Tuesday, September 18, 2007

Hi-tech crime 'is big business'

Millions of e-mail addresses are being sold online
Internet crime has become a major commercial activity, reveals a report by computer security company Symantec.

The report said cyber crime had become increasingly professional and was now a multi-billion dollar industry.

The underground economy has its own auction sites and marketplaces that sell valuable data such as credit card numbers and bank accounts.

They also sell toolkits for novice cyber criminals who lack technical know-how to craft their own attacks.

Boom times

"We're seeing a definite shift in terms of commercialisation," said William Beer, Symantec's european director of security practice. "It's being used by organised crime and it's being used to launch their attacks.

"We have seen very focussed attacks that leverage very active commercial business on toolkits," he told the BBC News website.

Mr Beer said Symantec had seen the net's underground economy enter a new phase in the last six months as those involved in it prospered.

Even the smallest bank has enough money

William Beer, Symantec
One example of how it had grown could be found in the number of new malicious programs reported to Symantec. The 212,101 new threats reported during the first six months of 2007 was a 185% increase over the previous six months.

The economy had rapidly become specialised and now every service a criminal needed to carry out attacks was widely available, said Mr Beer.

For instance, he said, many malicious hackers were using their technical skills to create tool kits that they then sold to those with the criminal know-how to carry out attacks.

Evidence that these were being taken up enthusiastically, he said, could be found in the fact that three phishing toolkits were behind 42% of all phishing attacks seen by Symantec in the first six months of 2007.

In addition, 86% of all phishing websites were hosted on only 30% of IP addresses known to be phishing websites, suggesting that some were cornering the market in looking after criminal sites.

More worryingly, said Mr Beer, were signs that different sections of the underground economy were starting to collaborate to improve their chances of catching people out.

Hi-tech criminals with information culled from job sites, online games or social networking sites were teaming up with phishing gangs and spammers, said Mr Beer.

The end result was well-crafted e-mail campaigns that gained a gloss of credibility by combining several different bits of data.

Often, he said, these targeted attacks were aimed at the customers of smaller financial institutions.

"Attention has gone away from the larger banks down to credit unions and small banks that do not have the people and resources to fight off the attacks," he said.

"Even the smallest bank has enough money," said Mr Beer.

No comments: