Tapping into the world of a miscreant economy

February 8, 2008 - 0 Comments

I just found out the other day that two colleagues were recent victims of ‘identity theft‘. One had her credit card number stolen, not once but two times, amounting to fraudulent charges at Walmart and K-Mart, as well as an additional credit card balance transfer of $16,000. The other colleague had someone attempting to take out a huge bank loan using her credit credentials. But as I am finding out, security issues are not limited to credit card fraud. Digging a little more into this topic, I came across recent headlines mentioning ‘storm‘—-an ever-growing Botnet that is estimated to have infected between 1 million and 50 million computers. Botnets are becoming the foundation of elaborate extortion schemes including identity theft. Motivated by political or economic objectives, botnets can cost businesses as well as service providers millions of dollars each year. Such electronic schemes are underlining a fundamental paradigm shift in the miscreant economy—a community that engages in cyber crime-related activities for financial reward.The costs of”loss” are staggeringJust last month, 337,000 voters in Davidson County (Nashville) had their identities compromised with a laptop theft; this loss was estimated to cost $1M which covers identity protection for those affected. And what is the going rate for stolen information these days? According to Trend Micro, the hacker black market can get you a credit card number with PIN for $490, a driver’s license can be bought for $147 and a PayPal account logon and password can be bought for a measly $6. There are still other ways where stolen identity and personal information can materialize in real money. I watched the Dateline program on NBC where Chris Hansen ran an interesting investigative report on have you been scammed?, foiling an elaborate crime ring of purchasing of goods online with illegal / stolen credit cards items. There were legitimate physical drop off points in the US for merchandise purchased with stolen credit cards, which in turn, were shipped off to an overseas non-traceable destination.The role of the Service ProviderWhat it boils down to it this: service providers must enhance their value propositions and offer”better” managed security-enabled services to the end user. Providers must offer increased service and value guarantees to their customers in order to help protect both their networks and services. Providers readily offer encrypted VPN services to businesses accepting VISA and Master cards to be compliant with PCI-DSS standards. However, protecting endpoints such as laptops and 3G phones from miscreants via NAC and content filtering technology with managed security services offer portfolio would go a long way to deploy”defense-in-depth” security philosophy. Providers can really help protect valuable and confidential information for businesses and residential customers and become their ‘trusted partner’.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.