HOW CYBER CRIMINALS WORK
Cyber crime has become a profession and the demography of the cyber criminal is changing rapidly with the type of organized gangsters who are more traditionally associated with drug-trafficking, extortion and money laundering. The question of how to obtain credit card/bank account data can be answered by a selection of methods each involving their own relative combinations of risk, expense and skill. The probable marketplace for this transaction is a hidden IRC (Internet Relay Chat) chat room. Gaining control of a bank account is increasingly accomplished through phishing. All of the following phishing tools can be acquired very cheaply.
The cyber criminals works in the following ways:
They are the comparative veterans of the hacking community. With a few years' experience at the art and a list of established contacts, ‘coders’ produce ready-to-use tools (Trojans, mailers, custom bots) or services (such as making a binary code undetectable to AV engines) to the cyber crime labour force – the ‘kids’. Coders can make a few hundred dollars for every criminal activity they engage in.
It is called so because of their tender age, most are under 18. They buy, trade and resell the elementary building blocks of effective cyber-scams such as spam lists, PHP mailers, proxies, credit card numbers, hacked hosts, scam pages etc. ‘Kids’ will make less than $100 a month, largely because of the frequency of being ‘ripped off’ by one another.
These individuals convert the ‘virtual money’ obtained in cyber crime into real cash. Usually located in countries with lax e-crime laws (Bolivia, Indonesia and Malaysia are currently very popular), they represent ‘safe’ addresses for goods purchased with stolen financial details to be sent, or else ‘safe’ legitimate bank accounts for money to be transferred illegally, and paid out of legitimately.
These are professionally operating criminal organization which combines all of the above covered functions. Organized crime makes particularly good use of safe ‘drops’, as well as recruiting accomplished ‘coders’ onto their payrolls.