A new report from McAfee Inc. explains one of the reasons why so
many criminals have set their sights on cyberspace. It's simply
safer and more lucrative to steal online from the comfort of the
nearest Starbucks than to jump out at people in dark alleys.
 | | | | | It's a lot safer to run a botnet
than it is to go to the street and break someone's
kneecaps.
David Marcus,
security research and communications managerMcAfee Avert
Labs |
| | | | | |
| |
|
That has made it easier for organized criminal outfits to
recruit people to do their bidding -- including students as young
as 14, said David Marcus, security research and communications
manager for McAfee Avert Labs in Santa Clara, Calif.
"For organized crime, the Internet is the best thing to come
along since bootlegging and moonshine," Marcus said. "And it's a
lot safer to run a botnet than it is to go to the street and break
someone's kneecaps." Organized crime is recruiting teenagers who
feel safer doing illegal activity online than in the street,
according to a McAfee Virtual Criminology Report.
The second annual, which draws on input from Europe's leading
high-tech crime units and the FBI, suggests that criminal outfits
are targeting top students from leading academic institutions and
helping them acquire the skills to commit high-tech crime on a
massive scale. The tactics used to groom them are much like those
the KGB used during the cold war, the report said.
"Organized crime lacks the technical skills to rob people
online, but it does have the money to find 16-year-olds, get them
trained and put them in a company where they can be an insider
threat," Marcus said.
The sense of immunity people find in cyberspace also makes them
more willing to engage in criminal activity than if they were
operating in the real world. Someone who won't steal an elderly
woman's pocket book might be willing to sit in a Starbucks and try
to penetrate a network, Marcus said, adding, "They sit there
sipping coffee and looking at their laptop, and for all people know
they're just surfing the Internet. And they don't have to see the
victim."
Given the situation, IT shops should expect and prepare for
increasingly nasty and prolific threats in 2007 and beyond, Marcus
said. IT professionals should also start thinking of a game plan to
secure hand-held devices because that's the next big target of
these criminals.
"Mobile is a big area of fascination for both the research
community and the criminals," Marcus said. "We're not seeing a lot
of mobile malware now, but you'll see more of it in the next 10
months because hand-held devices are getting more advanced and
becoming more like your PC."
He said governments around the world also need to deal with the
threat by making better global laws to address issues like
extradition. Criminals are more likely to base themselves in
countries without extradition laws, he said, adding, "Why would I
traffic in drugs and be in danger when I can do this other stuff in
an anonymous atmosphere in another country with no extradition
laws?"
Among the report's other findings:
- Cybercriminals are increasingly resorting to psychological
warfare in order to succeed Phishing emails have increased by
approximately 25% over the last year but are harder to detect as
they increasingly trick unsuspecting people with ordinary scenarios
instead of improbable ones such as sudden cash windfalls.
- Cybercriminals are being drawn to the huge crowds of social
networking and community sites. Loading fake profiles and pages
with adware, spyware and Trojans, malware authors are cashing in on
their popularity. They are also collating personal information
divulged online to formulate virtual twin identities for fraudulent
purposes.
- Data is continually exposed without the need for
sophisticated attacks. Password proliferation for consumer and
work devices means often simple guesswork unlocks the door; and
removable media devices like USB sticks make it easier to steal
inside information.
- Botnets are now the preferred method for Internet thieves to
launch attacks. At least 12 million computers around the world
are now compromised and are used for phishing schemes, illegal
spamming, spreading pornography and stealing passwords and
identities.
- Smartphones and multifunctional mobile devices are making
portable computers essential lifestyle accessories and
cybercriminals will increasingly mine them for valuable information
in the coming months. The increasing use of Bluetooth and VoIP
will also lead to a new generation of phone hacking.