FRAMINGHAM, 21 MARCH 2011 - The CJ341 Cyberlaw & Cybercrime course in the Criminal Justice department at Norwich University requires a short (3,000 word) term paper from each student. The students choose relevant topics that interest them and work through the semester on outlines and drafts before submitting their final version for grading. The paper by US Army ROTC Cadet Bradley Guinen demonstrated excellent research and provided interesting information for his fellow students and for readers of this column. Cadet Guinen and Mich Kabay collaborated closely in adapting Guinen's work for this series of three columns.
* * *
There was a time when computer criminals were mostly interested in "rep" – reputation. However, cybercrime has become more organized. "The majority of data breaches are the result of organized crime," says Nick Holland, an analyst at Aite Group, a research and advisory firm focused on business, technology and regulatory issues. Cybercrime has created a new frontier for organized crime; Dmitri Alperovitch, an Internet threat researcher for McAfee, says "The current security environment is ripe for cybercriminals. Unlike other types of crimes, cybercrime has low barriers to entry, there is little prevention and few enforcement mechanisms, and the returns can be enormous! The ease of doing business has facilitated a reported 275,000 incidents in 2008 which translates to about $265 million lost in the U.S. Alone." These organized cybercrime groups are located all around the world, but one place in particular has been a hotspot for organized groups of cyber criminals: Russia.
Russia's long-standing history of organized crime has nurtured a current crop of cybercrime organizations dedicated to the theft of personal and financial information and political hacktivism. During a BlackHat USA presentation in 2009, Alperovitch stated that "Russia's history of organized crime has paved the way for the emergence of highly sophisticated cybercrime groups that have spearheaded the emergence of Internet worms, botnets, spamming, phishing, and credit card forums."
Alperovitch traced Russian organized crime to the Lenin & Trotsky era. Many of these criminal organizations had their beginnings in the infamous gulags of the Soviet era. They followed a strict code known as "The Thieves' Code" which basically alienated the individual from his family and entirely committed themselves to the organization. To break any of these rules usually ensured mutilation or death. Every member of these organizations had to view crime as "a way of life…" and had to be "willing to live and die for their organization." Such loyalty enabled these Russian cybercrime groups to be highly productive. At first Russian cybercrime was off the radar only being noted for software piracy until in 1994 Vladimir Levin and his collaboration of hackers were able to access more than $10 million through computerized systems from Citibank over the course of a few weeks. Levin and his colleagues used stolen key codes, user IDs, and passwords to wire transfer various amounts ranging from thousands to tens of thousands to accounts his group controlled in the United States, Finland, Netherlands, Germany, Israel, Argentina, and Indonesia.
Sign up for Computerworld eNewsletters.