Thu, Dec 10, 2015

The Brave New World of Cyber Crime: When Hacking Becomes Big Business

The early days of hacking were like the Wild West. Lone hackers set out to cause chaos wherever and whenever they could snatching up credit card numbers or the bank account information of unsuspecting victims.

Today’s hacking environment, however, is much more complicated and sophisticated. We’re now seeing a diversification of the hacking for profit movement and this new trend is ushering cyber crime into a whole new era.

The largest U.S. Financial cyber-hacking case

In November 2015, the U.S. Department of Justice (DOJ) made an announcement regarding the indictment charging three men in what is being called the largest U.S. financial cyber-hacking case. The case has been characterized by a US attorney as “securities fraud on cyber steroids.”

According to the indictment, from 2012 to 2015, three alleged criminal co-conspirators, Gery Shalon, Ziv Orenstein, and Joshua Samuel Aaron (still at large at the time of the DOJ’s announcement) led a hacking scheme that targeted the financial sector with JP Morgan as their largest target. The defendants are alleged to have stolen the personal information of more than 100 million customers through a data breach and used that information to further a diversified criminal organization.

In addition to hacking several major banks, the defendants also laundered money, set up an illegal Bitcoin trading operation, and ran illegal online casinos. The defendants used the stolen names and e-mail addresses they secured from financial institutions to contact unwitting victims and convince them to buy stocks in a classic “pump and dump” stock buying scheme, thus inflating stock prices before their inevitable cash out.

The new cyber criminal

These criminals were not tech-savvy hackers breaking into systems with brute force instead they used their business savvy to further their scheme. In fact, it is highly likely that they outsourced the hacking itself to other, unidentified co-conspirators.

In a press conference announcing the DOJ indictment, U.S. attorney for the Southern District of New York Preet Bharara commented that the hacking was not “hacking merely for a quick payout,” but was instead “hacking to support a diversified criminal conglomerate. This was hacking as a business model.”

So, how do you protect yourself against this new era of big business hacking? Cyber security needs to be made a priority.

Authorities think the targeted companies were able to be hacked because they hadn’t addressed vulnerabilities caused by the Heartbleed virus and other viruses and malware in a timely manner.
Failure to employ defenses against malware is a common theme in organizations large and small. Many threats can be addressed by simply performing a thorough cyber risk assessment to root out as-yet unidentified issues.

By Kroll Editorial Team

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.