Hacker Hunters

An article in Business Week discusses the attack on ShadowCrew. The whole article is interesting, and an indication of why cybersecurity isn't going to get a lot better anytime soon. Excerpts:

There's a new breed of crime-fighter prowling cyberspace: the hacker hunters. Spurred by big profits, professional cyber-criminals have replaced amateur thrill-seeking hackers as the biggest threat on the Web. Software defenses are improving rapidly, but law enforcement and security companies understand they can no longer rely on technology alone to deal with the plague of virus attacks, computer break-ins, and online scams...

While the FBI and other investigators have been criticized for fighting each other almost as fiercely as the criminals on traditional cases, they cooperate more than ever when it comes to cybercrime. Local, state, and federal agencies regularly share tips and team up for busts. The FBI and Secret Service, which received jurisdiction over financial crimes when it was part of the Treasury Dept., have even formed a joint cybercrime task force in Los Angeles. Public agencies also are linking with tech companies and private security experts who often are the first to discover crimes and clues...

There's a clear reason for this newfound collaboration: The bad guys are winning. They're stealing more money, swiping more identities, wrecking more corporate computers, and breaking into more secure networks than ever before. Total damage last year was at least $17.5 billion, a record -- and 30% higher than 2003, according to research firm Computer Economics Inc...

Part of the problem is that cops don't have all the weapons they need to fight back. They clearly lack the financial resources to match their adversaries' technical skills and global reach. The FBI will spend just $150 million of a $5 billion fiscal 2005 budget on cybercrime -- not including personnel -- in spite of its being given the third-highest priority. (Terrorism and counterintelligence come first.)...

The wiliest of the hackers still run rings around the cops. A Russian gang called the HangUp Team has been pummeling e-commerce Web sites and taunting its pursuers for two years, police say. The gang plants software bugs in computers that allow it to steal passwords, and it rents out huge networks of computers to others for sending out viruses and spam. HangUp Team hides in plain sight. Its Web site -- rat.net.ru/index.php -- is decorated with a red-and-black swastika firing off lightning bolts. Its blog discusses hacker tactics and rails against Americans. Its motto: In Fraud We Trust. "We think we know what they've done, where they are, and who they are," says Nagel. But authorities haven't been able to nab them so far. The Secret Service won't say why...

The bust yielded a treasure trove of evidence. So far the Secret Service has uncovered 1.7 million credit-card numbers, access data to more than 18 million e-mail accounts, and identity data for thousands of people including counterfeit British passports and Michigan driver's licenses. They say the ShadowCrew pillaged more than a dozen companies, from MasterCard Inc. to Bank of America Corp. (BAC ) The bust has yielded evidence against more than 4,000 suspects and links to people in Bulgaria, Canada, Poland, and Sweden. "We will be arresting people for months and months and months," says Nagel...

Despite these successes, cops face major hurdles as they try to get cybercrime under control. The biggest? Their global scope. Gang members hide out in countries with weak hacking laws and lax enforcement. They can even shelter servers in a separate country, snarling the trail for investigators. Their favorite hideouts: Russia, Eastern Europe, and China...

A usually informed source has said that several billion dollars a year are transferred from the US to the Russian economy through cybercrime, which might account for less than enthusiastic enforcement by the Russian government. But that doesn't explain why the US spends so little on preventing it.