Gary Warner over at Cyber Crime and Doing Time has a good post up this week about the CallService.biz website being shut down. I will post a few good excerpts and add my comments to the end:

On April 19th a friend sent me a Facebook link announcing that CallService.biz had been closed. The news was officially announced by the New York FBI on Monday, although the arrests happened on April 15th.

The Indictment says that Dmitry M. Naskovets (??????? ????????) resided in the Czech Republic and the Republic of Belarus and that he operated the online business CallService.biz with his co-conspirator, Sergey A. Semashko (?????? ???????), and that such business was “an online enterprise designed to help identity thieves profit from stolen financial data.”

The indictment quotes from an advertisement that Semashko placed on another website to advertise their service. That website, CardingWorld.cc, was owned and operated by Semashko. The advertisement claimed that CallService.biz had ‘over 2090 people working with it’ and had done ‘over 5400 confirmation calls’ to banks, meaning calls to confirm or conduct fraudulent transactions, as described above.”

Title 18 Section 1343, accusing them of “unlawfully, willfully, and knowingly, having devised and intending to devise a scheme and artifice to defraud, and for obtaining money and property by means of false and fraudulent pretenses, representations, and promises, [that] would and did transmit and cause to be transmitted by means of wire, radio, and television communication in interstate and foreign commerce, writings, signs, signals, pictures, and sounds for the purpose of executing such scheme and artifice.”

Warner’s take on the world of spam, malware, hacking and phishing is that unless people actually go to jail because they are spamming, the problem of spamming will never get better. That’s because when the security industry fixes the latest hole or comes up with a new technology to stop the newest threat, spammers simply move onto another. While the security industry is rushing to catch up to compete with this latest round of threats (spam → rogue A/V → Black SEO → ?), these spammers are busily engaging in all sorts of nefarious purposes. They simply up and relocate when their tactics no longer work. It’s not a technology problem, it’s a social problem.

By contrast, arresting people and sending them to prison stops them from spamming because they don’t have access to the Internet from which to push out all of their fraud. Stop the spammer themselves and you don’t have to come up with new technology; the people behind them are no longer doing it.

I actually agree with Warner in that people have to go to jail to stop the problem of cyber-abuse. My own take is that the actions are multifaceted:

• Law enforcement must pursue abusive players.
• Technology companies must have good software in order to make abuse unprofitable (too difficult to make money).
• Users must stop taking action on abusive initiations-to-treat because the handing over of their money is what drives their motives.

Each of these is complex in and of itself, but it is what realistically needs to happen.