LAS VEGAS—The FBIs point man for Internet crime wants hackers to join the fight against international gangs of Web mobsters.
Dan Larkin, unit chief of the FBIs Internet Crime Complaint Center, used the spotlight of the Black Hat security conference here to call for a new level of trust and cooperation between security researchers and law enforcement, warning that online crime is being controlled by “very sophisticated, very organized” attackers.
“More often than not, valuable information ends up in your hands before it gets to us,” Larkin told a standing room only gathering of security professionals. “We need to leverage your capabilities and your strengths. You have to be able to tap into us. We have to figure out how to team up and be better partners,” he added.
Even as his presentation centered on the escalation of what he described as “mobsters on the Internet,” Larkin said his unit has successfully created industry alliances with software vendors and academic institutions in the United States and overseas.
“We are being proactive to anticipate the threats. We now have frameworks where Citibank can share information with eBay and PayPal and we can track online crimes in the early stages,” Larkin said.
“In the past, the trust wasnt there. We would talk about partnering [with researchers] but the connection never happened,” he said, acknowledging that the public perception of the FBI needed fixing.
“We took aggressive steps to fix things. We understand that its important that all the stakeholders have access to the best information and we have partnerships now where everyone can access the information immediately,” Larkin added.
Larkins presentation, which centered on the sharing of cyber-crime “war stories,” included an inside peek of the way the FBI tracks the morphing of spam, phishing and malware attacks.
“The nature of the threat is complex and more sophisticated. Theyre not just script kiddies anymore. Its highly organized crime networks, with roots in Eastern Europe,” Larkin said.
He said the crime networks are comprised of “specialist cells” handling specific functions of the attacks. One cell might deal only with ways to get spam e-mails around filters while another cell within the network work on creating malware to exploit high-profile security vulnerabilities.
Larkin confirmed that the Web mob activity also included a human element in the United States that is used as money mules to re-ship goods overseas.
He said online merchants have blocked shipments to suspicious destinations in West Africa, only to find that U.S. re-shippers were involved in the bogus transactions.
Now, he said the FBI is working with online job sites like Monster.com and CareerBuilder to quickly identify potential scam listings.
Larkin also warned that online criminals have “adjusted their operations” to use new forms of social engineering, including telemarketing and the use of penny stock scams driven by spam e-mail.
“Whatever is the hot story of the day, it will be in a cyber exploit tomorrow,” he warned, noting that phishing attacks during the Hurricane Katrina devastation escalated to the point where 5,000 potential scam domains were registered a full two days before the storm made landfall.