Most of us are familiar with that comforting little padlock marking the security of online credit card payment forms. We take for granted that whatever coding lies behind that golden emblem will protect us from the underground networks of credit card thieves. And indeed, secure internet forms do guard our credit card information effectively the vast majority of the time. Unfortunately, they cannot always keep cybercriminals from getting to the credit card information stored in the databanks of retail stores and payment processing networks.
This year has brought several record data thefts. Judging from the recent cases of Network Solutions and Heartland Payment Systems, cybercrime is not just alive and well, it’s growing by leaps and bounds. In the past year, the U.S. Department of Justice has renewed its efforts to crack down on cybercriminals. However, the global spread of offenders has made the battle increasingly difficult. Back in the day, criminals operated locally, breaking and entering into businesses within their area. With increased globalization of commercial opportunities, the internet has also brought increasingly global criminal opportunities.
Over the years, cybercrime has spread from the more law enforcement-accessible western countries into Eastern Europe and Asia where criminals are far harder to track and prosecute. As a consequence, U.S. law enforcement agencies are hard at work developing measures for tracking credit cards hackers and other cybercriminals to the most distant reaches of the globe.
In order to pursue and extradite offenders, U.S. law enforcement continues to work with foreign cybercrime investigators to identify and arrest online credit card fraudsters. On May 8th of this year, Cristian Diaconescu, Foreign Minister of Romania, and U.S. Secretary of State Hillary Clinton announced their signing of a “Mutual Legal Assistance Protocol,” in addition to a joint extradition treaty.
This legal step followed the detection of a Romanian credit card phishing cybercrime ring that lured unsuspecting individuals to give out their personal financial information to criminal-operated sites impersonating businesses such as Wells Fargo, Pay Pal, and others. The treaty will allow as many as thirty credit card fraudsters arrested overseas to be extradited into the U.S.
Another victory for the U.S. Department of Justice’s Computer Crime and Intellectual Property Section came in August with the prosecution of 11 members of an international retail hacking organization. The organization, which held bases in Ukraine, Estonia, China and Belarus, used a hacking method known as “war driving” to break into company databases by exploiting security weaknesses in a company’s wireless networks. Using this method, the hacking ring was able to retrieve data from retailer TJ Maxx for over 45 million credit cards. Other retailers and even restaurants such as Boston Market and Dave&Busters were hit as well.
Unfortunately, even with successes such as these, the shadowy world of cybercrime continues to thrive. Despite widespread international support and increasing cooperation with foreign cybercrime forensics, organizations such as the elusive Russian Business Network (RBN), an organized network of cybercriminals thought to be based out of St. Petersburg, continue to evade authorities.
Even spam, which took a hit when law enforcement shut down McColo in November of last year, is back in action. Phishing schemes have been on the rise too: in 2008 they made off with the credit card information of an estimated 5 million Americans, a 40% increase from 2007.
Even as the number of cybercrime victims continues to rise, there is one small silver lining. Thanks largely to the security efforts of credit card companies, the amounts criminals make off with have actually decreased. And of course, consumers continue to be protected against fraudulent transactions on their credit card account. Should you become a victim of fraudulent charges, the credit card company is on the hook, not you.
