By the look of things, the 17 people indicted for identity theft and similar Internet-related activities aren't the brightest of criminal masterminds. After all, one or more of them ran a site called "The International Association for the Advancement of Criminal Activity" in an apparent effort to generate as much attention from law enforcement as possible. The breadth of their activities is illustrative, however, of how organized Internet crime has become.
Seventeen people and one corporation were indicted on a 173-count indictment for trafficking more than 95,000 stolen credit card numbers, which ultimately caused more than $4 million in fraud, according to the NewsFactor Network story. The piece offers details on only three of the defendants, a Ukrainian/Russian couple and their child.
The Russian Business Network, headquartered in St. Petersburg, has long been the cyber equivalent of the mobster's lair. It is notorious for hosting all sorts of bad things, from child pornography to spamming and identity theft. The RBN apparently has gone dark, however, according to this blog at The Washington Post. The post says some of its ISP partners began refusing to route its traffic and, soon after, the company surrendered most of its Internet space. There is speculation that plans are afoot to resurrect it in China, where it would control more space. At least one expert -- iDefense's director of rapid response -- said it's too early to be certain.
Identity theft is not a monolithic topic. This WebProNews article looks at what it says is the first study of ID theft cases completed by the U.S. Secret Service. Many interesting facts emerge. For instance, 42 percent of cases involved multiple offenders, with the highest total reaching 45 participants. Only 20 percent involved non-technical means of stealing the identity, such as dumpster diving. Five percent of victims were related to the offenders. More than one-third of the victims were financial institutions; individuals were the targets 34 percent of the time. The study also offers interesting demographic information about the offenders, such as the fact that only 6 percent were over 50 years of age.
This overview of identity theft begins with a look at what a criminal engaged in such activity likely will do (open a bank account and write bad checks, obtain loans, etc.). The writer at AfterIdentityTheft then describes the different methods of stealing identities. It is interesting that online theft is only one of seven approaches. The others are dumpster diving, mail theft, purse or wallet theft, use of inside sources, impersonation of the target, and stealing data from the victim's home. Unfortunately, the story doesn't say which of these is the most common. It is likely, however, that these often feature some online activity, even if it occurs after the identity is pilfered.
Unfortunately, ID theft is in the ascendancy. Assistant U.S. Attorney Erez Liebermann, the chief of the computer hacking and intellectual property section in the New Jersey U.S. Attorney's Office, says cyber crimes now are so profitable that they underwrite some crime groups' other illegal activities. The article, posted at InformationWeek, says Websense said that 2007 would be characterized by a more closely knit organized crime community. One element of this is the buying, selling and trading of easy-to-use crime toolkits and zero-day vulnerabilities. Liebermann says law enforcement has adequate tools to meet the challenge.