Talk about turning classwork into pure gold and professional kudos: Norwich University undergraduate student and ROTC cadet Bradley Guinen has teamed up with his instructor and collaborator M.E. Kabay, PhD (who is a regular contributor to Network World, as well as an independent information security consultant, and faculty member at Norwich) to turn a paper for his CJ341 Cyberlaw & Cybercrime class into a 3-part series of articles for NetworkWorld.
Stu Sjouwerman
- Part 1: The Russian Cybermafia: Beginnings
This story provides a brief overview of the origins and early efforts amidst the formidable Russian cybercrime world, which itself springs from the various arms of organized crime collectively known as "the Russian Mafia" (though the names of the individual groups who make up this underworld vary widely by region and ethnicity). The early success of cyberheists for such professionals dates as far back as 1994, when a group of Russian hackers accessed more than $10M through computerized systems at Citibank, including repeated and massive fraudulent funds transfers.
- Part2: The Russian Cybermafia: Boa Factory & CarderPlanet
This story documents the capabilities and activities of the Boa Factory, a "...one-stop clearing house for buying and selling virtuall all assets produced by financially-motivated online criminal activity" and CarderPlant "...a bazaar for the 'purchase, review, and distribution of cybercriminals' good and services, as well as providing tutorials for new members...'" (the interior quote comes from security expert and researcher Dmitri Alperovitch, VP of Threat Research at McAfee, whom Kabay and Guinen interviewed for background on the paper and these stories).
- Part 3: The Russian Cybermafia: RBN & the RBS WorldPay attack
This part of the series covers the infamous so-called "Russian Business Network" (RBN) and its involvement in insidious software and activities, including malware, DDoS attacks, hacking, kiddie porn, and spam. Among its many other hair-raising exploits, the RBN organized the November 2008 attack that has come to be known as RBS WorldPay, in which this organization hacked through WorldPay's industrial strength encryption and were able to extract information about payroll debit cards the company issued to its customers, and to use fake ATM cards to steal over $9M in bogus ATM withdrawals. A formidable malign influence on the Internet, and one whose influence has by no means been diminished by the apprehension of two of its principals in 2010.
- All in all, this series not only makes fascinating reading, it also provides some useful and thought-provoking detail on the depth, seriousness, and danger that organized crime brings to today's Internet. If anyone needs an implicit warning about the threats inherent to online activity, especially of a financial nature, it lurks in every nuance of these reports.
Stu Sjouwerman
