The Underground Economy

March 27, 2007
12 noon - 1:15 pm
Halligan 106
Speaker: Jerry Martin, Team Cymru


The cyber underground economy is, like its physical counterpart, just as seedy and illegal. The primary objective of those who operate there is money. The National Cyber Security Alliance published some data a while ago that concisely describes the problem:

  1. 61% of US computers are infected with spyware
  2. Americans say they lost more than US$336 million last year to online fraud

These figures are largely based on self-reporting, which is often suspect, and therefore the accuracy of them may be skewed. Given the enormous quantity of data witnessed on numerous Internet Relay Change (IRC) channels, both numbers may be underreported. Given these staggering numbers, one might ask what is being done to address this criminal activity. Lamentably, "not much," is the answer. The popular school of thought is that finding and prosecuting these perpetrators of financial fraud and outright theft is too costly, too resource intensive, just too hard. This lecture will expose the infrastructure the miscreants have established; the open arrogance the buyers, sellers, traders, and cashiers exhibit; the activities and alliances the underground denizens are involved in; the method by which they receive their ill-gotten goods; the blatant manner in which they advertise; and the personal data that is harvested every single hour of every day of the year. Numerous snippets of captured IRC chatter will illustrate the points raised, although the nicknames and the information harvested are obfuscated.

The miscreants can make a handsome living through these activities. Even those without great skills can barter their way into large quantities of money they would never earn in the physical world. It is important to note that these miscreants are located all over the globe, and thus may be earning well above the average income for their areas.

Biography: As an information security advocate, Jerry Martin is well versed on the complete information assurance process: assessment of risk and need, gap analysis, policy development, solution deployment, and employee education. He currently serves as the CFO and a Research Fellow for Team Cymru, a corporation of technologists dedicated to making the Internet more secure, passionate about network security, and committed to helping the community identify and eradicate problems within their networks. He has previously worked with a wide variety of clients, to include Carnegie Mellon's Computer Emergency Response Team Coordination Center (CERT/CC), MasterCard, the Japanese Computer Emergency Response Team Coordination Center (JPCERT/CC), and the Department of Homeland Security's National Cyber Security Division in the Law Enforcement/Intelligence Sub-Division. Additionally, he teaches a graduate course in Network Security Fundamentals at George Mason University which covers subjects ranging from the National Strategy to Secure Cyberspace and related policy documents to recognizing, guarding against, and recovering from all manner of cyber attacks. Previously, Jerry worked at the Joint Task Force for Computer Network Operations (JTF-CNO) as the Director, Technical Analysis Branch, as his final assignment with the United States Air Force, capping a distinctive 21-year career. During this career, he performed in a myriad of different positions, such as government acquisition and defending DoD's computer networks.

Jerry forged lasting relationships with dozens of private sector cybersecurity professionals as well as numerous high-level government personnel. He authored the comprehensive Cyber Contingency Guidance for the Federal Government, released by OMB in late August 2003, as well as numerous papers for government seniors such as Vice President Cheney, Secretary Ridge, Secretary Rice, and Special Adviser Clarke. A popular speaker, Jerry presented talks and NSA's 6th Annual Information Assurance Workshop, the Joint & Combined Information Warfare School, the Joint Counter Intelligence Training Academy, the CanSecWest04 security conference, the Wisconsin Innovation Network/Wisconsin Technology Council, the National Infrastructure Advisory Council, and Microsoft's Botnet Task Force, to name a few