It’s the money. The NYT reports that next week a paper at the IEEE security and privacy symposium will reveal the results of research into the global financial and technical architecture of spam.
“It is the banking component of the spam value chain that is both the least studied and, we believe, the most critical,†the researchers write.
The computer scientists say that because the spam system relies on just a few banks and an even smaller number of credit card processors, the business is highly vulnerable to disruption by regulators and law enforcement agencies.
Hard to believe the banking component is the least studied. Maybe that just means that everyone (myself included) focus on the technical weeds of spam linguistics.
The NYT highlights the use of diverse international paths to slip through law enforcement and regulation.
Note that the server was in China. This might set off alarm bells and be the focus for some, especially if they already are prone to believe China is the source of most attacks, but the team does an excellent job continuing further with their research and analysis.
On Oct. 27, 2010, for instance, a network of zombie computers called the Grum botnet delivered an e-mail with “Viagra Official Site†in the subject line. Users who responded to the message were directed to a Web site that had been registered nine days earlier.
The Internet system that supported the Web site was spread around the globe: the domain registrar was in Russia, the server computer was in China, and a proxy server computer was in Brazil. When a purchase was made from the Web site, the shopper was redirected from a computer in Turkey to the Azerigazbank Joint-Stock Investment Bank in Baku, Azerbaijan. The drugs themselves were sent directly from a manufacturer in India.
The weak link in the system, the researchers noted, was that the Visa payment system handled the transaction between the customer’s bank in the United States and the bank in Azerbaijan.
The infiltration of the system seems to be the key to how they built an accurate and detailed model.
As I said in my 2011 BSidesSF presentation, insider information brings investigations far closer and with better closure than from an outsider perspective. Response to attacks must include methods of surveillance and infiltration to be most effective.