Cybercrime isn't where or who you think it is

As crime gets more serious, it gets more organized, but it's still mostly a US/China thing

Globally cybercrime costs $114 billion every year according to a September, 2011 study by U.S. security software maker Symantec Corp.

Officials of Western governments often point to Russia, Estonia, the Ukraine and other Eastern European countries as the source of their cybercrime problems. And it's certainly true there is a thriving cybercrime economy in Eastern Europe – one that is more attractive because culprits are rarely arrested, let alone prosecuted, according to the Kyiv Post.

In Russia, there is a burgeoning "Cybercrime to Cybercrime" business in which specialized teams of hackers form "companies" offering services such as training, administration, malware development and other specific skills that other gangs hire on a need-to-steal basis, according to Moscow-based consultancy Group-IB, which published a study on the Russian cybercrime market in April.

The main sources of malicious activity – and therefore the location of most of the jobs in cybercrime – were the U.S. and China, according to a recent report from security firm Symantec.

Even the Tidsev Trojan, the Cyrillic-sounding, astonishingly successful malware that helped build the Rustock botnet into an army of 1.5 million infected computers, was launched and controlled from the U.S.

So were a third of all web-based attacks, 49 percent of phishing web sites, 13 percent of malware-infected bots and 17 percent of attacks on major networks.

China, famous for cyberespionage, was No. 1 in network attacks (27 percent), No. 1 in attacks made on or through web sites and made the top five in nearly every other category of cybercrime.

The biggest source of malware was India, whose huge software-development industry has apparently been diverted to more lucrative pursuits.

"The level of professionalism is amazing and I don't see a slowdown," according to a Computerworld story quoting Pablo Martinez, deputy special agent in charge at the U.S. Secret Service.

Lax regulations often leg gangs in Eastern European countries run virtually wild, according to the Kyiv Post.

The depressed economies and lack of a developed labor market make it harder to find cybercriminal work there than in more developed countries, however, and a comparative lack of proficiency in English holds many budding Eastern European cybercriminals from achieving their full potential according to Brian Krebs, U.S. –based security consultant and writer.

“There is no Eastern European Silicon Valley which would compete with the state over qualified experts in computer security,” Krebs told the Kyiv Post.

Nevertheless, an April report from the Moscow-based consultancy Group-IB estimated that the net income of Russian-based cybercriminals was $12.5 billion.

That's not the total cost of all cybercrime in Russia; it's the amount Russians made from it.

The report also found traditional organized crime groups taking over significant portions of the "market," including online direct theft, as opposed to identity theft or selling compromised data.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon