Cybercrime getting easier to commit, feds say
Experts speaking at a cybercrime event at the University of Washington said that it's getting easier for criminals to commit cybercrime
IDG News Service - Committing cybercrime these days is as easy as building a fantasy football team, FBI and Secret Service agents said on Friday.
"I'm concerned that the cyber-underground is a beautiful business model. It's like going to eBay or Amazon. You just pick what you need -- coders, mules -- and build a dream team. It's like fantasy football," said Gordon Snow, assistant director in the U.S. Federal Bureau of Investigation's cybercrime division.
Snow and other legal and law enforcement experts spoke Friday at a seminar on cybercrime at the University of Washington's Law School in Seattle.
Cybercrime is becoming more professional and in many ways, easier to commit, they said. "The level of professionalism is amazing and I don't see a slowdown," said Pablo Martinez, deputy special agent in charge at the U.S. Secret Service.
People who want to commit cybercrime can go to forums online and assemble a team that specializes in writing malware, deploying malware or scanning systems for open ports. Others specialize in acting as "mules," where they open bank accounts for funneling stolen money, and yet others specialize in calling customer service departments posing as customers to collect information.
This model makes it very easy and attractive for people to commit cybercrimes. "It's low overhead and low risk," Snow said. People doing it are mostly motivated by acquiring cash. As evidence that this model makes it easy for anyone to get into cybercrime, he noted that some of the people authorities arrest aren't particularly well-off. "Some of the people we're picking up aren't of substantial means. We've found people who are using computers with missing keys," he said.
The criminals have new targets these days, the officials said. Increasingly, they are targeting sectors like retail and hospitality, instead of simply focusing on financial institutions, Martinez said. "Why hack into Citibank and steal 10 million pieces of information when you could hack into restaurants and get the same information and not have a big target, a bulls-eye, on your back?"
The open markets for talent make it easier for criminals to do things like steal money from companies, as well as attack governments. Espionage traditionally involved setting up a mole in a foreign country, which involves a lot of time and work for someone to build a false life. But today, with low overhead and minimal risk, someone can hack into computers and mirror hard drives to get the same kind of information that moles used to, Snow said.
To try to head off all kinds of cybercrime, the groups have beefed up their enforcement efforts. The Secret Service, for example, has 31 task forces in the U.S. dedicated to electronic crimes. The Seattle task force, started in 2006, has seized $14.2 million in funds stolen electronically. The group has arrested 150 people and examined almost 1,700 computers including 128 terabytes of data, said Jim Helminski, special agent in charge with the Secret Service.
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!