It's Evident

Back

Cybercrime Grows Up
Angela Lack, Research Attorney

In its infancy, cybercrime was thought of as nothing more than a game played by teenagers or college students in their rooms late at night. They would hack into a company’s database and cause a few headaches, but no serious harm or financial loss would befall the victim.

In its adolescence, cyber criminals grew more bold, but not yet greedy. Worms and viruses were unleashed in cyberspace, some by accident: most with malicious intent. In 2003, a worm called Sapphire/Slammer was unleashed and within ten minutes of infecting its first server, it spread to 90 percent of the world’s unprotected servers. Slammer caused mass cancellation of airline flights, crashed networks and disabled ATMs.1

Cybercrime is not just for kids anymore. Organized crime and online cyber criminals using sophisticated web sites are getting into “the game”. In fact, cybercrime has matured so fast it has become a multi-billion dollar business complete with mergers, acquisitions and hostile takeovers akin to any other fast growing industry.

There are websites were you can download hacking tools, buy credit card and bank account numbers, as well as personal data.

Cost for goods and services for purchase in cybercrime forums.2
Trojan programs that transfer funds between online accounts $1,000 to $5,000
Credit card number including pin $500
Driver’s license number $150
Social security number $100
PayPal account log-on and password $7

In 2006, three organizations: Cardcops, RSA Security and Shadowserver witnessed the leader of an illegal cybercrime forum called Cardmarket, selling services similar to those in the table above, stage a hostile takeover of four of his rival cybercrime forums by breaking into the forums’ databases and transferring all its members to Cardmarket’s database.3 “It’s like he created the Wal-Mart of the underground,” stated Dan Clements, CEO of Cardcops.4 Any tools or information needed to commit a whole host of crimes can be purchased in this mega forum that boasts approximately 6000 members. To make matters worse Cardmarket’s server is located in Iran, posing a significant jurisdictional problem on law enforcement’s ability to crackdown on Cardmarket, its founder, or its members.

What does this grown up face of cybercrime mean for consumers and corporations? Thomas Harkins, COO of the security firm Edentify stated that, “There’s so many stolen identities in criminal’s hands that identity theft could easily rise 20 times.”5

Individuals have to be careful about what information they divulge online. Twenty years ago people did not lock their front doors at night because they felt safe in their communities. Consumers have that same attitude today: they believe they are safe from intrusion while in their online community. One problem is a dedicated high speed internet connection. Most people leave their computers on 24 hours a day connected to a dedicated high speed internet connection giving even the most novice cyber criminal all the time he needs to walk through the unlocked door and steal information. While 9/11 shifted the Nation’s focus from cybercrime to cyber terrorism, the facts show that cybercrime is far more dangerous to the American public and the economy.

In September, the first case in the country involving the use of a peer-to-peer file sharing programs to commit identity theft had been reported with the arrest of a Seattle man. The man used a popular file sharing program called Limewire to rifle through other computers for tax returns, credit information and student financial aid applications stored by individuals on their private home computers. He used the stolen data of at least 80 victims to set up online credit accounts and purchased merchandise. He then sold the merchandise at half price. At the time of his arrest those 80 victims were out $70,000.6 As of September 20, 2007, Limewire was downloaded 124,691,368 times from www.download.com.

In corporations, cybercrime is taken a bit more serious. According to the 2006 Computer Crime and Security Survey, which is conducted annually by the Computer Security Institute (CSI) and the FBI’s Computer Intrusion Squad, virus attacks, unauthorized network access, mobile hardware theft and online theft of intellectual property accounted for 74 percent of the respondent’s financial losses.7

Cybercrime is not just a problem in the United States. A federal study in Australia conducted by the Australian Institute of Criminology predicts widespread computer fraud when the Australian government implements the proposed health and welfare access card and the E-passport.8 The experts believe that cyber criminals will attack the database and risk the integrity of the data in the E-passport servers and commit fraud in regard to enrollment into the health and welfare access card program. The study cites prepaid cards and online international fund transfers as new options for cyber criminals to launder money. Also, the study identified online games as another method to launder money by purchasing virtual cash with illegal funds and later cashing in the virtual money for clean currency.

Cybercrime has evolved far beyond the teenager in his room breaking into his school’s server to change his English grade from a C to an A. Organized crime and tech savvy criminals are finding ways to break into our homes and offices. It is time we start locking our doors at night.

The cost of Cybercrime:
$67.2 billion: FBI estimate of what U.S. businesses lose annually because of computer related crimes.9 $8 billion:Consumer Reports estimate of what U.S. consumers lost the past two years because of viruses, spyware and Internet Scams.10 $93.8 million: Privacy Rights Clearinghouse’s count of personal records reported lost or stolen since February 2005.11

The list of resources below will help you and/or your organization avoid being a victim(s) of cybercrime.
FBI’s Cyber Investigations Portal. Last accessed September 21, 2007.
Computer Crime and Intellectual Property Section (CCIPS) of the Criminal Division of the U.S. Department of Justice. Last accessed September 21, 2007.
Internet Crime Complaint Center. Last accessed September 21, 2007.
FBI’s Innocent Images National Initiative. Last accessed September 21, 2007.

Up
1Coren, Michael. “Experts: Cyber-Crime Bigger Threat than Cyber-Terror,” January 24, 2005. (http://www.cnn.com/2005/TECH/internet/01/18/cyber.security/).
2Acohido, Byron and Swartz, Jon. “Cyber Crime Flourishes in Online Hacker Forums; Crooks Buy, Sell Stolen ID Data, Their Reach Growing Like a Hot Company's,” Money; 1B. October 12, 2006. (http://www.usatoday.com/tech/news/computersecurity/infotheft/2006-10-11-cybercrime-hacker-forums_x.htm).
3Id.
4Id.
5Id.
6Langlie, Emily. “Seattle Man Indicted for ID Theft Using Computer Peer to Peer File Sharing Programs,” September, 6, 2007. (www.cybercrime.gov/kopiloffindict.htm).
72006 CSI/FBI Computer Crime and Security Survey. (http:// http://www.gocsi.com).
8Baker, Jordan. “Cybercrime Will Spread,” September 5 2007. (http://www.smh.com.au/news/technology/cyber-crime-will-spread-study/2007/09/05/1188783320037.html).
9“FBI’s Cyber Investigations Portal,” (http://www.fbi.gov/cyberinvest/cyberhome.htm), last viewed September 25, 2007
10“Stop Thieves from Stealing You,” Consumer Reports Online, October 2003. (http://www.consumerreports.org/cro/money/credit-loan/identity-theft/identity-theft-1003/overview/index.htm?resultPageIndex=1&resultIndex=1&searchTerm=$8%20billion). 11“A Chronology of Data Breaches,” Privacy Rights Clearinghouse. Updated September 18, 2007. (http://www.privacyrights.org/ar/ChronDataBreaches.htm).