Small group of Russian 'kingpin' hackers responsible for majority of cyber attacks, Europol says

[Audrey McNeil <audrey () riskbasedsecurity com>]

https://au.news.yahoo.com/technology/a/25246577/small-group-of-russian-kingpin-hackers-responsible-for-majority-of-cyber-attacks-europol-says/

Europe's criminal intelligence agency, Europol, estimated only 100 kingpins
developed bugs, viruses and other destructive programs to sell to crime
gangs around the world.

But efforts to crack down on the syndicates were hampered by poor relations
between police in different countries.

Two major bugs – one called Heartbleed and the other known as Shellshock
– crippled millions of computers and networks around the world this year.

There were countless examples of other malicious software or malware
affecting users, often in ways that cost them money or privacy.

Europol's head of cyber crime, Troels Oerting, said a small group of
Russian programmers were behind the majority of attacks.

"[There are] around 100 good programmers globally right now. There might be
a bit more, a bit less, but that will be in the area," he said.

"It's downloaded by all kinds of criminals. That could be Western European
criminals and Eastern European criminals or African or American criminals,
but the majority of the kingpins seems right now to be located in [the]
Russian speaking area."

Over the weekend, hackers gained access to the credit card details of
potentially thousands of Kmart customers in the United States.

Europol and other law enforcement agencies have struggled to find ways to
intervene, because most of the gangs operate across borders.

Mr Oerting said authorities were focused on the source of the problem.

"If we are good enough to identify the rather limited group of good
programmers that I think we roughly know ... if we can target them and take
them out of the equation, then the rest will fall down until they have been
replaced," he said.

The task has been further complicated by the increasingly sophisticated
methods used to hide users' identity online.

"I think that you have privacy and you have the right to privacy, but that
doesn't mean that you have a right to be anonymous," Mr Oerting said.

Coordinating police operations in Russia was difficult because of the
difficult relationship with the EU, Mr Oerting said, but the situation had
improved.

"I am increasingly happy because I've just been in Moscow a couple of times
and I've just made an agreement that we will come with four very, very
interesting cases to them," he said.

"We'll see the outcome, of course. But, so far, it seems to be going in the
right direction actually."

Despite that change in direction, Europol expected the attacks would become
more frequent and more destructive.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!