Pauldotcom crew interview Brian Krebs - They talk about digital fraud

The pauldotcom crew interviews Brian Krebs in episode 219 (part 1) of their podcast. This is a post with learning points extracted from the interview.

Disclaimer: These lines do not substitute the listening of the interview. The statements mentioned are close to literal or slightly summarised or just a subjective interpretation. Kudos to the pauldotcom crew!

Minute 8: Brian's IT network was taken over by the lion worm.

Minute 10: People start in security because either they were hacked or they were hacking and decided to change sides and go to the more difficult defence.

Minute 14: He writes about topics that are news to him. This way, they will also be news to everybody else.

Minute 18: A lot of the bad guys have multiple identities in different fora. Most of them specialise on a specific topic and they outsource the rest. [...] They are somehow open since they need to be reachable by their clientele.

Minute 21: Outsourcing in cybercrime is a constant. Even testing services to assess outsourced tasks are outsourced.

Minute 24-26: Ukraine is one of the main sources of attacks, even more than Russia: very technically savvy individuals with very low payslips in legal jobs.

Minute 32: A lot of people buy spam-announced pharmaceutical products.

Minute 34: Their prescription runs out, suddenly they see those announcements and they buy them. The medicine seems to work and it is a third of the real price. However, there is no guarantee that the medicine has the same quality every time [also from minute 44].

Minute 36: Some of those cheap medicines are made in China or India.

Minute 37: Usually those sites ship a pack of "Viasgra" for free with any other order medicine requested. 

Minute 39-40: Rogue pharmacy is the driver of fraud on Internet nowadays. Although it is probably not the most lucrative business.

Minute 41: The most lucrative business in cybercrime is stealing from a corporate bank account through a piece of malware sent to someone in the organisation.

Minute 41: Changing your online banking credentials regularly is hardly done nowadays. This is why stolen credentials are still valid months after.

Minute 48: The gas station card skimmers is currently over the top as a real business. 

Minute 50: ATM skimming figures - average skimmer scam takes around USD 60000 (not confirmed figure).

Minute 52: Gift card fraud is huge. However, given the high margins gift cards have, sellers tolerate it.

Minute 66: We need to clearly explain to people the consequences of not caring about security.

Minute 67: (Unfortunately) Only life-threatening factors will make people security conscientious.

Minute 73: Brian Krebs is reachable for any anonymous security news anyone would like to share with the public.

Happy reading/listening!
Happy new year 2011!