Monday, February 27, 2006

Low hanging fruit . . .

This is a follow-up to the post I did last week on why our current model of law enforcement is not very effective when it comes to cybercrime.

Most experienced cybercrime investigators will tell you that it is the inept cybercriminals -- the "low-hanging fruit" -- who are being caught. The clever cybercriminals are much less likely to be identified and apprehended, especially if they operate from certain countries.

This is not to critize either the efforts or the professionalism of cybercrime investigators. They are doing the best they can with a whole new ballgame; aside from anything else, our current model of law enforcement was not designed to deal with transantional crime, which is what cybercrime is increasingly becoming.

But back to low-hanging fruit: To illustrate my point about the ineptitude of the cybercriminals who are being caught, I want to use Myron Tereshchuk, whose story has been told in various places, including the New York Times. See Timothy L. O'Brien, The Rise of the Digital Thugs, NYT (August 7, 2005).

Tereshchuk operated a small patent document service that competed with MicroPatent, which describes itself as "the world's leading source for online patent and trademark information." It is, obviously, essential for those who provide these services to have access to the U.S. Patent and Trademark Office. Several years before he became a cybercriminal,Tereshchuk, however, was banned from the Patent Office for either of two reasons: Some say it was because a Patent Office employee accused him of threatening to bomb the office, while others say it was because he was accused of taking files from the office without permission. Either way, Tereshchuk came to blame MicroPatent for his troubles, and decided to take action.

In February, 2003, Tereshchuk used unsecured wireless networks around the D.C. area to send emails to Micropatent clients that ostensibly came from a disgruntled MicroPatent employee using the company's email system. The emails provided information about, and instructions, for a sex-toy patent held by one of the company's clients. This seems to have been purely an act of harassment, since Tereshchuk made no demands at this point. Later in 2003, he used the same tactic to send passwords and customer data to MicroPatent clients; again, his goal seems to have been harassment, only.

In January, 2004, Terschchuk sent a series of threatening emails to MicroPatent, using the alias "Bryan Ryan." In these emails, "Ryan" claimed to have confidential MicroPatent documents, along with customer data and computer passwords. "Ryan" warned MicroPatent's President than unless his demands were met (more on those in a minute), this information would "end up in e-mail boxes worldwide." "Ryan" included "samples" of confidential MicroPatent documents to prove that he had access to such material. He also threatened a Denial of Service attack, claiming that if MicroPatent did not meet his demands (in a minute), he would overload its servers with data and shut them down.

"Ryan" told MicroPatent it could avoid all this havoc by paying him $17,000,000. "Ryan" also told MicroPatent to send the $17,000,000 in three checks, each payable to "Myron Tereshchuk" and each to be sent to his parents' home in Maryland. The checks, of course, were not issued. Instead, the FBI arrested Tereshchuk, who eventually pled guilty to one count of attempting to use a computer to extort $17,000,000. Tereshchuk is currently serving the 63-month sentence he received under this plea.

Myron Tereshchuk is a classic example of low-hanging fruit: an incredibly inept cybecriminal, one who self-identified himself to the agents investigating his activities. Tereshchuk joins the low-hanging fruit Hall of Fame, along with Jeffrey Lee Parson, who released a modified version of the Blaster worm that had his website address in its code. It did not take very long for the FBI to find Parson, who was luck enough to turn 18 a few weeks before he released his version of the worm; this, of course, made him a viable target for federal prosecution.

Most of the low-hanging cybercrime fruit is just that: Inept criminals who are caught because they "out" themselves (like Tereshchuk and Parson), operate in the U.S., come to the U.S. after having been identified as cybercriminals or engage in other, equally-foolish maneuvers. Most of the headlines we see about cybercriminals' being apprehended deal with low-hanging fruit.

We must not, therefore, find much reassurance in those headlines . . . for there are many, many cybercriminals out there who are distinctly not low-hanging fruit. Those are the ones we have to worry about . . . .

No comments: