The World's Weak Spots
While some members of the group are recruited for their technical skills, others are recruited for different roles. One organization that Prolexic's Lyon came across hired prostitutes to pick up payments from Western Union. "Some of these groups have really sophisticated money laundering techniques," Lyon says. "They get their money sent in multiple broken Western Union payments, and then hire hookers to go pick it up. They get the money back together again, and then deposit into an account where it can be wired around the world. It bounces around and eventually becomes impossible to trace."
And the members of a Web gang may be based almost anywhere in the world, though security experts have identified certain areas as hotspots for this type of activity. Brazil, Bulgaria, China, Estonia, Hungary, Indonesia, Japan, Latvia, Malaysia, North Korea, Romania, Russia, and the United States are major centers for organized hacking, says Kellerman, cofounder and chief knowledge officer for Cybrinth, a new cybersecurity consulting company.
Why are certain areas considered hotspots?
"Places where there's a significant amount of activity usually have a technically advanced population and a large population of computer users. You also have a poor economy, so you have people with the technical skills to do good work, but they can't find a job that will provide for them, so they may have to resort to doing things that are against the law," Kaspersky's Coursen says.
These hotspots (other than the United States and Japan) also tend to be countries where laws and law enforcement lag behind what is found in Western-style democracies. "Countries around the world are drafting stronger laws," says Christopher Painter, deputy chief of the computer crime section with the Department of Justice. "But hackers will find the weakest link, the country with no laws."
For the foreseeable future, you can expect the promise of financial rewards to entice even more criminals online. And those who are already online will learn new and more-sophisticated ways to attack.
"In the past, it was more of a nuisance, I was getting spam trying to sell me pills. Then I was getting messages pretending to be from my bank, trying to get my PIN," says Paul Judge, CipherTrust's CTO. "We're only beginning to see the first phase of what the bad guys will do."
Tomorrow: Internet Sieges Cost Businesses a Bundle