Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, May 06, 2009

The New Face of Cybercrime Revealed

If one thing is clear from Verizon’s recently published 2009 Data Breach Investigations Report it is that cyber crime has taken on a frightening level of maturity.  This is the second year that Verizon has published data from the breach investigation work they perform for their clients. While these [other[ reports do drive home the expense, loss of reputation, and compliance requirements associated with good data protection they do not shed the same light on methodologies that Verizon does.

The market is saturated with credit card data stolen from large payment processors and retailers.  Criminals in Florida used magnetic strip encoding machines to put the info on fake credit cards they manufactured.  One zealous “carder” bought $18,000 of gift cards from several Wal-Mart stores in one day.

Verizon’s report says the present target is PINs.  In other words, thieves are stealing the data that allows criminals to create ATM cards and thus drain money directly from accounts.  While Verizon cannot reveal the names of their customers the most dramatic use of stolen PINs ever was when data stolen from RBS WorldPay, an Atlanta based payment processor and card issuer.  These PINs were used to forge ATM cards that were then used to withdraw $9 million from 130 ATMs in 49 cities around the world in a single day in November of 2008.

It may have been true, before the rise of the cyber crime economy of today, that insiders were responsible for most breaches but thanks to the continuing success of data thieves, that is no longer the case.

Posted on 05/06