Cybercrime Getting Easier to Commit, Federal Agents Say

Committing cybercrime these days is as easy as building a fantasy football team, FBI and Secret Service agents said on Friday.

“I’m concerned that the cyber-underground is a beautiful business model. It’s like going to eBay or Amazon. You just pick what you need — coders, mules — and build a dream team. It’s like fantasy football,” said Gordon Snow, assistant director in the U.S. Federal Bureau of Investigation’s cybercrime division.

Snow and other legal and law enforcement experts spoke Friday at a seminar on cybercrime at the University of Washington’s Law School in Seattle.

Cybercrime is becoming more professional and in many ways, easier to commit, they said. “The level of professionalism is amazing and I don’t see a slowdown,” said Pablo Martinez, deputy special agent in charge at the U.S. Secret Service.

People who want to commit cybercrime can go to forums online and assemble a team that specializes in writing malware, deploying malware or scanning systems for open ports. Others specialize in acting as “mules,” where they open bank accounts for funneling stolen money, and yet others specialize in calling customer service departments posing as customers to collect information.

This model makes it very easy and attractive for people to commit cybercrimes. “It’s low overhead and low risk,” Snow said. People doing it are mostly motivated by acquiring cash. As evidence that this model makes it easy for anyone to get into cybercrime, he noted that some of the people authorities arrest aren’t particularly well-off. “Some of the people we’re picking up aren’t of substantial means. We’ve found people who are using computers with missing keys,” he said.

The criminals have new targets these days, the officials said. Increasingly, they are targeting sectors like retail and hospitality, instead of simply focusing on financial institutions, Martinez said. “Why hack into Citibank and steal 10 million pieces of information when you could hack into restaurants and get the same information and not have a big target, a bulls-eye, on your back?”

The open markets for talent make it easier for criminals to do things like steal money from companies, as well as attack governments. Espionage traditionally involved setting up a mole in a foreign country, which involves a lot of time and work for someone to build a false life. But today, with low overhead and minimal risk, someone can hack into computers and mirror hard drives to get the same kind of information that moles used to, Snow said.

To try to head off all kinds of cybercrime, the groups have beefed up their enforcement efforts. The Secret Service, for example, has 31 task forces in the U.S. dedicated to electronic crimes. The Seattle task force, started in 2006, has seized US$14.2 million in funds stolen electronically. The group has arrested 150 people and examined almost 1,700 computers including 128 terabytes of data, said Jim Helminski, special agent in charge with the Secret Service.

Nancy Gohring covers mobile phones and cloud computing for The IDG News Service. Follow Nancy on Twitter at @idgnancy. Nancy’s e-mail address is Nancy_Gohring@idg.com