The Cybermen fight back

'In today's increasingly uncertain world there is only one certainty. Your security will be breached; it's just a case of when' said David Thomas, deputy assistant director, FBI Cyberdivision, at the recent BCS sponsored World Wide Web Conference in Edinburgh.

During a talk highlighting criminal trends worldwide David explained that cybercrime has become so endemic that Robert Mueller, head of the FBI, now regards the Cyberdivision as the third most important after terrorism and foreign intelligence operations.

He went on to say that there are three key types of threat:

  • Unstructured - insiders and recreational hackers;
  • Structured - organized crime, industrial espionage and terrorists;
  • National Security - rival intelligence agencies and information warriors.

Terrorists themselves use hackers to make money for their organizations, and are increasingly using our own systems against us, whether it is aircraft or the mail service (anthrax).

Financially motivated eastern European hacker groups are increasingly active and network through magazines and online providing each other with information on how to hack different security systems and other 'hints and tips'. Many hackers market themselves this way, highlighting their abilities and giving examples of their work. This, ironically, helps the FBI to catch them.

The FBI are now in a position to arrest people all over the world, although criminals will do anything to avoid conviction from using specialized key fobs to wipe all hard drives within range of them to physically melting the evidence in woks!

Identity theft is becoming increasingly popular with fake credit cards selling for between $1 and $135 depending on the card type and fraudster. Personal details are big business. Jeremy Jaynes made $24 Million selling personal details before he was caught. The Mafia itself made $659 million over a seven-year period through ecrime.

Criminals are using search engines to hack into secure files to pull out credit card details or are producing their own algorithms to generate 'legitimate' credit cards. Some work in international gangs consisting of as many as five thousand people.

The new threats

China's increasingly technologically savvy population (1.5 billion) are seen as the next main source of cyber criminals. The fact that 220 billion text messages were sent from China last year supports this belief.

Malicious code is becoming more complex and is no longer just confined to email attachments. It is possible to infect the entire world within a matter of hours by using sophisticated tools. Hence, security patches are becoming increasingly obsolete as these often take days to take effect.

Trojans, with features which allow calls and email exchanges to be monitored are also on the increase. For example, malicious code can be inserted into MP3 downloads resulting in the inversion of a PC screen or the removal of hard drives.

War Driving is on the increase, whereby wireless networks are mapped for criminal gain or general mischief. The FBI itself has found ways of hacking using empty Pringles containers as receivers; it really is that simple. Cell phones are likely to be the next big target.

What can organizations do?

  • Have a computing policy;
  • Risk assessment programme;
  • Cyber intelligence training programmes to increase awareness;
  • Defined defence technologies;
  • Vulnerability testing;
  • Penetration testing;
  • Proper systems administration;
  • Active content filtering;
  • Workable incident response plan;
  • Conduct forensics.

Ultimately it costs everyone billions to combat crime, and increasingly cyber crime; as individuals we are the weakest link and are all paying for it. Hence, improved education is vitally important to help us all fight the crime around us, even in cyber space.

Computer Weekly - July 2006

Blueprint for Cyber Security

Our vision is a world properly protected from cyber threat. This blueprint sets out how we can deliver that solution, starting in health and care.