O RGAN I SE D FR AU D
underground economy around November of that year. The acronym itself was coined from the Software as a Service (SaaS) term. Before we delve into the various facets of FaaS let us lay aside some of the assumptions that we have about the hacker/phisher crowd. Gone are the days where the primary theft is being perpetrated by the sociopath lonewolf in the basement. The major player is now organised crime, responsible for 70 percent of online fraud and billions in ill-gotten gains. Organised crime generates more revenue with fraud than narcotics. For many not closely involved or interested in the security industry these are surprising facts. Even more surprising are the business models that organised crime employs to maximize their profits. For the businessperson the fraudster is your competitor— one who is not hindered by ethics and has highly talented people working for him. They also can function in a dark mirror image of corporate culture, complete with ROI studies and the white boarding of ideas. With the backdrop properly set, we can now focus on the components of FaaS. Fraudulent activity is rapidly becoming based on Supply Chain Management (SCM). Reviewing the SCM framework, this includes, outsourcing/partnerships, development, procurement, manufacturing flow management/support, distribution, performance management and customer support. This translates into the underground economy and its fraud hosting services that are based on a subscription or flat-rate fee.
Service Level Agreements (SLAs) are discussed to ensure that those perpetrating the fraud are provided the service for which they paid. Once purchased, a fraud customer can review monthly status reports within a customer “dashboard” to check a current scheme’s profitability. The services can include “All in One” Trojan suites, which provide the subscriber custom command and control tools over thousands of infected computers in a botnet, from which you can direct a custom fraud campaign. A Pay-Per-Infection service or Centralized Trojan Infection, where a subscriber (criminal groups) can use the fraud providers resources to target specific computers and then only pay for those computers that are successfully infected with the preferred Trojan. HTML Injection (XSS) kits are commonly created and sold by the fraud service provider as a means to soften targeted computers for Trojan infection by using exploitable html code or as another method of gathering target data. Customer Support is also available to answer subscribers' issues with their purchased package and Service Level Agree-
Spear Phishing Rears its Ugly Head
S
pear phishing, or whaling, is a form of phishing attack that is mainly targeted at employees or high-profile targets in a business. Spear phishing emails attempt to get a user to divulge personal or sensitive information or click on a link or attachment
NEXT HORIZONS
that contains malicious software. In its Online Fraud Report for December 2009, RSA uncovered a post in the underground that shows a fraudster soliciting the email addresses of a company’s CEO and top executives and
is willing to pay $50 for them. Incidents of spear phishing are increasing so rapidly that the U.S. Federal Bureau of Investigation (FBI) recently issued a statement warning the public of the threat.
ments (SLAs) are discussed to ensure those perpetrating the fraud are provided the service for which they paid. More specialized services offered are Phone Channel Fraud (Vishing), where the fraud service provider can spoof Caller ID numbers (ANI Spoofing) of financial institutions, provide native language speakers for your target market and the ability for the fraudster to “cash out” their ill-gotten gains. Another is Money-Muling or MuleHerding. Here the fraud service provider can rope innocent people into laundering money via wire services so criminals can cash out their profits from one compromised bank account to another. The mules are then paid a percentage of the money transacted. These mulling jobs are sometimes advertised as “Regional Managers” or “Money Transfer Agent, a growth market due to the economic downturn and subsequent large unemployment. Much remains to be discussed regarding FaaS and security in general within the corporate environment, which cannot begin to be covered in just one short article. However, it was the intent to provide a brief overview to hopefully chip away at the outdated concepts that surround online fraud and its ramifications to online and offline business. —Mike Meikle is the CEO of Hawkthorne Group and a Senior Consultant and Senior Programme/ Project Manager for several organisations across government, health, telecommunications, corporate and education sectors, providing technological and organisational leadership.
CTO FORUM thectoforum.com
21 FEBRUARY 2010
17