In the beginning there were only malware and machines to be
infected, with no money in the middle – only a will to get “fame” by
coding. A few years ago this situation changed drastically and today
the cybercrime ecosystem is much more complicated, including as much
as 7 key elements. This starts with the coders, who only develop the
malware, then sell it to other criminals while offering service
support. The criminals who buy it distribute it among other
cybercriminals and money mules.
What’s the problem here? In general the AV industry still fights the
same way as 15 or more years ago. We detect more amounts of advanced
malware yet more appears every day. It’s like cutting a weed but
leaving the root – it just grows up again and again…
What happened on the 1st day at VB is that we saw a series of
presentations dedicated to how to deal with this modern state of
cybercrime. Mikko Hypponen from F-Secure, along with Bob Burls of
the Police Central e-Crime Unit (Metropolitan police) delivered a
keynote speech about the m00p gang joint investigation and their
experiences. The message was clear – it’s time to fight cybercrime.
Right after that I delivered a presentation called “A look at the
cybercrime ecosystem and the way it works” and it was about the
current moves of cybercriminals, how well they are organized and
what type of people are behind it. As an example I presented real
data – pictures,habits, nicknames, real names and other stuff of the most
relevant criminals from Latin America and in Europe. I also analyzed
current limitations in terms of laws to fight cybercrime in Mexico,
Brazil and Russia. Before my presentation I did not have any
conversation with Mikko but the message was exactly the same – it’s
time to fight not only bad files but also bad people aka
cybercriminals.
Finally my colleague Fabio Assolini showed how cybercriminals from
Brazil steal money today and have quite a comfortable life, some of
them moving from city to city each month, recruiting money mules and
using their stolen cash to live the highlife. They buy luxury cars
and stay in the most expensive hotels. They don’t have any?
fear of being punished and are only living their lives to steal
money every single day. The situation gets worse when the countries
we noted lack a legal system that persecutes online theft and
cybercrime. The feeling of impunity is really strong. The case Fabio
presented showed that the same bad guy was already arrested 3 times
and again and again he’s set free.
There are some ideas about how to make our job better (pulling out
the weed’s roots). For now, it’s mainly plans, but maybe the time
has come to do more radical fighting against cybercrime. What do you all think?