Who is this community of cyber criminals? And what organizations exist to counter this growing threat?

Leading the charge

The ISSA (The Information Systems Security Association), a non-profit organization that provides community- based education, awareness and training in effectively managing cyber crime and the President of its Los Angeles chapter, Stan Stahl—one of the country’s leading experts on cyber security—are at the forefront of a movement that is closing the gap between the people with the means and motivation to commit these crimes, and both their victims and the law.

“Like Tony Soprano, there are bosses,” says Stahl, “but instead of sending out their goons, these guys have their geeks.”

Cyber crime is in many ways the natural evolution of any other kind of organized crime, and the criminals run their operations in a similar way. “Like Tony Soprano, there are bosses,” says Stahl, “but instead of sending out their goons, these guys have their geeks,” highly specialized experts who look for and exploit vulnerabilities in the code of commonly used programs. Cyber crime is a global industry. “For example, a cyber-criminal in the Ukraine is planning a job where money will need to be transferred out of the country. He will call up a buddy in China and say ‘I need 80 money mules to move $700,000 next week.’” Cyber crime is, “run like a business,” and it is becoming big business.

Behind the mask

Where there is a will there is a way, “and the way,” says Stahl, “is like shooting fish in a barrel, because businesses are woefully unprepared.” The creativity of the cybercriminal in terms of how to monetize information is virtually limitless. “If you can imagine it, it can happen,” everything from stealing people’s identities, medical insurance to, “honest to goodness dollars from the bank accounts of businesses,” says Stahl, “and what’s worse is that when the company that’s been victimized calls their bank, the bank is not obligated by law to give the money back.”

According to Stahl, a big part of the problem is a denial of how serious the problem is, but “a critical piece of the solution requires that businesses, banks, information systems security professionals, and associations like the ISSA, all get involved and come to the table and deal with this issue in a way that’s practical and workable. So much could be done just by sharing information and the collective wisdom of the community.” Having a conversation among the right people is the first step in building a community that is able to effectively defend itself from today’s cyber criminal.