But what is happening now is they are being driven further underground to more anonymous places activity, like Internet Relay Chats. What is interesting is IRC has been around for a long time. The net affect is these criminals are just leveraging technology that had been available to them. Criminals are criminals are criminals. They are going to always utilize the technology that's available to them.
How is recruiting done now in the underground economy?
Previously, in the web-form world, you had to have some kind of credibility. You could register as a user on these sites and be certain class of users until you provided more information. But with groups now, their membership base is tightly held. So, we don't know really how they are recruiting except to say probably by word of mouth and usually in closed channels, not on the web.
In terms of IRC, whether you are buyer or a seller, you can log into a relay chat, pick a server and join in. You sit there and watch. If you are a criminal and you know of a data base of social security or credit card numbers, you type in a channel and say: "I've got numbers available." You will have people contact you within in seconds.
Who are the criminals these days and where are they located?
I think the popular consensus is these are kids in the basement that are bored: a 14-year-old teen hacker. That is not the case. That is really not the case. We looked at differences in Eastern Europe, Russia and North America in terms of the type of criminal we are talking about. In Eastern Europe and Russia it's much more organized, much more tightly knit. In North America, it's a looser association.
What is interesting is the groups have to work in concert together. Eastern Europeans and Russians are more into producing physical materials, like fake credit cards or ATM cards. But in order to get that they have to work with counterparts in North America to get access to things like North American banks or ATMs. So in that need to work together, we see a sort of a delineation of duties, like in any company. You've got the guy who is the phishing specialist, the guy who is the spam specialist or the malicious code specialist, all working together to have this large distribution network to get threats out there and gather info needed to steal things like credit card numbers.