36 Indicted in Global Cybercrime Ring That Stole $530M (go.com) 40
U.S. prosecutors say 36 people have been indicted in connection with an international cybercrime ring that bought and sold stolen credit card information, leading to losses of more than $530 million. From a report: The Justice Department says Wednesday that the so-called Infraud Organization dealt in the large-scale acquisition and sale of stolen identities, credit card information and malware. Deputy Assistant Attorney General David Rybicki says it was "truly the premier one-stop shop for cybercriminals worldwide." He says the organization used an online forum on the dark web to sell financial and personal information. Investigators believe the organization's nearly 11,000 members targeted more than 4.3 million credit cards and bank accounts.
Learn for it! (Score:5, Interesting)
Re: (Score:3, Insightful)
This should show everyone how much security and validation is lacking in almost every aspect of our lives. The best thing to do, is to learn from what happened and evolve systems that can deal with the real threats. When security legs behind, you get scenarios such as this!
The first step to make systems more secure, is to punish those who have made them insecure.
When punishment lags behind, you see these scenarios happen over and over and over again, because organizations and the people who lead them do not give a shit enough to invest in fixing the problem.
Re: (Score:2)
As long as the CC companies take the burden of fraud losses, they can keep the shitty system if it makes financial sense for them.
Re: (Score:2)
Sure, that works fine for credit cards but the whole financial industry has shitty security when it comes to authenticating users. When someone takes out a loan in my name using information obtained from the Equifax breach (a company with whom I have no business relationship), what is my recourse? It's not like I can choose to patronize another company. Perhaps if companies were punished for such breaches then they would pay more attention to security.
Re: (Score:2)
Re: (Score:2)
Punishing those who exploit the holes, doesn't solve the problem.
I said punish those who make the systems insecure in the first place. I'm talking about leaders of organizations who don't give a shit about investing in proper security, to include hiring properly trained staff and recognizing that a CSO has every right to tell even the CEO no if the situation demands it. And that CEO should fucking respect that justified decision.
A lack of priority and respect for security is why we continue to have these discussions over and over and over again.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
This should show everyone how much security and validation is lacking in almost every aspect of our lives. The best thing to do, is to learn from what happened and evolve systems that can deal with the real threats. When security legs behind, you get scenarios such as this!
Ooooh, and a unicorn. I'd also like a unicorn.
We have many simple ways to secure money in our lives like one time passcodes which will eliminate most card fraud. The problem is that it will reduce credit card usage as people will find cash less annoying than having to enter a passcode to buy something online. Given that credit card companies and banks make money from transactions (they take it from the merchant and threaten the merchant with lawyers if they tell you about it) a drop in usage is a signifi
Re: (Score:2)
Motivation... (Score:4, Interesting)
There have been studies in the past to see what motivates people to NOT break the law.
To prevent people breaking the law, raising the sentence or the punishment tends to have little impact. What does have impact is raising the chance that you will get caught. You can hand out life sentences for people stealing candy bars and it would prevent fewer people stealing them than if you embedded a security chip into the wrapper or had a policeman standing next to the candy bar at all times watching it.
Punishment doesn't deter people- chance of getting caught does.
This is the problem with cybercrime. You can put any punishment on committing a crime and it won't stop many people doing it because; cyber criminals know there is almost no chance they will ever get caught. Cybercrime is only going to get worse because there isn't an effective way to police it; so people need to be increasingly vigilant about security.
Re: (Score:2)
So by your logic, if we caught every criminal and then gave them a stern warning, that would deter all crime... That makes no sense.
The truth is that serious penalties combined with a high likelihood of getting caught are what deters crime. Additionally, life sentences and death penalties eliminate RECIDIVISM which at least in the US pushes above 70% in 5 years, meaning we could significantly reduce crime rates with more life sentences for serious crimes.
I'm not saying that. But if we caught every criminal and gave them one year in jail it would deter a lot more than if we only caught 5% of them- and gave them life sentences.
Re: (Score:2)
Re: (Score:1)
The best prevention is warning them that their mom will find out.
Works every time! Why do we even have prisons?
16 out of 11,000 members? (Score:1)
Only 16 out of nearly 11,000 members? I guess it's a start, but they still have a long way to go.
What a shame (Score:2)
Re: (Score:2)
Re: (Score:2)
Crime (Score:1)