NewsNotables – Issue 57

The Underworld of Cybercrime

The Seattle Times, December 3, 2007

Somewhere in St. Petersburg, Russia, a tiny startup has struck Internet gold. It’s employees are barely old enough to recall the demise of the Soviet Union. Industry analysts believe they’re raking in well over $100 million a year from the world’s largest banks, including Wells Fargo and Washington Mutual. Their two-year rise might be the greatest success story of the former Eastern Bloc’s high-tech boom — if only it weren’t so illegal. The cash may be coming from your bank account, and they could be using the computer in your den to commit their crimes.

The enigmatic company, which the security community has dubbed “Rock Phish,” has rapidly grown into a giant of the Internet underground by perfecting a common form of Internet crime known as “phishing.” The thieves capture people’s personal computers, then use them to send phony emails that trick other users into revealing private financial information.

The number of pieces of malicious software, or malware, tripled in the first half of 2007 vs. the previous six months, according to Symantec. The number of phishing Web sites spotted in the first three months of 2007 by McAfee skyrocketed 784 percent compared to 2006. Some people are lured to visiting Web pages containing malware, either by inadvertently visiting infected sites or by clicking on an e-mailed link. There, a pixel-sized frame, invisible to the user, installs code onto the computers of visitors lacking the latest Web browser security updates. Most users have no idea such a “drive-by-download” has taken place, even as these Trojan horses surreptitiously log their banking passwords or other private information. Criminals are increasingly hiding this malware within apparently safe sites.

Rock Phish’s email campaigns rely heavily on botnets, short for “robot networks” to confuse victims and evade cybercops. Each botnet is an army of zombie PCs, some in corporations, some in your neighbors’ living rooms under remote control of Internet crooks, launching new rounds of malicious attacks.

Comment: One can’t be too careful when visiting websites and exploring emails. The latest technology is making cybercrime easier for crooks and harder for users to detect. Last January, many people received an email titled, “230 dead as storm batters Europe.” On first glance, you wouldn’t be too concerned about opening this article. Hurricane-force winds had been blowing through Europe at that time, and many Internet users clicked on the file attachment to learn more — unwittingly allowing the cybercriminals known as the Storm Worm group to take control of their computers.

Samsung Ex-Official Offers Corruption-Allegation Details

The Wall Street Journal, November 27, 2007

A former official of Samsung Group, elaborated on his earlier allegations of corruption of the big Korean conglomerate and said they set up a 200 billion-won ($215 million) slush fund to bribe influential figures. Samsung denied the claim saying, “It’s nothing but a repeat of false, distorted and exaggerated claims.”

Kim alleged that Samsung raised a slush fund to bribe prosecutors, judges and lawmakers. A former prosecutor himself, Mr. Kim said that the group used its trading arm, Samsung Corp., to create the pool of money through contracts with group affiliates.

South Korea’s National Assembly approved legislation to open an independent investigation into Mr. Kim’s allegations, saying a probe already under way by prosecutors is compromised by his claims that some, including the nation’s new top prosecutor, took bribes. Huge South Korean industrial groups have regularly been accused of wielding influence by using questionable dealings.

Comment: The size of the alleged “slush fund” is startling. As businesses such as Samsung become more and more global, you would hope that these types of dealings would dramatically decrease or even disappear altogether. With the nation’s top prosecutor being accused of taking bribes himself, this is going to be tough case to prosecute.

By Roger Eigsti
Board President,
Institute for Business, Technology, and Ethics