commodities for cybercriminals.

Liebermann noted that new laws now gove prosecutors more tools with which to fight back. “I do not feel handcuffed, no. There is the Cybersecurity Enhancement Act out there, and if it passes, it would enhance penalties and add computer crime to the list of predicate crimes that would give rise to a RICO [Racketeering Influenced and Corrupt Organizations Act] charge.”

Liebermann also said thatthe United States is becoming more and more able to chase down and prosecute cybercriminals, organized or not, even if they are out of the country. Until recently, launching hacking or denial-of-service attacks from outside U.S. borders was enough to keep criminals beyond the long arm of the U.S. law. This reach, though, is lengthening. “It presents a special problem, not just for the U.S. but … other countries have recognized that this is a problem,” Libermann added. “Previously, getting information was a problem. It was a more laborious process to get that information without skipping any steps or taking any roundabouts. Other governments are able to work faster, using the same tools we previously had to get the information back on a more efficient basis. We can pick up a phone with a list of countries, like the United Kingdom or Israel, and have a live body. It’s a good list of countries.” Botnet herders shift to new servers again and again and again. “If you identify a server but it takes months to get information from another country, the chance of getting any information on this is very slim. If the cooperation is immediate, the chance of getting information is much better. It’s a recognition that computer crime has no boundaries,” Libermann concluded