FORT LAUDERDALE, Fla. (11/19/15)--When personal information is stolen by cybercriminals where does it go? CUNA/National Association of State Credit Union Supervisors Bank Secrecy Act Conference attendees got a glimpse into that world Wednesday, a glimpse into the cyber black market.
Wes Withrow, a cybersecurity expert with TraceSecurity, outlined how information technology (IT) professionals can detect things such as zero-day attacks, which involves hackers finding a backdoor into a system and stealing the information before the vulnerability can be fixed.
“At the end of the day, all you’re really doing in IT security is taking a baseline of something and then comparing that baseline and seeing if it’s changed,” Withrow said. “It’s very simple, but the tools to do that weren’t available for a long time, but they are now.”
Withrow gave three recommendations for those in attendance to bring back to their credit unions:
When it comes to how cyber black markets get busted, Withrow said there’s only one method that seems to work: catching people and turning them in to law enforcement. “People who end up getting busted, hackers that get caught, and the government gives them options: cooperate or don’t cooperate,” he said. “Most of the actual intelligence and information that gets out isn’t from us, it’s from these moles. It’s still a boots on the ground thing, if you can catch one of these people with access, find their weakness and turn them, that’s what ends up busting these big, big networks.”
A recent example of what goes on in the cyber black market came to light in July, when anFBI-led law enforcement efforts led to the seizure of Darkode, a cyber black market described by Europol as “the most prolific English-speaking cybercriminal forum to date.”
More than 70 arrests were made across 20 countries, including 12 in the United States. Darkode forums offered everything from eBay account information to Skype accounts, all with accompanying personal information.
(Editor’s note: For more coverage of CUNA’s BSA Compliance Conference, see the following stories in today’s issue: BSA Conference: Bitcoin daily usage comparable with Discover, Western Union; BSA Conference: 4th Corner CU talks challenges of serving legal pot biz; BSA Conference: CUs must manage risks associated w/ serving MSBs; and BSA Conference: Attendees hear the latest from NCUA, FinCEN, OFAC.)