In the past we have pointed you in the direction of good research, such as:
research that matters – identity theft
We have also pointed out why some findings can be misconstrued or not tell us the whole story in other places, such as work conduced by PWC here:
3 ENISA – awareness raising study – better prevention thanks to data crunching
Just as a reminder, when doing data crunching some basic issues might be of interest:
| ecrime – cybercrime – pedophile – Russian Business Network
statistics that make sense (Please click on the link, choose Login as guest – click on this link again and voila free access) |
|
| Can the results be repeated by another person – yes if we use a metric or yard stick and outline what research methodology we used…. so somebody else can repeat the study | reliability |
| Does it measure what it is supposed to measure – yes but only if we do use a metric stick if this is our standard we follow – using a yard stick results in invalid data if the measure we agreed to use is based on meters and centimeters | validity |
Based on these definitions and the research we cited earlier above, when doing a search for a string, such as:cybercrime research data
or using alterations of the above (e.g., ecrime data or put the last two words in quotation marks), results served are not very encouraging. In fact, most ‘research’ pulled does not show the same level of quality and thoroughness as we get from the UN Office on Drug and Crime (UNODC) when publishing its statistics regarding the drug trade as shown here:
where are the bucks? drug-related versus cyber-crime activity? and the winner is?
Hence, data on cybercrime or ecrime are neither reliable nor can they be called valid (Please click on the link, Login as guest – click on this link again and voila free access) if one uses generally accepted standards (best practice examples) as far as research methodology and statistics are concerned. Recently we came across another report regarding ecrime in Russia that got us very interested:
David Bizeul (Nov. 20, 2007) Russian Business Network study – available online
if the link fails to work get it here: Russian Business Network study
On p. 5 things had us really intrigued:
- RBN offers a complete infrastructure to achieve malicious activities. It’s a cybercrime service provider. Whatever the activity is: phishing, malware hosting, gambling, child pornography… RBN will offer the convenient solution to fulfil it.
Hence, this investgation (might be a more appropriate title than calling it research) provides extensive information about the activities of the Russian Business Network.
And then it continues on p. 6:
- Computer Associates wrote a note on a UrSnif trojan installed via a VML exploit on a computer hosted on RBN. This note was written 3 days only after Microsoft released its advisory. This small delay can prove that malware hosted on RBN is up to date.
We are not sure if this confirms or disconfirms a hypothesis or research question regarding the malware hosted on RBN being up-to-date or not (PS. in social science research one never proofs things but confirms or disconfirms a theory or hypothesis).
Nonetheless, the report is enlightening for novices but also so-called experts. What one does have to wonder is how all this may affect the cybercrime convention considering Russia’s lack of enforcing its own laws and prosecuting ecrime suspects:
Regulation that Matters – Cybercrime Convention – USA citizen groups are balking…
EICAR 2006 – Going beyond legal terminology when looking at cybercrime and crimeware
Russia has not signed the Convention on Cybercrime CETS No.: 185 Russia has laws criminalizing hacking, but these are only for domestic use. Neither does Russia have laws in place to extradite Russians who could be accused of having attacked computers in other countries.
This combination creates a de facto cybercrime haven: a country that outlaws internal cybercrime but tolerates external cybercrime. The resulting scenario is a sheltering base of operations for those who generate revenue by preying on outsiders.
TIDBIT
Most people are alert to the possible or outright bias in the research they receive from software vendors and sometimes even government agencies to push a political agenda as it pertains to crime.
Remember when in 2003, Eliot Spitzer was extracting a $1.4bn settlement from Wall Street as punishment for biased research.
Research bias is proving a red herring (i.e. name comes from the warning, printed in red, that information in the document is still being reviewed by the SEC and is subject to change = preliminary prospectus for investors) in the cybercrime or ecrime domain.
CONCLUSION
The investigation conducted and published by David Bizeul (Nov. 20, 2007) about the Russian Business Network is most certainly interesting. Nonetheless, it represents a case study about the Russian Business Network and its activities, in particular, how they take advantage and exploit ecrime laws that tolerate external cybercrime.
As a result, David Bizeul confirms what many have pointed out before that it is and continues to be highly unlikley that a person accused of cybercrime done against others abroad will be taken to court and charged under Rusian cybercrime laws. Since there is no extradition to happen either, such acitivites go unpunished.
His single case investigation reveals quite extensive technical details on how the Russian Business Network has managed to generate revenue. In part, he present the various techniques used by the Rusian Business Network for spreading malware or extorting money from cybercrime victims living abroad.
In conclusion, the investigation does neither develop new ways on how to investigate such crimes, nor does it reveal new trends or patterns that could, based on a theory, be applied to other cases.
============>
60% OF THIS ITEM’S READERS SUBSCRIBED ALREADY
CyTRAP Labs invites you to get info about zero-day exploits, tools, benchmarking and regulatory intell or just become one of our readers by subscribing right now to one or more of our highly acclaimed services.
====>
Also related – research addressing cybercrime issues:
====>
No Responses to “1 research methodology – ecrime drop in Russia”
Trackbacks/Pingbacks
[...] One way to stay ahead of the Russian bot herders is to make sure that you know about the latest trends and ways to protect your corporation’s information assets by attending: [...]
[...] ecrime drop in Russia [...]
[...] As long as the bot herders and denial of service attack originators are not facing the wrath of the law, Rusia will continue to be the origin of much criminal activity (ecrime is dropping in Russia). [...]
[...] More often than ever we find virus infected computers on our network. Unfortunately, these computers might even be part of a botnet and the herders might be in Rusia. [...]
[...] 1 research methodology – ecrime drop in Russia [...]
[...] Bottom Line John Markoff is the journalist that wrote the New York Times story. I am not sure if he read the report from beginning to the end. He did interview the experts that is for sure. But somewhere between reading and listening to the experts he must have no longer understood the technicalities and so forth. Otherwise, he would have surely grasped that many more reports of this kind have existed for years warning us about this problem. Some have even supplied us with more data…. If this is supposed to make us aware about the problem, okay. The report adds little to what we already know and even less to our understanding regarding how these networks operate or can be contained, besides maybe getting users to be vigilant. But is that all? ecrime is dropping in Russia Cyber warfare – biggest threat is China overestimating its limited capabilities Russian cyber criminals give CyTRAP Labs’ news service ’stamp of approval’ resulting in massive denial of service attack [...]