The new initiative comes after an analysis of the business models used by these criminal groups and individuals that are involved in carding and malware distribution, among other offenses. According to SOCA intelligence department head Andy Auld, some of the business models have become increasingly sophisticated and mirror legitimate business models. This has led to the adoption of a three-tiered approach that reportedly attacks botnet and malware creators; "bullet-proof" web hosts; and Internet payment processors that service illegal enterprises and / or engage in shady billing practices.
News of the offensive came at the RSA Europe Conference during a keynote presentation in which Auld and FBI Special Agent Keith Mularski cited the now defunct Russian Business Network (RBN) as an example of the enterprises being pursued. RBN was reportedly built from the ground up as a criminal operation; involved in fraud, illegal child pornography, malware distribution and more; including alleged corruption of officials in St. Petersburg.
"This was a well organized organization not a cottage industry. RBN was the e-crime component in a wider criminal portfolio," Auld said. "There were strong indications RBN had the local police, local judiciary and local government in St. Petersburg in its pocket. Our investigation hit significant hurdles."
"All we achieved was disruption, not a prosecution," Auld added. "We believe RBN is back in business, pursuing a slightly different business model."
Botnets, such as those used for obfuscating identity; stealing credentials; spamming and malware distribution; and carder forums (similar to adult industry webmaster forums), catering to Russian and English-speaking webmasters, are also under attack.
Mularski described these forums, as having established hierarchies, where board admins receive a percentage for running escrow and other services, while reviewers are used to manage the sites and "confirm" the quality of stolen card numbers being offered on the site. Carders and hackers supply much of the stolen data, while the rank and file members, including many wannabe scammers, make up the bulk of the forum members.
The two law enforcement agencies are actively seeking to infiltrate these groups directly or recruit sources from within these organizations.
"Traditional policing is reactive," Auld stated. "Cybercrime enforcement, by contrast, has to be pro-active."
"We are working in partnership to make Internet governance a less permissive environment," Auld said — and while that quote is taken somewhat out of context, it clearly sounds the end of business as usual for some of the Internet's worst criminals and scammers.
