rootninja

From Trendmicro’s report on Investigations on a Cybercrime Hub in Estonia

Tartu, Estonia is the hometown of an Internet company that, from the outside, looks just like any other legitimate Internet service provider (ISP). On its website (see Figure 1), the company lists services such as hosting and advertising. According to publicly available information, it posted more than US$5 million in revenue and had more than 50 employees in 2007.

In reality, however, this company has been serving as the operational headquarters of a large cybercrime network since 2005. From its office in Tartu, employees administer sites that host codec Trojans and command and control (C&C) servers that steer armies of infected computers. The criminal outfit uses a lot of daughter companies that operate in Europe and in the United States. These daughter companies’ names quickly get the heat when they become involved in Internet abuse and other cybercrimes. They disappear after getting bad publicity or when upstream providers terminate their contracts.

Doesn’t this just sound like the typical and naturally expected increase in complexity and efficiency found in all areas (non technical) of organized gang activity that is used in response to increases in efficiency and complexity within the legal and law enforcement community? I wonder if the tactics that actually work against criminals and criminal organizations in general share any similarities to those that work in the cyber warfare arena? What the right response is, I don’t think we’ve figured out yet, because the problems only appear to grow as time progresses. I guess that all depends on what you use as your measuring stick, but one thing is for sure, cyber warfare is no where near under control today.