Online Crime Seen as Growing Threat to Business, Politics

BobB passed us a link to a NetworkWorld article, exploring the ongoing realization in business circles of the dangers online criminals pose. The piece raises the possibility that criminal elements are gaining access to US research labs in an effort to ferret out corporate and governmental information. One institute referred to in the article states: "Economic espionage will be increasingly common as nation-states use cyber theft of data to gain economic advantage in multinational deals. The attack of choice involves targeted spear phishing with attachments, using well-researched social engineering methods to make the victim believe that an attachment comes from a trusted source." We just recently discussed possible hacker involvement in several municipal blackouts.

CyberLaw(TM)

[madhuri]

Looks like we need to call in Eric Menhart to lay down the CyberLaw(TM)...

The irony of anyonimity

[unassimilatible]

Used to be, mafia guys would have no Social Security card, driver's license, or bank accounts to avoid being traced by law enforcement or the IRS. Now, I feel like having none of those things to avoid the crooks online.

Re:Good grief.

[Walt+Dismal]

Indeed good grief. I saw an article some time ago noting that some Southern California gangs were infiltrating girlfriends into various financial processing institutions to steal credit card information, banking info, and so on. Even into the DMV. So there's certainly low-level activity. At one company I worked at, a crook got a job in the accounting department and somehow stole all the HR data, and some of that was used to get credit cards. How long before serious organized crime runs multiple active efforts for this? And how many Web commerce sites do criminal background checks on IT personnel?

Do You See The Common Thread Here?

[Jeremiah+Cornelius]

This is just like CIA Claims Cyber Attackers Blacked Out Cities Do you see the common thread here? Same SANS "expert", too. The guy who gave CIA props for their "disclosure". I remember when SANS was a good, technical security training and education outfit. Now they are on the Richard Clarke / Howard Schmidt CyberTerror disinformation campaign. I would doubt the spook "creds" - if you'd call 'em that - of Alan Paller. The worst theft and correlation of personal data is an ongoing effort by the state - with the telcos CA-CHING! Billing all the while. The crooks and Terra-ists are a joke in comparison. T'rists didn't "lose" several BILLION US dollars in small, unmarked bills in Iraq.

Who loses track of that kind of money? No one. Mistakes aren't made like that. Plans are. But we're supposed to be afraid of teh Internet now. Why? Cos' if we didn't have the 'net, we wouldn't know about that missing cash - or the validity of Operations MOCKINGBIRD, MKUltra, Northwoods, etc.

AirTran? This is a great outfit!

Re:Do You See The Common Thread Here?

[smittyoneeach]

While by no means perfect, the folks in the government are generally attempting to carry out the law of the land, as derived from the Constitution and obfuscated by the mound of subsequent documents.
Reform, as with a really nasty codebase, is a matter of simplification.
Which, as recent attempts to improve some sacred-cow entitlements shows, is a mother of a challenge.

It boggles the imagination

[penix1]

The morons that put critical data / control on outward facing servers deserve the hosing they get. Who in their right mind thinks it is a good idea to put a power station's control on a server that is even connected to the Internet? That is just the stupidest thing I have ever read.

I am more concerned about who they give physical access to the data / hardware are. All it takes is one vengeful employee and a thumb drive to lose very sensitive data. Worse, many companies that do lose data won't report the breach unless it involves a threat of lawsuit by irate customers. Then they will report it grudgingly and then only after days or even weeks and months have passed. Plenty of time for massive damage to be done.

More powerful organized crime

[JavaRob]

The morons that put critical data / control on outward facing servers deserve the hosing they get. [...] I am more concerned about who they give physical access to the data / hardware are. All it takes is one vengeful employee and a thumb drive to lose very sensitive data. These are both examples where there's at least something individual companies can do about it internally.

Personally, I was extremely unsettled a few years ago when the spammer powers-that-be decided they wanted BlueSecurity shut down, and a bunch of DNS servers, Tucows and 4 other hosting providers, and SixApart/LiveJournal/TypePad fell as collateral damage.

Is that not *scarier* for business? Let's see -- I'm free to conduct my business... as long as I don't step on any toes in the organized crime world. 'Cause if I do, they're shutting me down whenever they feel like it, and there's not a damned thing I (or the supposed "protection" of the law) can do about it.

And of course, no power, once it exists, goes unused for very long. I see more and more stories about botnets used for extortion -- which is a bit trickier to carry out, since it's tough to get paid without a money trail, and law enforcement has more experience dealing with that -- but it's just another example. If they just want to squelch my business, it's incredibly easy.

[Addendum: oh look... the article points to cyber espionage as #3 in the SANS institute's top 10 threats of 2008; botnets are #2]