A Lesson From the Bad Guys
The bad guys are joining forces.
Aleksey Kamardin reaped $13,158 in just 104 minutes buying and selling penny stocks.
The 21-year-old bought 43,000 shares in a small Wisconsin equipment company that makes, among other things, potato harvesters. He sold the shares less than two hours later at nearly double the investment.
Kamardin and his accomplices allegedly hacked into four online trading accounts of unsuspecting investors, selling off their holdings in higher-valued companies to purchase shares in Thomas Equipment, a firm whose stock that day soared from 26 cents to 80 cents a share, authorities said. The trading volume of Thomas increased tenfold.
Kamardin, allegedly part of an East European ring, repeated this scheme on 13 other occasions in July and August, defrauding investors of $82,960, according to a civil complaint filed yesterday by the Securities and Exchange Commission.
Remember “cyber-criminal” is two words. The “cyber” part is this kid Kamardin, the “criminal” part is the reason he is sitting in Russia right now and doesn’t have to worry about extradition.
The worst part? He can continue attacks against people in the US (where he just fled from) and all over the world, with all of the backing and financing he could need. This is something unique to cyberspace. You can commit a crime, flee the scene as it were, then attack the scene again – but this time remotely.
Extradition laws and global standards defining what constitutes a cybercrime and the penalties for each one will help a lot.
But, what us ‘good guys and gals’ really need to do is take a cue from those hackers gone bad. We need backing and financing too, often IT security is the first to get cut from the budget and the most to get groans from the business/marketing people.
By focusing spending on smart prevention rather than throwing money around after the fact on ineffective make-people-feel-better security measures, everyone saves in the long run. It helps consumers by protecting their money and privacy, businesses by bolstering public confidence in online commerce, and makes committing crime all the more expensive for criminals.
See, right now what we have is the reverse. The bad guys use a small amount of money (for them) to pay an opportunistic kid with some computer skills to make them a wad of cash (and take the fall if he/she fails). What the business side does after an attack is pay for the cleanup, pay back the customers all of the money they were robbed of, and forces them into a public relations nightmare. Public relations are expensive, period.
So who is being more efficient here?
Business should take a lesson from the bad guys, some money and smarts before hand causes the other side to use much more money to counter.
And yes, there is a back-and-forth going on here, but the proactive side always has the advantage. Right now cyber security is the punching bag that tries to beat the boxer by wearing the boxer down. We try to change the punching bag from time to time making it thicker each time.
Imagine how much more effective (and cheaper) it would be to hire a boxer to fight the boxers?