News & Views » Cover

The Digital Mafia

You've got mail – and it's from the mob!

comment

Ever wonder who's responsible for e-mailing you all that stuff – the Viagra ads, penis enlargement proposals, job offers, pelvic pain remedies and chatty, half-deranged rants?

Sometimes these e-mails don't even contain any words, just Asian-looking symbols. Most are obviously, transparently spam, but occasionally you get tricked by an e-mail that looks real, appears to come from a friend or references something you've just done.

John Gotti was head of New York's Gambino crime family for six years before being convicted and sentenced to life imprisonment in 1992. - SPLASH NEWS
  • Splash News
  • John Gotti was head of New York's Gambino crime family for six years before being convicted and sentenced to life imprisonment in 1992.

If your spam filter isn't good, you may spend hours each week sorting through it, looking for the few legitimate e-mails that inadvertently seem to end up in your spam folder. And, it seems incredible that people could actually be falling for this stuff.

So who are the brains behind these mountains of spam ... and why do they bother? To understand who they are and what they're up to, you've got to go back seven years, to when things started going badly on Wall Street for organized crime families. Over a nine-month period, federal authorities had busted three of their infamous "pump-and-dump" stock schemes.

In the last of these, Gambino crime family associates and 20 of their employees set up bogus stock brokerages and bought a handful of different stocks. They hired a posse of telemarketers to cold-call victims and hype the stocks. As the victims bought the stocks and drove up the price, the brokerages dumped them, defrauding their victims of more than $50 million.

When the FBI shut the scheme down in 2001, USA Today proclaimed that organized crime's influence on Wall Street was waning -- and it did, for about five minutes.

By 2007 standards, the Gambino scheme was hopelessly primitive. Nobody hires telemarketers or sets up faux brokerages anymore -- and almost nobody gets caught. Instead, today's pump-and-dumpers bombard people's e-mail inboxes with "BUY NOW!" stock tips sent from bootlegged computers in Romania. The Internet analysis company Sophos now estimates that 15 percent of all spam is classic pump-and-dump stock tip fraud, up from .8 percent in January 2005. That's because the scheme works, particularly for fraudsters with the kind of capital to buy hundreds of thousands of dollars of a stock before they pump and dump it. A recent Oxford-based study of pump-and-dump e-mails found that the average cybercriminal can make a 6 percent return in a single day off stock fraud e-mails.

Two years ago, spam was a solved problem, says Daniel Druker, executive vice president of marketing with the spam-blocking company Postini.

"People thought of it as something that was under control," he says. Then, a year ago, it exploded. Over a two-month period this fall, the amount of spam bombarding people's inboxes grew by a staggering 73 percent.

The Internet security company McAfee measures the problem another way. In 2006, McAfee's researchers reported that over 200,000 online threats had been detected. It took 18 years to reach the first 100,000 on record in 2004, McAfee analysts said, and just 22 months to double that figure.

That's because over the last two years, organized crime has begun targeting -- and flooding -- your inbox.

"Computer crime has evolved into organized crime," says Jamz Yaneza, senior threat research analyst at Trend Micro, another Internet security company. "It is no longer the game of individual attackers. The unseen Web threat is maturing, and users should be ever-more careful about what they download and install, as blended threats are ever-more cunning in their attempt to steal corporate and personal data or money."

Five years ago, says Druker, most spam and computer viruses could be attributed to hackers showing off -- guys who had spare time and wanted to show they could bring businesses to their knees and disrupt the Internet. It also came from the kind of annoying and often unscrupulous marketer types who had previously hawked their wares in the junk ad sections of newspapers and porn magazines.

The Can-Spam Act, passed by Congress in 2003, pushed most of these marketers out of the spam business.

"Back in those days you could trace spam back to actual human beings," Druker says. "These were guys that had to buy a computer and rent a server and get an Internet connection and then they'd go send all this stuff out. So the federal government responded by passing this law, and you started to see some convictions."

One of the problems with the old model was that the more spam you sent out, the more it cost.

Then came the botnet, the mother of all criminal vehicles. Hackers had already proved that they could infect people's computers with viruses. But viruses could also be written to string these infected computers together and harness their unused power when they were turned on and connected to the Internet. The owners of these infected machines would never know that while they shopped online or worked on a project for school, their computers were also surreptitiously e-mailing out spam or other viruses to infect additional computers.

Tags

Add a comment