While the jury’s still out about whether the intent of the past month’s mass webserver breaches are fully criminal, Dancho reports new developments which also link Koobface activity into this command and control structure:
Dancho goes on within his investigative piece to list the same IP addresses being used as a key Koobface botnet command and control host site, as well as the same email address discovered previously associated with the Koobface gang.
Things were so much easier in physical crime. Usually money is the motivator, but there are also more human qualities like envy or jealousy (to quote one collector’s motivation to hire out a commercial burglary, “…he had more [ancient Anasazi] pottery than anyone else…”). Connecting the dots is the struggle in both forms of investigation or counter-intelligence. Finding the coincidences and matching them up turns out the best results.
This, my all-time favorite Dancho quote frames cyber-intelligence analysis properly:
The key element is that they’re refining the procedure but at the same time it’s becoming repetitive. That means, in our analysis of all things with a tempo, that the beat of the cybercrime drum can be disrupted.
While I’m stuck hoping that
Dr. Gordon Freeman Dir. Gordon Snow can work his own ‘24’ scenario on these cybercriminals, it’s safe to say that the business model for cybercrime is still well preserved and specialized. In fact, the same process-driven mindset ultimately leads to the demise of most international organized crime organizations – once they’re able to be fully taken down.
Securing Our eCity Contributing Writer
Author ESET Research, ESET