The Russian Business Network, ShadowCrew, HangUp Team, 76service, “Malware as a Service” (MaaS) and “Hoff is Thirsty.”
Scott Berinato posted the first of three installments of an expose highlighting the economics of the malware industry in CSO magazine. It’s a fascinating read with a blow-by-blow of how Don Jackson of SecureWorks infiltrated a malware distribution cartel and got to witness firsthand the dynamics of the malware marketplace as a functional economy.
It really demonstrated well the evolution of the stratified distribution system which mimics that of the drug trade.
What really made the story, however, was this incredible quote from yours truly. Prepare to be awed. I know I was.
Here’s the setup:
“Do you have a credit card? They’ve got it,” states another researcher who used to write malware for a hacking group and who now works intelligence on the Internet underground and could only speak anonymously to protect his cover. “I’m not exaggerating. Your
numbers will be compromised four or five times, even if they’re not used yet.”
Here’s my earth-shattering revelation:
“I take for granted everything I do on the Internet is public and everything in my wallet is owned,” adds Chris Hoff, the security strategist at Crossbeam and former CISO of
Westcorp, a $25 billion financial services company. “But what do I do? Do I pay for everything in cash like my dad? I defy you to do that. I was at a hotel recently and I
couldn’t get a bottle of water without swiping my credit card. And I was thirsty! What was I gonna do?”
…and now we finish with the closer.
That’s the thing about this wave of Internet crime.
Everyone has apparently decided that it’s an unavoidable cost of doing business online, a risk they’re willing to take, and that whatever’s being lost to crime online is acceptable loss. Banks, merchants, consumers, they’re thirsty! What are they gonna do?
See what I mean!? Without that little statement about being parched, the whole malware story just doesn’t hang together.
Don Jackson and his little sleuthy malware research doesn’t have ANYTHING on my horrific experience trying to extract a bottle of Aqua Fina liquid refreshment from a vending machine on the 23rd floor of a Scottish hotel.
Wait until the second installment when I talk about Mayonnaise.
Journalists: Please email me immediately as I’m available NOW as your go-to source for non-nonsensical non-sequitirs that make your editorials just SCREAM! Need to get to 800 words and got nuthin’? Call the Hoff.
P.S. I’m not @ Crossbeam anymore. I was the Chief Security Strategist. It was "WesCorp." My dad is dead. The rest is accurate, however…except I keep getting quoted as saying "gotta." I swear, it’s my accent! I don’t say "gotta." Really.