Can you trust the Security Pros?

The last week, three cases of Information Security Professionals breaking the law has emerged. Two in the US, and one in Europe.

The European one, Roberto Preatoni, is surrounded with speculation. What we know is that he was arrested by Italian police in his association to an industrial spy case dating a couple of years back.

The US-cases include John Kenneth Schiefer, a 26 year old security pro. This guy has been convicted for hacking in the past, and lately he served as a network security pro in LA. This time, he is charge for installing and managing a bot net of aprox. 137 000 computers.

The question I pose is - can you really trust your security professional? How do you evaluate their work? Do you have means to control their actual doings? Or do you just close your eyes and believe that as the professionals they are, you can trust them blindly?

In New York, the Western Express International, a company ran by the Western Express Cybercrime group, is charge by money laundry and illegal money transaction. The company provided hackers and CC-fraudsters with a method to receive and clean their money stream. The company is not a security pro company, I agree - but as a legitime business, the case clearly shows that the business model of the cyber criminals is evolving.

It seems like the cyber criminals - being security professionals or not - have a complete infrastructure to follow their money through the vertical - from the fraud, through payment solutions, routing through laundry tools, and then into their legal accounts. Just like organized criminals have been doing for decades.

I do not believe many security pros have a leg on the other side. We do know that some do - and these are usually easy to spot and take out.

It surely do get easier by the day to get your hands on hacking tools, including full payment and laundry facilities. We need to focus more attention on this area of security. As long as it is easy to do, and get away with a profit, the problem will not go away.