The Russian Business Network, ShadowCrew, HangUp Team, 76service, “Malware as a Service” (MaaS) and “Hoff is Thirsty.”
Scott Berinato posted the first of three installments of an expose highlighting the economics of the malware industry in CSO magazine. It’s a fascinating read with a blow-by-blow of how Don Jackson of SecureWorks infiltrated a malware distribution cartel and got to witness firsthand the dynamics of the malware marketplace as a functional economy.
It really demonstrated well the evolution of the stratified distribution system which mimics that of the drug trade.
What really made the story, however, was this incredible quote from yours truly. Prepare to be awed. I know I was.
Here’s the setup:
“Do you have a credit card? They’ve got it,” states another researcher who used to write malware for a hacking group and who now works intelligence on the Internet underground and could only speak anonymously to protect his cover. “I’m not exaggerating. Your
numbers will be compromised four or five times, even if they’re not used yet.”
Here’s my earth-shattering revelation:
“I take for granted everything I do on the Internet is public and everything in my wallet is owned,” adds Chris Hoff, the security strategist at Crossbeam and former CISO of
Westcorp, a $25 billion financial services company. “But what do I do? Do I pay for everything in cash like my dad? I defy you to do that. I was at a hotel recently and I
couldn’t get a bottle of water without swiping my credit card. And I was thirsty! What was I gonna do?”
…and now we finish with the closer.
That’s the thing about this wave of Internet crime.
Everyone has apparently decided that it’s an unavoidable cost of doing business online, a risk they’re willing to take, and that whatever’s being lost to crime online is acceptable loss. Banks, merchants, consumers, they’re thirsty! What are they gonna do?
See what I mean!? Without that little statement about being parched, the whole malware story just doesn’t hang together.
At all.
Don Jackson and his little sleuthy malware research doesn’t have ANYTHING on my horrific experience trying to extract a bottle of Aqua Fina liquid refreshment from a vending machine on the 23rd floor of a Scottish hotel.
Wait until the second installment when I talk about Mayonnaise.
Journalists: Please email me immediately as I’m available NOW as your go-to source for non-nonsensical non-sequitirs that make your editorials just SCREAM! Need to get to 800 words and got nuthin’? Call the Hoff.
Wow.
/Hoff
P.S. I’m not @ Crossbeam anymore. I was the Chief Security Strategist. It was "WesCorp." My dad is dead. The rest is accurate, however…except I keep getting quoted as saying "gotta." I swear, it’s my accent! I don’t say "gotta." Really.
I could see any other third-world country where you have no choice but bottled water, but Scotland? Fer Chrissakes, you couldn't round up any scotch? That stuff would make you forget about being thirsty. They probably had a table of it for free right next to the vending machine, which the locals jokingly refer to as "The Yankee Trap" because only Yankees buy the stuff. =)
Chris, admit it, it was "fire water". You do realize they keep that in the mini bar don't you?
I'm consistently impressed by your mastery of the English language; especially considering your "disadvantages".
I mean, what are you gonna do?
🙂
"hackers will run amok, unfettered, unafraid and perhaps even protected."
Much like we hope Chris ran amok in Scotland 🙂
Is "running amok" the same as going "commando?" If so, the answer is no.
With friends like y'all, who needs…a podcast.
Hugs, kisses and kicks!
/Hoff
Let's go to the Hoff, oh baby …~
Even if you could do all your transactions in cash over the Internet, you'd be an even bigger fool to do so. It's clear, we're down to detection and repudiation rather than prevention these days. It's all for the privilege of Not Being There and Having Things Happen Really Quick.
(mmmmm, Aquafina … just the thing after an evening of drinking whisky)
"Waters for washing, whisky is for drinking!" ™