Online Criminals Move On To Corporate Espionage

from the plain-old-phishing-doesn't-pay dept

One of these days, someone will do a fascinating study or book on the evolving nature of online crime. It's a constantly changing phenomenon that would be quite interesting to study. A few years ago, we noted that the ease with which script kiddies could jump into the phishing and online extortion market meant that margins were getting squeezed for older online organized crime groups who had focused on such practices in the past. Apparently, the big money now has moved away from standard phishing and into corporate espionage. Organized crime groups are figuring out ways to hack into company networks, suck up as much data as possible, and then sell it off to the highest bidder -- whether it's competing firms or foreign governments.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    louise, Nov 14th, 2008 @ 1:54am

    technology grows, cybercrime grows

    It seems the more I read about growing online or technological trends, the more I see about cybercrime trends. We're all concerned about phishing - and it's almost become second nature to some people to avoid spam-like emails but now how do you spread the word about Spear-Phishing and Vishing and all the other new attacks that lurk about?

    The only thing we can do is diffuse the importance of being vigilant. I work for Passpack, which is an online password manager - we try to make it so that 'the highest bidder' has nothing to bid on anymore.

    Here is a quick post on how privacy is evolving:
    http://tinyurl.com/43m5s7

    Louise

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Roger, Nov 14th, 2008 @ 5:25am

    The key to understanding

    The key to understanding crime generally, and the evolution of crime, is to appreciate it as a biological phenomenon. In this sense, criminals are parasites. Not just metaphorically, but in a very literal sense.

    Any biological system that has input of energy, transformation of energy and output of energy, has the potential to be parasitized by organisms that exploit weaknesses in the system's defenses.

    This is not to justify crime or to say we shouldn't fight it. Of course we should. But it behooves us to appreciate that with any new system that we devise, new ways of feeding from it will emerge.

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    Killer_Tofu (profile), Nov 14th, 2008 @ 5:37am

    Ha

    And while everybody else gets all of the knowledge of how stuff works, America continually falls farther behind thanks to copyright and patent laws. News at 11 ...

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Chris Brenton, Nov 14th, 2008 @ 5:48am

    Thank you for blogging this. For about seven years now I've been following the trend of malware writers using non-signature Trojans in spear phishing attacks. Anti-virus software is completely ineffective against this business model. If you are not running HIPS and application control on your desktops, you are going to get whacked.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Roger, Nov 14th, 2008 @ 6:00am

    The future of fighting fraud

    Check out this BBC article on cybercrime

    http://news.bbc.co.uk/2/hi/technology/7729218.stm

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    chris (profile), Nov 14th, 2008 @ 7:22am

    Bruce Potter called this years ago

    BP (from the shmoo group) talks about the spectrum of security threats, and how highly automated attacks by individuals or small groups with relatively low skill levels (viruses, trojans, etc.) are largely ineffective thanks to signature based tools like AV and IDS/IPS and therefore represent the low end of the threat spectrum.

    the middle of the threat spectrum is represented by more specialized and targeted attacks (spear phishing, rootkits, malware, bots etc.) by teams of skilled programmers. this is the current state of the art for information security professionals. these teams require funding and recruiting and are probably backed by a corporation, criminal organization, or nation state.

    the high end of the threat spectrum is the insider: a person with varying levels of security clearance and physical access. in the industry this is largely ignored or written off as detecting and defending against these attacks are not feasible if not impossible.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Blake Laocoon, Nov 20th, 2008 @ 12:22pm

    The Weakest Link

    The weakest link in any organisation is always going to be at the point of interface between man and machine. There's no shortage of information out there on how to protect data and the key remains awareness, regular training and re-training. In relation to data security and integrity my company, www.systeminterfacesolutions.co.uk, is dedicated to three words once coined by Tony Blair, 'education, education, education' - the difference is that we mean it.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This