I had the pleasure of sitting in on Kevin Poulsen's session at RSA 2011: From White Hat to Black - The Curious Case of Cybercrime Kingpin, Max Vision. I also need to read his book, Kingpin to dig even further into this very interesting story.
A brief recap of the story: after a stint in the joint, Max Vision needed a way to make money to live. Unable to get steady, good-paying work in spite of his skills, he hooked up with a fellow that bankrolled Max's equipment and space needs. Max used borrowed/stolen WiFi access to break into point-of-sale systems (among other things) and steal credit card data. In a twist of irony, Max also hacked criminal credit card sharing sites and stole fresh credit card data from other criminals. Selling this card info, and selling forged cards created using card data, netted Max and his partner significant sums of money.
A significant point in the story about Max Vision is how the cyber criminal underground has developed and how the economics of data theft have become profitable.
This is just one significant example of data theft; other theft continues, including theft of money from bank customer accounts, skimming at ATMs, and the recently-disclosed theft of something (exactly what is still secret) from RSA itself.
Many experts acknowledge it's not a question of if, but when, data loss could happen. Criminals motivated by economic factors have become a significant threat, and this is even more reason to implement technologies and policies like access management to reduce exposure, discovery & endpoint protection to catalog and protect data, and access logging & data loss prevention to control and monitor use of data.
No comments:
Post a Comment