The battle against cyber crime chalked up a couple of big wins for the good guys this week, as the FBI captured Dread Pirate Roberts and Symantec took down ZeroAccess. But those coups were countered by new revelations about the scope of activities by Russian data-theft group SSNDOB and other examples of the ingenuity of today's hackers. Cue "The Never Ending Battle" soundtrack.
For those of you who started the week mourning Walter White, here's a real-life plot worthy of "Breaking Bad": The FBI this week seized Ross William Ulbricht, the man behind an online drug marketplace known as Silk Road. In addition to distributing heroin, cocaine, LSD, and methamphetamine, Ulbricht -- whose aliases include "Dread Pirate Roberts" and "Silk Road" -- is charged with soliciting one Silk Road user to murder another Silk Road user who was threatening to release the identities of thousands of the site's members -- talk about cutthroat tactics.
FBI agent Christopher Tarbell describes Silk Road as "the most sophisticated and extensive criminal marketplace on the Internet today," and claims several thousand drug dealers used Silk Road to move drugs to "well over 100,000 buyers." The FBI estimates the Silk Road site generated $1.2 billion in sales and $80 million in commissions.
Now that's big business. An anonymous Silk Road drug dealer who goes by the alias "Angelina" breaks it down further for Mashable:
[Silk Road] runs like a small Internet retailer/packing and shipping company. We use accounting software to manage our finances and we pay taxes. We've built an order management system to track our inventory and shipping. We had to build the order management tool with a significant level of built-in security -- but that still let us get some visibility into how many days of inventory we have, whether business is up or down, where our costs are, etc.
As a day-to-day job, it feels much like it might feel to work at any other Internet retail company.
In other words, just think of Silk Road as the Amazon of illegal services. In addition to drugs, the site was used to solicit a variety of illegal activities, including compromising social networking accounts for identity theft; hacking ATMs; and providing connections for stolen credit card information, firearms and ammunition, and hit men. "The site has sought to make conducting illegal transactions on the Internet as easy and frictionless as shopping online at mainstream ecommerce websites," the FBI report says.
Not in the same league but still a significant security win, the cyber criminals behind the ZeroAccess botnet lost access to more than a quarter of the machines they controlled, thanks to an operation executed this week by Symantec. ZeroAccess was one of the largest botnets in existence, made up of more than 1.9 million infected computers and used primarily to perform click fraud and bitcoin mining. Symantec estimates the botnet's activities generated tens of millions of dollars per year in revenue.