Fortinet

Dirty money on the wires

Patrice Perche, Fortinet made a presentation about Dirty money on the wires - The business model of cyber criminals.

Patrice Perche

Patrice Perche, Vice President Southern Europe & Middle East India began his presentation with a quick introduction to his company. Fortinet is the leading provider of ASIC-accelerated Unified Threat Management security solutions. Founded in 2000 it is Silicon Valley based with 700 employees; over 300 in R&D. 150,000 FortiGate devices have shipped worldwide. The company has three patents; 60+ are pending. It has no less than eight ICSA certifications (first and only security vendor), Government Certifications (FIPS-2, Common Criteria EAL4+) and 60+ Industry Awards. Its products are used by 20,000+ customers world-wide.

Perche stressed that reported offenses are just the tip of the iceberg. The FBI reported $67 billion in damages last year (US) while the NHTCU reported £2.45 billion (UK). Credit card fraud alone costs $400 million per year. Perche delved into the business model of cyber crime and talked about various types of cyber crime—spamming, carding, phishing, herding and industrial spying—and how they pay off. He discussed the various kinds of cyber criminals— skilled Coders, Kids who form the workforce, the Mob who are the puppet masters and the Drops who act as the mules. The marketplace here is IRC and the currency e-gold.

He went through the Carding Business Model and examined the underlying numbers. The cost of buying the details of 40 valid credit-cards is $200. Bribing 10 drops to forward one package per week will set you back by $800. Drops to cyber criminal packages delivery costs also cost about $800. The profits by selling the goods (CC numbers) on eBay work out to $16,000 ($400 per package). The total monthly cost works out to just $1,800 while the revenue is $16,000 which leaves the cyber criminal with a net gain of $14,200.

He also discussed the adware business model wherein Adware Company ‘A’ edits software that displays ads. Advertisers pay company ‘A’ to get their ads displayed. Company ‘A’ pays its partners/affiliates for each install of the Spyware/Adware on the computers of end-users.

Phishing is another very profitable scam. Stealing money using offshore accounts breaks down to three steps involving two layers of anonymity: First the criminal buys e-gold with a stolen account and then he loads debit cards issued by offshore companies to withdraw cash. The total cost is just $9,863 while the criminal makes $100,000.

After discussing the intricacies of existing cyber crime, he went on to talk about an emerging threat, that of mobile phone diallers.

The cyber crime scenario is fuelled by the lack of balance between the fundamental drivers and the countervailing inhibitors. Criminals historically prey on their immediate neighbours. The Internet changes all that. The monthly barrage of vulnerability announcements, give cyber criminals the opportunities they need. Online trading sites for identities create a market for thieves to sell to more sophisticated criminals. Success (profits) breeds more success. Just as eBay created a new generation of garage sale entrepreneurs, Cyber crime is sucking in more and more players. Large botnets, in particular a million member army being prepped for the holiday season indicate growing power. Organised crime is turning to bribery and infiltration to steal identities.