Security Experts:

The Optimist's Cybercrime Predictions for 2011

It's Not ALL Doom and Gloom - The Optimist's Cybercrime Predictions for 2011

The end of the year is a great opportunity for security companies and experts to write predictions on what is most likely to happen during next year. In many cases, these predictions can be summed up in “next year is going to be much worse, we’re all doomed, and you’ll have to invest more money if you want to defend your assets from the bad guys”.

The Optimist's Cybercrime Predictions for 2011With that said, I have my own predictions for 2011. Next year is going to be much worse, we’re all doomed, and you’ll have to invest more money if you want to defend your assets from the bad guys. I say that not because I work for a security company, but because it’s most likely true – the fraudsters are working very hard to up their ante and developing new tools and techniques that will make it harder for the good guys to detect them. After all, they are highly motivated and for the right reasons – money.

Yet, not everything is getting worse in the fight against cybercrime. There were some positive trends over the last year that are most likely to carry on into 2011. So, instead of the doom and gloom prophecies out there – here is a list of optimistic predictions for 2011.

Awareness is rising

Security companies can invest large sums of money to invent new solutions and improve their existing ones, but if nobody implemented them, they wouldn’t do any good. This past year was pivotal in enhancing awareness of threats in certain fields, one field in particular.

In the beginning of 2010, Google revealed that it was a target of a cyber-attack originating from China. Other organizations later followed and reported that they, too, were victim of this attack. Dubbed “Operation Aurora”, it singlehandedly brought to the limelight the danger of Advanced Persistent Threats (APT) to organizations.

The term APT is used to describe an attack that is launched with the purpose of obtaining intelligence from an organization (or individual) in a persistent matter -- usually done with malware. The “Advanced” part doesn’t refer to the sophistication of the malware, but to the logistical operation backing the Trojan and its injection to the targeted organization. Stuxnet, a worm that was discovered later in the year, only added fuel to the fire as it attacked systems that monitor and control industrial processes.

It’s safe to assume that “Operation Aurora” was not the first APT-style attack, nor will it be the last. However, APTs went from obscure threats that CISOs didn’t lose much sleep over, to a real and present danger. Had it not been for the “outing” Google did to “Operation Aurora”, the groups behind APT-style attacks would have been able to continue siphoning information from organizations in peace without even making anyone aware of the possibility that such threats exist.

Law enforcement is getting better

While cybercriminals are getting better, the law enforcement community isn’t exactly standing still. The proliferation of cybercrime has really put it in the crosshairs of various agencies from all over the world who are now investing a lot of effort going after these criminals.

As law enforcement agencies learned years ago, investigating cybercrime cases and prosecuting the individuals responsible possess unique challenges. Cybercrime is global. A fraudster in Romania can control a botnet through a server in the UK, later using the stolen credentials to steal money from US-based banks. This cross-border characteristic requires an international collaboration of law enforcement that is very hard to pull off. Requesting data from local agencies through standard channels can take so long, the trail goes cold.

Luckily, this gap has been identified and great investment is being made in improving international collaboration between law enforcement agencies. Conferences, international task force groups, and better interpersonal relationships help expedite cases and create an effective global law enforcement community – and it’s working. There has been an international element in many of the recent arrests by law enforcement, from Operation Trident Breach to the arrest of BadB in Nice.

It’s not just Western law enforcement agencies that are collaborating either. If in the past fraudsters in Eastern Europe and Russia were considered less or even totally unreachable, many of the recent arrests were in Eastern European countries. Again, I refer you to Operation Trident Breach as one example. The law enforcement community identified the gap in that geographical part of the world and has invested resources in building relationships with local agencies there.

If this positive trend continues, we will see more collaboration of the global law enforcement community and more arrests being made.

It’s getting harder to become a fraudster

Becoming a fraudster isn’t hard and still very lucrative, especially for individuals in poor countries. But compared to several years ago, it is becoming increasingly difficult to join this world and learn its trade.

Several years ago, in the days of mega-carding boards, there was an abundance of tutorials and a community willing to answer questions from “newbie” fraudsters seeking to do business in the black market. Those who were new to the trade had a “soft landing” into the world of fraud as these highly detailed tutorials, suggestions and responsive members were easy to find. There was a sense that it was the community’s duty to help new members, as “new blood” was necessary to keep the underground economy booming.

But the days of these boards are gone. Some of the forums, such as ShadowCrew, Darkmarket and CardersMarket, were shut down by law enforcement and other boards simply faded, until they completely disappeared. Fraudsters realized that they were being monitored and everything they say could be later used against them in a court of law, or at least help disrupt their business. When many of the major players were apprehended, many “rippers” came to fill the void. A “ripper” is a fraudster who rips off other fraudsters to make a quick buck. Due to the infiltration of law enforcement and “rippers”, trust levels went and finding someone willing to help a newbie find their way is now an increasingly difficult task.

Happy New YearThe newbie fraudster, especially for one who doesn’t speak Russian, will find a much more hostile and desolate world than the one of just a few years ago. The advantage that the underground has given to fraudsters – lowering the barriers of entry into this playing field, is slowly eroding. If this trend continues, 2011 is going to be even harder on those who are seeking to take up the cybercrime trade.

While it is refreshing to focus on the progress we’ve made, we can’t forget the threats and challenges that lie ahead as there are plenty.

May we all have a great New Year.

Related Reading > 2010 Device Integrity Report: U.S. Unprepared for Internet Device Flood

view counter
Idan Aharoni is the Head of Cyber Intelligence for the FraudAction Intelligence team at RSA where he is responsible for gathering, analyzing and reporting intelligence findings on cybercrime and fraud activity. Mr. Aharoni joined Cyota (later acquired by RSA) in February 2005 as an analyst at the Anti-Fraud Command Center. During his service, he founded the FraudAction Intelligence team, which he leads today. Between his work at the Anti-Fraud Command Center, as well as the unique insight he has gained by the intelligence and discoveries gathered by his team, Mr. Aharoni offers vast expertise into the underground fraud economy and how cybercriminals operate.