A new generation of cybercriminals

Published: December 13th, 2006

New findings from research reveal how organized crime is grooming a new generation of cybercriminals using tactics reminiscent of those employed by the KGB during the cold war.

The Virtual Criminology Report 2006, sponsored by security software vendor McAfee Inc., used input from Europe’s leading high-tech crime units and the FBI. Both agencies suggests that crime gangs are targeting top students from leading academic institutions in order to provide them with the skills they need to commit high-tech crime on a mass scale.

The study also reveals how Internet savvy teens as young as 14 are being attracted into cybercrime by the celebrity status of high-tech criminals and the promise of monetary gain without the risks associated with traditional crime. The report also shows how cybercriminals are moving away from bedrooms and into public places such as Internet cafes and wi-fi enabled coffee shops.

Other key findings from the Virtual Criminology Report 2006 include:

The Cult of Cybercrime: Cybercrime has established a cult following with online offenders rising almost to celebrity status within hacking communities.

Specialist forums to highlight potential security issues have also served to showcase ‘black hat’ tricks and criminal opportunity

The Malware Milkround: Organized crime is now employing KGB-style tactics to ensnare the next generation of hackers and malware authors.

Cybercriminals are actively approaching students and graduates of IT technology fields to recruit a fresh wealth of cyber-skill to their ranks.

Inside Jobs: Taking advantage of inadequate company security procedures, current and former employees, contractors and suppliers are instigating the vast majority of hacking attacks. Cybercriminals are sponsoring graduates with a view to gaining the lucrative insiders’ view of enterprises.

Greg Day, security analyst, McAfee said cybercrime is no longer in its infancy. It is big business. Criminal entrepreneurs can make fast money with minimal risk and their ranks are growing with that realization. With technology continually evolving, criminal opportunity is evolving into something that is global and unrestricted by geography, language or appearance.

The Virtual Criminology Report 2006 highlights how the virtual anonymity and stealth of attack that the online environment affords means detection is a growing challenge for law enforcement. The following are the main threats, tools and opportunities that organized crime is exploiting:

Mind Games: Cybercriminals are increasingly resorting to psychological warfare in order to succeed. Phishing emails have increased by approximately 25 per cent over the last year but are harder to detect as they increasingly trick unsuspecting people with ordinary scenarios instead of improbable ones such as sudden cash windfalls. ‘Spear phishing’ is growing in prevalence, tricking users into giving away user names and passwords by seemingly coming from employers or fellow colleagues. These more tailored mind games achieve high success rates and slide under the mass attack radar, seeking out smaller institutions and consumers with targets changing almost daily.

Social Scams: Cybercriminals are being drawn to the huge crowds of the social networking and community sites. Loading fake profiles and pages with adware, spyware and rojans, money making malware authors are cashing in on their popularity. They are also collating personal information divulged online to formulate virtual twin identities for fraudulent purposes.

Data Seepage: Data is continually exposed without need for sophisticated attack and cybercriminals are cashing in. Password proliferation for consumer and work devices means often simple guesswork unlocks the door; unsecured removable media devices such as USB sticks provide an easy route for information-transfer and increasing convergence of technologies means inadequate security and integrated risk.

Botnets: As predicted in last years report, botnets – robot networks of illegally linked computers that can be controlled remotely – are now the preferred method for Internet thieves to effectively execute attacks. At least 12 million computers around the world are now compromised and are used for phishing schemes, illegal spamming, spreading pornography and stealing passwords and identities. Open-source criminal collaboration is also generating more robust and reliable botnets with guaranteed ROI.

The Future: The report also highlights threats that will become much more prevalent over the next 12 months. Smartphones and multifunctional mobiles are making portable computers essential lifestyle accessories and predictions are that coming months. The increasing use of Bluetooth and VoIP will also lead to a new generation of phone hacking.