Hackers evolve from pranksters into profiteers
Computer identity theft has long been a fast-growing cybercrime. But increasingly, hackers are seeking profit rather than just fun.
Complaints of Internet-related identity theft tripled to 1,000 last year, says the Federal Trade Commission. While that still accounts for a only fraction of the 160,000 nationwide reports of identity theft, the growth is alarming as more consumers put credit card and other financial data online.
"It's the perfect crime of the information age," says Rich Stana, of the General Accounting Office. "The Internet gives identity thieves multiple opportunities to steal personal identifiers and gain access to financial data."
The biggest break-ins came last month, when computer intruders accessed more than 10 million Visa, MasterCard and American Express credit card account numbers from the computer system of a third-party payment company. No theft occurred.
Also last month, a computer-science student allegedly hacked a University of Texas database and swiped the Social Security numbers of more than 55,000 students, employees and former students, county prosecutors said. Authorities last week charged Christopher Andrew Phillips, 20, with unlawful access to a protected computer and unlawful use of a means of identification. Phillips told officials he had no intention of using the information to harm anyone, according to court papers.
But in two other high-profile cases, hackers did use the information to access funds:
- Tokyo police arrested two men for allegedly determining the passwords five people used to access their bank accounts online and transferring $141,000 from those accounts to another bank. One of the men, using an alias, withdrew $136,000, police said.
The two men, an unemployed computer software developer and a businessman, allegedly got the passwords by using software to determine what keystrokes a previous PC user used. They allegedly snooped on about 100 computers at 13 Tokyo-area cybercafes last year. The software was downloaded from the Internet.
- Thomas Pae, 20, the ringleader of an international computer hacking and Internet fraud scheme, admitted to authorities he purchased credit card numbers from hackers on the Internet and used them to purchase $324,061 in computer equipment from Ingram Micro, Amazon.com and others. Last month, Pae was sentenced to 33 months in prison.
Such ID thefts have prompted financial institutions to fortify their computer systems with millions of dollars in security software and shore up computer security among employees, security experts say.
The Justice Department, meanwhile, is encouraging banks that are victims of computer crimes to be more forthcoming with details to aid authorities in the arrest and prosecution of hackers.
Many banks are still hesitant to report break-ins, fearing they'll scare away customers, says consumer advocate Edmund Mierzwinski. A California law, beginning July 1, would require companies to notify customers of computer breaches.
At the same time, though, hackers are getting more elusive, security experts say. They scour Internet cafes, libraries and other publicly available PCs to steal personal data. Not only can hackers scope out potential victims, but the virtual form of hit-and-run makes it harder for police to locate hackers.
So-called spoofers send e-mail to victims with links to fake commercial Web sites, posing as Internet auctions and credit card issuers, to lure consumers into providing personal information. Earlier this month, users of eBay's online-payment service received fraudulent e-mails posing as legitimate PayPal alerts. They asked for bank and credit card details.
To prevent ID theft, security experts are bracing for an expensive fight. Internet identify theft, on average, costs victims about $800 and 175 hours to rectify, says consumer advocate group Privacy Rights Clearinghouse.
"Hackers are usually motivated by ego and human curiosity," says Steven Chang, chairman of anti-virus software maker Trend Micro. "The scary part is when the motive turns from gaining knowledge to stealing."
Cybercrime News Archive