FBI: Cybercriminals taking cues from Mafia

The Web site offered to sell stolen credit card information for $100, but it was the title of the poster that caught FBI agent Thomas X Grasso Jr.'s attention. The cybercriminal identified himself as a "Capo di capo" -- a boss of bosses, in Mafia parlance.

As money has become the driving force behind online threats, cyber criminals have been taking a page from organized crime, adopting the same kind of organizational structures as these older crime groups, Grasso told an audience Friday at the Defcon hacker conference. Defcon immediately follows Black Hat, its sister show.

"This organized crime group, Carderplanet, organized themselves into the same structure as the Italian Mafia," said Grasso, a supervisory special agent who works at the National Cyber Forensics & Training Alliance.

And the costs of cybercrime are steep. The FBI estimates that it cost the U.S. more than $67 billion last year, Grasso said.

To illustrate how sophisticated these cyber criminals are, Grasso then played a slick promotional video offering Carderplanet "business" services. It could easily have been mistaken for a legitimate IT consulting ad.

"Just so there's no confusion here, these guys are not doing something legal," he told the audience after playing the video.

The Carderplanet Web site has now been shut down and the FBI is working with other law enforcement agencies in eastern Europe to put the group completely out of business.

But Carderplanet is just one part of a larger confederation of online criminals called the International Carder's Alliance. They use known Web sites and IRC (Internet Relay Chat) channels to coordinate their online attacks.

"This is really the heart of organized cybercrime," Grasso said of the alliance. Many other cybercrime groups, with names such as Mazafaka, Shadowcrew, and IAACA (the International Association for the Advancement of Criminal Activity), are affiliated with this organization.

One reason for the similarities between cybercriminals and traditional organized crime is that the gangs themselves increasingly are becoming involved in online crime.

"The (criminal activities) area is crowded, and cybercrime is a great outlet for these groups to move into," Grasso said.

"The average take on a bank robbery is, like, $3,000. The persons committing that crime run an extremely high risk of something bad happening to them," he said. "You can run a phishing scam and make hundreds of thousands of dollars. You can be a spammer and be rich off your rocker"