Computer Crime Research Center


High-Tech Crime Is an Online Bubble That Hasn't Burst

Date: April 07, 2008
By: Doreen Carvajal

PARIS — There are no storefronts or corporate headquarters in the cybercrime industry, just savvy sellers in a murky, borderless economy who are moving merchandise by shilling credit card numbers — “two for the price of one.”

“Sell fresh CC,” promised one who offered teaser credit card numbers. “Visa, MasterCard, Amex. Good Prices. Many countries.”

Electronic crime is maturing, according to security experts, and with its evolution, criminals are adopting conventional approaches like supermarket-style pricing and outsourcing to specialists who might act as portfolio managers or computer technicians.

“It’s a remarkable development of a whole alternative business environment that’s occurred over the last couple years,” said Richard Archdeacon, a senior director of global services for Symantec, an Internet security company with 11 research centers around the world. “What’s been so astonishing is the speed with which it’s developed.”

In the United States alone, victims reported losses of $239 million to online fraud in 2007, with average losses running about $2,530. The complaints are recorded by a special Web-based hotline operated by the F.B.I. and the National White Collar Crime Center, a nonprofit corporation focusing on electronic crime.

The most common frauds were fake e-mail messages and phony Web pages, and the crimes were organized from the United States, Britain, Nigeria, Canada, Romania and Italy, according to an F.B.I. report issued last month.

Despite the increasing sophistication and elusiveness of online criminals, judges remain reluctant to order much jail time for computer crime, according to some national law enforcement officials and major companies like Microsoft.

A case in point is Owen Thor Walker, an 18-year-old hacker from New Zealand who pleaded guilty last week to criminal charges arising from his development of a vast international network of individual computers, which he had infected with hidden software, or “malware,” and remotely controlled.

In the parlance of the trade, he was a “bot herder” who offered his “robot network” for hire to a company in the Netherlands, which wanted to covertly install its advertising software.

Walker’s borderless network first surfaced in an F.B.I. investigation of a computer attack in 2006 that caused the crash of a computer server at the University of Pennsylvania. The F.B.I. singled out a Pennsylvania student in the attack who ultimately led investigators to Mr. Walker.

Mr. Walker’s sentencing is scheduled for May, but the judge on the case indicated that he would consider community detention and work release or some home detention for punishment of the teenager, who has Asperger syndrome, a mild form of autism marked by poor social skills and compulsive behavior.

“Most of the time, it’s very difficult for a judge to understand what’s going on and what the risks are,” said Eric Loermans, chief inspector of a Dutch high-tech crime unit.

Mr. Loermans was part of a cybercrime forum in Strasbourg last week that was convened by the Council of Europe to develop guidelines for closer international cooperation between law enforcement and Internet service providers. More than 200 people representing government agencies and private companies from Europe, Africa and the Americas participated in the conference.

Mr. Loermans’s plainclothes high-tech unit now numbers about 25 people, but the police are also developing training programs for everyone on the staff down to the officer on the beat, according to Mr. Loermans.

“Years ago, we saw cybercrime as a speciality,” he said. “Now we have added cybercrime in every form of police training, so we are raising the level of the entire Dutch police force. There’s no crime anymore where there are no digital components built in.”

David Roberts, chief executive of the Corporate IT Forum, which represents 150 companies in Britain, said his group was pressing for a single confidential channel through which corporate security chiefs could report cybercrimes.

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo