“I’m concerned that the cyber-underground is a beautiful business model. It’s like going to eBay or Amazon. You just pick what you need — coders, mules — and build a dream team. It’s like fantasy football,” said Gordon Snow, assistant director in the U.S. Federal Bureau of Investigation’s cybercrime division.
Snow and other legal and law enforcement experts spoke Friday at a seminar on cybercrime at the University of Washington’s Law School in Seattle.
Cybercrime is becoming more professional and in many ways, easier to commit, they said. “The level of professionalism is amazing and I don’t see a slowdown,” said Pablo Martinez, deputy special agent in charge at the U.S. Secret Service.
People who want to commit cybercrime can go to forums online and assemble a team that specializes in writing malware, deploying malware or scanning systems for open ports. Others specialize in acting as “mules,” where they open bank accounts for funneling stolen money, and yet others specialize in calling customer service departments posing as customers to collect information.
This model makes it very easy and attractive for people to commit cybercrimes. “It’s low overhead and low risk,” Snow said. People doing it are mostly motivated by acquiring cash. As evidence that this model makes it easy for anyone to get into cybercrime, he noted that some of the people authorities arrest aren’t particularly well-off. “Some of the people we’re picking up aren’t of substantial means. We’ve found people who are using computers with missing keys,” he said.
The criminals have new targets these days, the officials said. Increasingly, they are targeting sectors like retail and hospitality, instead of simply focusing on financial institutions, Martinez said. “Why hack into Citibank and steal 10 million pieces of information when you could hack into restaurants and get the same information and not have a big target, a bulls-eye, on your back?”
To try to head off all kinds of cybercrime, the groups have beefed up their enforcement efforts. The Secret Service, for example, has 31 task forces in the U.S. dedicated to electronic crimes. The Seattle task force, started in 2006, has seized US$14.2 million in funds stolen electronically. The group has arrested 150 people and examined almost 1,700 computers including 128 terabytes of data, said Jim Helminski, special agent in charge with the Secret Service.
Nancy Gohring covers mobile phones and cloud computing for The IDG News Service. Follow Nancy on Twitter at @idgnancy. Nancy’s e-mail address is Nancy_Gohring@idg.com