Many of our blogs deal with cyber security. We talk about technical training, user training, passwords, technical advances in cyber protection and many other topics related to network traffic visibility and security. Back in January we talked about the importance of global government cooperation and information sharing as a means to track down sophisticated cyber crime organizations and individuals. We also advocated for new laws and increased penalties for cyber crime.
Cyber crime is no longer a computer geek in a basement stealing a credit card number and buying a new blender. Cyber criminals operate internationally and have developed sophisticated operations using the latest technology and increasingly sophisticated techniques. These organizations prey on corporations, individuals and governments searching for wide ranging information.
Outright theft of money through bank transfers and account penetration
Information theft with the intent of using that information to steal from corporations and individuals
Information theft with the intent of embarrassing corporations or individuals
Information theft and publication on a very large scale with the intent of influencing public opinion (see: Russian Hacking Scandal)
Information theft with the intent of extortion and/or blackmail
Information theft under the guise of activism in order to promote a cause (Hacktivism)
Scope of Operations
Some hacking organizations are sponsored by governments with massive resources
Some organizations are very small or even operated by a single person
Regardless of the organizational size, global reach and broad access is easy
Physical locations are difficult to trace
Cyber movement across boarders is pervasive
With that background, we see that cyber crime is a well organized, well funded and profitable scourge on civil and trusting society. However, government cooperation and commitment to bringing cyber criminals to justice is starting to pay off. Government sponsored anti-hacking organizations are finally putting significant resources behind tracking down these criminals and locking them up…for a long, long time.
Catch and Conviction
Roman Seleznev, a Russian national was convicted in United States court of 38 counts including wire fraud and aggravated identity theft. Mr. Seleznev hacked into point-of-sale devices and stole credit card numbers from over 500 businesses stealing about US$170 million from over 3700 banks. Now, it is easy to see why there were some significant resources behind the tracking, apprehension and conviction of this guy.
Mr. Seleznev was finally tracked and apprehended in the Maldives. He had servers in Ukraine, Russia and in the United States. When he was arrested, law enforcement found 1.7 million credit card numbers on his computer.
Mr. Selezney was a hero of sorts in the underground world of cyber crime. His operation was used as a model by other hackers. It took over two years to try him and he was ultimately given a 27 year prison sentence. This is believed to be the longest sentence ever given for hacking. Roman Selezney is only 32 years old so will likely be healthy enough to serve his entire sentence, being nearly 60 years old when released.
Moral of the Story
Hackers beware. Governments and corporations have broad reach and deep pockets. They now realize that hacking is no longer a prank and see it for the sophisticated criminal organization that it is. The Selezney case has set a precedent. You might be elusive but governments and corporations will track you down like a dog. When you are caught, you will be handed the most severe prison sentences allowed. Further, those sentences are getting longer as the legal community comes to understand the true nature of these crimes. Unless you like the color Orange, find another business.