"Your security will be breached; it is just a case of when," David Thomas, deputy assistant director, FBI Cyberdivision, told the recent BCS-sponsored World Wide Web Conference in Edinburgh.
During a talk highlighting global criminal trends, Thomas said cybercrime had become so endemic that head of the FBI Robert Mueller regarded the Cyberdivision as next only to terrorism and foreign intelligence operations in importance.
Financially motivated eastern European hacker groups are increasingly active and network through magazines and online. This helps the FBI to catch them.
The FBI can arrest people all over the world, although criminals use various methods to avoid conviction, from using special key fobs to wipe hard drives to physically melting the evidence in woks, said Thomas.
Identity theft is becoming increasingly popular, with fake credit cards selling for between £1 and £100 depending on the card type and fraudster. Personal details are big business. US spammer Jeremy Jaynes made £13m selling personal details before he was caught. And the Mafia made £360m in seven years through e-crime, said Thomas.
Criminals are using search engines to hack into secure files to pull out credit card details or are producing their own algorithms to generate "legitimate" credit cards.
China's increasingly technologically savvy population of 1.5 billion are seen as the next source of cyber-criminals.
Malicious code is becoming more complex and is no longer confined to e-mail attachments. It is now possible to infect the entire world within a matter of hours; hence, security patches are becoming increasingly ineffective as these often take days to take effect, said Thomas.
Trojans with features that allow calls and e-mail exchanges to be monitored are also on the increase.
War driving is on the up, whereby wireless networks are mapped for criminal gain or general mischief.
Ultimately it costs billions to combat cybercrime. As individuals are the weakest link, improved education is vital, said Thomas.
How to protect yourself
- Have a risk assessment programme
- Cyber intelligence training programmes to increase awareness
- Defined defence technologies
- Vulnerability testing
- Penetration testing
- Proper systems administration
- Active content filtering
- A workable incident response plan
- Conduct forensics
Source: David Thomas, FBI Cyberdivision
Vote for your IT greats
Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?
Vote now at: www.computerweekly.com/ITgreats
This was first published in July 2006