Cyber-Scams on the Uptick in Downturn

 

The bear economy is creating a bull market for cyber-crooks.

 

Experts and law-enforcement officials who track Internet crime say scams have intensified in the past six months, as fraudsters take advantage of economic confusion and anxiety to target both consumers and businesses.

 

Thieves are sending out phony emails and putting up fake Web sites pretending to be banks, mortgage-service providers or even government agencies like the Federal Bureau of Investigation or the Federal Deposit Insurance Corp. Cellphones and Internet-based phone services have also been used to seek out victims. The object: to drain customer accounts of money or to gain information for identity theft.

 

Avivah Litan, vice president with Internet-technology research company Gartner Inc., said clients are telling her that cyber-assaults on many banks have doubled in the past six months in the U.S. and other parts of the world, including the U.K., Canada, Mexico and Brazil. Though most are thwarted by computer-security defenses, such as spam filters and fraud-detection systems, that still leaves potentially millions of victims.

 

"They are all experiencing a lot more attacks, and a lot more ATM fraud" aimed at depositors' accounts, Ms. Litan said.

 

More than 800 complaints have been logged by the National White Collar Crime Center in Richmond, Va., so far this year from checking-account customers in the U.S. about mysterious, unauthorized transactions of $10 to $40 that appear on monthly statements. Craig Butterworth, a spokesman for the center, a federally funded group that assists police agencies, said investigators suspect a data breach or "phishing" campaign, where deceptive emails and text messages are used to acquire personal information, such as Social Security numbers, user names and passwords. Separately, a "penny" scam of phantom credit- and debit-card charges from 21 cents to 48 cents has generated 300 complaints, Mr. Butterworth said.

 

The FBI's Internet Crime Complaint Center confirms a increase in cyber-attacks. In its most recent Internet Crime Report, the FBI said it received 207,000 complaints about crimes perpetrated over the Internet in 2007, the latest year for which data are available, amounting to nearly $240 million in reported losses, or $40 million more than a year earlier. Organized groups in the U.S. and elsewhere are behind many of the crimes, experts say.

 

Until recently, most attacks were scattershot, with spam emails blasted randomly to thousands of computer users at once. Now crooks are starting to single out specific targets identified through prior research, a tactic called "spear phishing." In these attacks, emails are sent to the offices of wealthy families or to corporate money managers, for example. They address potential victims by name and company or appear to come from an acquaintance.

Executives Targeted

 

In one such attack, hundreds of senior executives across the globe received personally addressed emails in last April, saying they were being subpoenaed to testify before a grand jury by the U.S. District Court in San Diego, according to a federal courts spokesman in Washington, D.C. When users clicked on a link containing the attachment, their computers were infected with malicious software. The case was referred to the FBI, the spokesman said.

 

Panos Anastassiadis, chief executive of Cyveillance, an Internet security firm in Arlington, Va., that also examined the case, suspects fraudsters were trying to get "first-quarter financial results of publicly traded companies a week before everybody else."

 

Mr. Antastassiadis himself received an email but didn't open it because he says he knew better. He estimates that almost half of the recipients opened the documents, exposing themselves to the malware. Many also forwarded the bogus messages to their legal departments -- infecting them, too. Mr. Anastassiadis said an organized-crime ring based in Eastern Europe is believed responsible.

 

The use of cellphone text messages is a fairly new tactic. Earlier this month, customers of Associated Bank, a unit of Associated Banc-Corp, were among the recipients of email and cellphone text alerts warning them that their credit cards had been deactivated. The message directed them to call a telephone number and leave their account information. Customers of Norway Savings Bank in Maine were also among those hit by cellphone text messages about their debit cards shortly before Christmas.

 

In another case, emails bearing the logo of Franklin Bank of Jacksonville, Texas, which failed on Nov. 7, were circulating throughout Texas in November and December that also sought account numbers, personal-identification numbers and passwords from recipients. Prosperity Bank, which assumed all the deposits of the failed bank, said customers didn't lose any money.

 

In another new twist, scammers using Internet-based phone service are faking the caller-IDs of banks and other businesses in telephone phishing scams. Because the phone ID bears the name of a real company, victims have been tricked into supplying personal information. Some customers of the Bank of Lancaster County in central Pennsylvania, which became part of the PNC Financial Services Group Inc. in August, were targeted in this type of scam last summer, a PNC spokesman confirmed. Because of federal regulations and bank policy, any customers' money lost would have been reimbursed, he said.

 

Difficult times are also causing more people to fall prey to job- and business-opportunity scams that have migrated to the Internet from postal mail.

Job Board Scam

 

A 68-year-old woman in Pennsylvania, who asked that her name not be used because she is still being victimized, said she searched an online job board not long ago and received a "work-at-home" offer by email. The "job" was to cash checks that would be delivered by parcel post. She was to keep 10% of the money and return the rest. Skeptical, she took the first check to her bank, where a clerk promptly declared it a fake and confiscated it. After threatening to report the sender to police, the woman thought she had avoided trouble, but she hadn't.

 

"Suddenly I am getting phone calls from all over the country saying why did you send me these emails and checks? They are using my name and address. I have gotten calls from at least 30 or 35 people from all over the country, from California to Florida to Pennsylvania," she said.

Watching for Grammar

 

Identity thieves frequently post fake ads on job boards to ensnare victims, and they've become increasingly sophisticated in recent years, says Pam Dixon, executive director of the World Privacy Forum, a nonprofit public-interest research group. "It used to be you could pick them out by their bad grammar, but now it's much more difficult," she says. "You really have to be careful."

 

The Pennsylvania woman notified police and also contacted Identity Theft 911, a fraud-resolution company based in Scottsdale, Ariz., for help. The outfit, which provides the ID-theft resolution under contract with insurance companies, employers and credit unions, used credit monitoring and fraud alerts to try to prevent the incident from spiraling out of control.

 

Brian Lapidus, chief operating officer for the Fraud Solutions division of Kroll Inc., a company that also helps businesses and individuals resolve cases, said his company is fielding a growing number of calls from wary recipients of similar emails pitching too-good-to-be-true jobs, loans and sweepstakes offers. Even when advised of the risks, many respond anyway, Mr. Lapidus says.

 

"People want to believe that even in this economic climate, the cloud has a silver lining," he said.

Hackers exploit Obama site to spread malware

My.BarackObama.com still serving up Trojan a week after being notified, says Websense

 

A social networking site operated by the 2008 Barack Obama presidential campaign is serving up malware to unwary visitors a full week after the tactic was reported, a security researcher said today.

 

My.BarackObama.com, still active after the innauguration last week of President Obama, is being used by hackers trying to dupe users into downloading a Trojan horse, said Dan Hubbard vice president of security research at Websense Inc.

 

My.BarackObama.com provides tools that enable visitors to join groups of Obama supporters, raise funds and create a personal blog hosted on the site. The criminals have set up bogus accounts and used them to create blogs. When a user reaches one of the fake blogs, a YouTube-like video window is displayed; clicking on that video frame takes the user to a malicious Web site packed with pornography.

 

If the user clicks to view the porn, a message pops up claiming a video codec must be downloaded and installed. The executable file is no codec, but rather a Trojan horse that hijacks the PC.

 

"The group behind this is one of those that's infecting people with fake antivirus software," said Hubbard, referring to so-called scareware programs that pose as security software but are actually useless. Until the victim pays for the worthless program -- prices range between $40 and $50 -- he or she is deluged with fake pop-up warnings.

 

The cybercrooks don't just try to grab people browsing through My.BarackObama.com, Hubbard added; rather, they are actively polluting search engines with the URLs of their bogus blog accounts in an attempt to take advantage of My.BarackObama.com's reputation and popularity.

 

Although Websense first uncovered the phony blogs a week ago, it has had no luck reaching someone responsible for the My.BarackObama.com site. "We've been constantly trying to reach them, and tried every possible angle, from e-mail to the site itself to the phone, but we haven't heard back," said Hubbard. "Obviously, they've been fairly busy."

 

Multiple bogus blogs on the site are still serving the Trojan, Hubbard confirmed today.

 

A call Monday by Computerworld to the contact phone number listed in the site's terms of service was not returned.

 

This is not the first time Obama's name has been used to spread malicious code. The weekend before his inauguration, sites claiming that Obama would refuse to take office infected users with the Waledec bot Trojan; last November, the day after Obama won the U.S. presidential election, hackers launched a major malware campaign based on a site that claimed to have final vote tallies.

"Man in the Browser" attacks becoming popular among cyber criminals

 

F-Secure warns computer users of an upsurge in attacks against banking sites, targeting personal user data. These attacks use a new generation of malicious codes in a technique called "Man in the Browser".

 

Historically, cyber criminals have always sought ways of stealing the personal and banking data of web users. The techniques used by these criminals have become more sophisticated in order to adapt to the growing sophistication of the security solutions. It started with software that was capable of retrieving the data typed into the computer keyboard ("keyloggers"), and then more complex mechanisms arrived on the scene, such as phishing and pharming.

 

Phishing uses emails that the sender disguises to look as if they come from a financial establishment. When the web user clicks on the link contained in the mail, he finds himself on a bogus site that imitates that of his bank, and which retrieves his personal banking data.

 

Pharming consists in automatically redirecting the web user to a false site (imitating the site of his bank) when the user wishes to visit the real site, but without the user having to click on a link of any kind, since the usurping of the address takes place at Internet level. The "Man in the Middle" technique consists in the cyber criminal pretending to be the bank's site, intercepting the data passed by the user, and then using that data to access the real bank site to gain access to the account.

 

The latest technique used for these attacks is known as "Man in the Browser". Once the PC has been infected, the malicious code is only triggered when the web user visits his online bank site. This type of malware is capable of retrieving the information (login and password) that is entered by the web user on the real web page of the bank site by intercepting the HTML code on his web browser. This personal data is then sent directly to an FTP site where the cyber criminal stores it, before selling it on to the highest bidder on other web sites used by cyber-criminals.

 

Security products using behavioral analysis are the best solution against such attacks, as the malicious codes are designed specifically for certain banking sites. They are not distributed en masse, unlike attacks using phishing. This restricted distribution constitutes a real challenge for security software publishers when it comes to referencing these viruses and using signature recognition.

 

 

 

Three years undercover with the identity thieves

FBI's Cyber Initiative and Resource Fusion Unit infiltrates online fraud site DarkMarket

Robert McMillan

 

January 20, 2009 (IDG News Service) Salesmen and parents know the technique well. It's called the takeaway, and as far as Keith Mularski is concerned, it's the reason he kept his job as administrator of online fraud site DarkMarket.

 

DarkMarket was what's known as a "carder" site. Like an eBay for criminals, it was where identity thieves could buy and sell stolen credit card numbers, online identities and the tools to make fake credit cards. In late 2006, Mularski, who had risen through the ranks using the name "Master Splynter," had just been made administrator of the site. Mularski not only had control over the technical data available there, but he also had the power to make or break up-and-coming identity thieves by granting them access to the site. And not everybody was happy with the arrangement.

 

A hacker named "Iceman" -- authorities said he was actually San Francisco resident Max Butler -- said that Mularski wasn't the Polish spammer he claimed to be. According to Iceman, who ran a competing Web site, Master Splynter was really an FBI agent.

 

Iceman had some evidence to back up his claim but couldn't prove anything conclusively. At the time, every other administrator on the site was being accused of being a federal agent, and Iceman had credibility problems of his own. He had just hacked DarkMarket and three other carder forums in an aggressive play at seizing control of the entire black market for stolen credit card information.

 

That's when Mularski went for the takeaway. Salesmen have long used this tactic to seal difficult deals: You simply take the deal off the table in the hope that it will spur the customer to come to you. Badgered by questions about his credibility, he threatened to quit altogether. "I decided to risk it all and just said, 'Hey, if you think you can do a better job running the site and if you think I'm a fed, then by all means take the stuff. I don't want anything to do with it," he recalled recently in an interview. "What law enforcement agency would, after they were monitoring the site, want to give it back to the bad guys?"

 

Mularski's gambit paid off, and the other DarkMarket administrators let him stay on for another two years.

 

In the end, they would regret that decision. Iceman was right: Supervisory Special Agent J. Keith Mularski had gone deeper into the world of online computer fraud than any FBI agent before. Working with police agencies in Germany, the U.K., Turkey and other countries, he spearheaded a remarkable investigation that netted 59 arrests and prevented an estimated $70 million in bank fraud before the FBI pulled the plug on Operation DarkMarket on Oct. 4, 2008.

 

Mularski works for a little-known FBI division called the Cyber Initiative and Resource Fusion Unit, run out of the National Cyber-Forensics & Training Alliance in Pittsburgh. The unit is different from a typical FBI field office. It works hand in hand with industry and takes the time to do the deep research required to penetrate the world of online criminals.

 

"They have a direct personal relationship with industry people in all areas, but specifically a great relationship with the financial institutions," said Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham. The group also works closely with international law enforcement, laying the groundwork to prosecute Internet criminals who launch attacks across national borders. "Those relationships allow them to take on cases that nobody else would take on," Warner said.

 

Mularski's life as an undercover spammer began around July of 2005, when he created his handle in a tribute to the cartoon rat who is sensei to the Teenage Mutant Ninja Turtles. His unit ran a project called Slam-Spam, and Mularski, a self-confessed computer nerd, said he had picked up a lot of spamming tricks before he started the operation. "I could talk shop," he said.

 

He didn't send out spam himself, but Mularski knew what questions to ask and -- more importantly -- what not to ask. He kept to his character as a spammer. If someone approached him with a new "zero day" attack, he wouldn't ask for details. And he avoided going after personal information, not asking forum members obvious cop-giveaways such as where did they live. "The thing is with these guys, you can't necessarily target them and just approach them out of the blue," he said. "So by being out there and not really caring about things -- I played a lot of things off nonchalant -- I was able to gain their trust."

 

The hours were long; scammers don't work 9 to 5. "Sometimes I spent as much as 18 hours in a day online," Mularski said. "I was online every day from August 2006 until the operation came down."

 

His most active discussion time was between 10:00 p.m. and 1:00 or 2:00 a.m. "Every night, I'd be watching TV with my wife next to me, and I'd have the computer on, just in case somebody needed to get a hold of me," he recalled.

 

After 10 years of marriage to an FBI agent, Mularski's wife knew that operations could cut into personal time. It couldn't have been easy, though. "She was the real saint in this whole thing," he said.

 

Master Splynter didn't take vacations either, even if Mularski did. "Usually, if you're not going to be online, you've got to give notice because they wonder what you're doing, whether you got busted or not. So if I was traveling somewhere and I couldn't be online, I'd always give these guys advance notice."

 

By September 2006, Mularski had become a moderator on DarkMarket. Not as powerful as an administrator, he was still a trusted manager, one step above the reviewers who assessed the quality of products being sold on the site.

 

That's when he got his big break. And it came from an unlikely source: Iceman himself. According to authorities, Iceman was making a play to control the market for fake credit cards by hacking into four carder sites, including DarkMarket, knocking them offline and moving their membership to his own site, CardersMarket.

 

Even when the site was back up and running, Iceman continued to hit DarkMarket with distributed denial-of-service (DDoS) attacks, which would overwhelm it with wave after wave of useless Internet traffic.

 

Mularski wasn't sure how things would play out, but in September 2006, he saw his chance. He started talking with Iceman about joining CardersMarket as a moderator, but soon realized that he the had a better shot with another administrator at DarkMarket, Renu Subramaniam, a.k.a. "JiLsi." "I basically told him, 'Hey, I can secure your servers for you,'" Mularski said. JiLsi made him a moderator but held off on granting him administrative access.

 

Then one Saturday night a month later, DarkMarket started getting hammered with another DDoS attack. "I was talking with JiLsi, and I said, 'Hey, I can secure the site? The servers are all set.'"

 

JiLsi's reply: "Let's move it."

 

Mularski was now a made man. As administrator to the site he could track people who logged in and, most importantly, read everything the cyberthieves were saying to each other. Working with his international law enforcement contacts, Mularski compiled evidence and, one by one, his team tracked down the crooks who ran DarkMarket.

 

The first big one to go was Markus Kellerer, a.k.a. "Matrix001." German authorities picked him up with five other scammers in May 2007. A few months later, Mularski's patron, JiLsi, was arrested in the U.K., one of the first targets of a newly created U.K. organization called the Serious Organised Crime Agency.

 

By September 2008, the operation had pretty much run its course. FBI approval for Operation DarkMarket was set to expire on Oct. 5, and Turkish authorities had finally rounded up "Cha0" (real name Cagatay Evyapan), considered one of the FBI's top targets. An electrical engineer who manufactured automated teller machine and point-of-sale skimming devices that could be hooked up to legitimate machines to steal information, Evyapan considered himself a "very traditional, organized criminal," not just a computer hacker, Mularski said.

 

He showed his nasty side when an associate named "Kier" (news reports have named him as Mert Ortac) spoke with Turkish media in early 2008, angering Evyapan. "He kidnapped him and tortured him and posted a picture of Kier in his underwear that's now famous," Mularski said.

 

The sign read, among other things, "I am rat. I am pig. I am reporter."

 

With Evyapan gone, "we had taken out all the administrators of DarkMarket, and that pretty much left me at the top," Mularski said.

 

Still, he remained in character for a few weeks longer. In September, Mularski posted a note saying he was closing the site, in part because of police infiltration. "It obvious [sic] that the Special Services and Security f***s are still here lurking in our ranks. They continue to gather evidence on us. They read our posts, they talk with our vendors, they look to see who are the active members of the forum," he wrote, according to a posting published on Wired.com.

 

But Mularski always knew that with all the international arrests being made there was a chance, through error or differences in judicial processes, that his name would be made public. And that's ultimately what happened. A German reporter, Kai Laufen, working on a story about cybercrime, discovered Mularski's name in court documents relating to the Kellerer case. On Oct. 13, Wired reported the story, and everybody knew.

 

Still, some of Mularski's carder buddies refused to believe the reports. "These guys trusted me so much that even after the Wired article came out exposing me, for two days afterwards, people were reaching out to me on ICQ thinking that it was a hoax and making sure I was alright," he said.

 

Most were silent, however, after Mularski wrote them back saying that he was indeed an FBI agent.

 

One hacker who called himself "Theunknown" swore at Mularski, saying, "You piece of crap fed... you're never going to catch me."

 

"Why don't you turn yourself in. It beats living the rest of your life on the run," Mularski wrote back. A week later, Theunknown followed his advice.

Heartland data breach could be bigger than TJX's

This recent incident suggests cybercrooks have shifted to targeting payment processors

Jaikumar Vijayan

 

January 20, 2009 (Computerworld) A data breach disclosed today by Heartland Payment Systems Inc. may well displace TJX Companies Inc.'s January 2007 breach in the record books as the largest ever involving payment data with potentially over 100 million cards being compromised.

 

Heartland, a Princeton, N.J.-based provider of credit and debit card processing services, said that unknown intruders had broken into its systems sometime last year and planted malicious software to steal card data carried on the company's networks.

 

Visa and MasterCard alerted Heartland of suspicious activity, triggering the company to hold an investigation by "several forensic investigators," during which the intrusion was discovered, Robert Baldwin Jr., Heartland's president and chief financial officer, said in a statement. The company said the intrusion may have been the result of a "widespread global cyberfraud operation."

 

Heartland claimed that no merchant data, cardholders' Social Security numbers, or unencrypted personal identification numbers (PIN), addresses or telephone numbers were compromised.

 

As with most data breach notifications, Heartland didn't say when the card companies informed it of the breach, when the breach took place in 2008, how long the intruders had remained undetected or how many cards might have been compromised in the intrusion. A company spokeswoman did not immediately respond to requests for comment.

Related Blog

Jai Vijayan: Heartland's breach disclosure timing raises eyebrows

 

But given that Heartland processes more than 100 million card transactions per month, it is very possible that the number of compromised credit and debit cards is at least that much, if not more, said Avivah Litan, an analyst at Gartner Inc. "It does look like the biggest ever," Litan said. The TJX breach involved the compromise of over 45 million cards.

 

It also appears that those behind the breach "made off with the gold" by intercepting and stealing the so-called Track 2 data from the magnetic stripe on the back of cards, which is all that's needed to create counterfeit cards, Litan said.

 

Dan Clements, president of CardCops, an identity protection service of Affinion Group Inc., said that he has noticed activity in underground chat rooms that suggested a major compromise at a processor such as Heartland.

 

Typically when a card is stolen, crooks first check to see if the cards are still active by using it for some transaction -- often a very small donation to a charitable organization -- to see if it works. This sort of validity check has increased by nearly 20% over the past few months, suggesting a major compromise. But it's not clear yet if it is related to the Heartland breach, Clements said.

 

The Heartland compromise is the second involving a large payment processor over the past few weeks. On Dec. 23, RBS WorldPay Inc., the payment processing division of The Royal Bank of Scotland Group, announced that its systems had been breached by unknown intruders, resulting in the compromise of personal information belonging to about 1.5 million card holders. The compromised information included the Social Security numbers of 1.1 million individuals using payroll cards, the company said.

 

The incidents suggest that cybercrooks are increasingly beginning to target payment processors, Litan said. "Attacking a processor is much more serious than attacking a retailer. A processor sits at the nerve center of the payment process," and processes far more payment card data than any retailer, she said.

 

"More radical security moves" need to be taken by payments industry as a whole to address the problem, she added. Such incidents show that the security requirements of the Payment Card Industry Data Security Standard being pushed by the major card companies is clearly not enough, Litan added.

Russians start selling Wi-Fi encryption cracker

 

By John E. Dunn, Techworld

 

The Russian security company that caused a stir some months by talking up its cracking tool for recovering Wi-Fi encryption keys, has started selling its software to all-comers in a specially packaged product.

 

 

Normally, running a tool to do this on a conventional Intel Core 2 Duo desktop PC would take months to brute force even a single 8-character WPA/WPA2-PSK password, of which there are trillions of possible alpha-numeric combinations at that bit length.

 

Elcomsoft claims that Wireless Security Auditor 1.0 can perform the same function by capturing traffic from a Wi-Fi connection using a separate packet sniffer, processing the data through up to four high-end graphics cards in order to retrieve the password in a fraction of that time.

 

Although the software technique behind the software has been around for months, it now has a price - £599 for UK users.

 

The software supports hardware from either of the leading companies in the field, Nvidia and ATI, specifically the super-fast GeForce 8, 9, and 200, as well as ATI's Radeon HD 3000, with a minimum of 256MB of dedicated onboard RAM, on any version of Windows. The extra processing power simply speeds up the basic dictionary attack method of such software, cycling through combinations at a faster rate.

 

The company stops short of specifying a time to retrieve a complex password of 8 characters - the minimum allowed by WPA - but admins might infer from running the tool for any length of time that their passwords are at least secure to a minimum standard. Longer passwords, even quite simple ones, would almost certainly be beyond this tool, but therein lies the auditing usefulness of the tool.

 

One obvious concern is the illegal use of the tool to actually hack Wi-Fi networks, not just 'test' them.

 

"Elcomsoft Wireless Security Auditor works completely in off-line, undetectable by the Wi-Fi network being probed, by analyzing a dump of network communications in order to attempt to retrieve the original WPA/WPA2-PSK passwords in plain text," says the company release, confirming the tool is designed to be used with invisible sniffers.

 

A disclaimer on the website makes this issue more explicit.

 

"The program that is licensed to you is absolutely legal and you can use it provided that you are the legal owner of all files or data you are going to recover through the use of our software or have permission from the legitimate owner to perform these acts. Any illegal use of our software will be solely your responsibility. Accordingly, you affirm that you have the legal right to access all data, information and files that have been hidden."

 

The answer is to make sure that the risibly weak WEP (wired equivalency protocol) encryption is not being used by Wi-Fi access points, and that WPA passphrases are more than 8 characters, preferably grown-up randomly-generated hashes created by dedicated tools. Hash generation tools typically exceed 20 characters. Admins should consider themselves warned.

Security is top website concern for consumers

 

16th January 2009 17:23

With online shopping on the rise, a new poll has found that security remains the biggest issue for consumers using retail websites.

 

Some 84 per cent of those questioned in the poll by online payment service PayPal said that security for their purchases through money back guarantees, trusted payment methods and visible credit card logos were their top priority when buying over the web.

 

Almost two-thirds (62 per cent) said they would be reluctant to use a site that did not clearly display the payment methods it offered.

 

Other key issues for consumers included simplicity, with 78 per cent saying clear layout and easy navigation is essential, details on products and services (42 per cent) and the ability to compare user-generated comments, reviews and recommendations (30 per cent).

 

PayPal said the results illustrate how only shoppers have moved beyond factors such as price and convenience, meaning online retailers have to offer more.

 

Cameron McLean, the company's general manager for UK merchant services, said: "There is an onus on e-tailers to ensure their websites are in line with what consumers want - those that listen to feedback and adapt will be the winners."

 

Research from Capgemini and IMRG found that UK shoppers spent over £4.67 billion in December.

'Cybergeddon' fear stalks US: FBI

by Sebastian Smith Sebastian Smith

 

NEW YORK (AFP) – Cyber attacks pose the greatest threat to the United States after nuclear war and weapons of mass destruction -- and they are increasingly hard to prevent, FBI experts said Tuesday.

 

Shawn Henry, assistant director of the FBI's cyber division, told a conference in New York that computer attacks pose the biggest risk "from a national security perspective, other than a weapon of mass destruction or a bomb in one of our major cities."

 

"Other than a nuclear device or some other type of destructive weapon, the threat to our infrastructure, the threat to our intelligence, the threat to our computer network is the most critical threat we face," he added.

 

US experts talk of "cybergeddon," in which an advanced economy -- where almost everything of importance is linked to or even controlled by computers -- is sabotaged by hackers.

 

Michael Balboni, deputy secretary for public safety in New York state, described "a huge threat out there" against everything from banking institutions to municipal water systems and dams.

 

Henry said that terrorist groups are working to create a virtual 9/11, "inflicting the same kind of damage on our country, on all our countries, on all our networks, as they did in 2001 by flying planes into buildings."

 

An online attack of that scale has not yet happened in the United States but computer hacking -- once something of a sport for brilliant delinquents -- is rapidly evolving around the world as a tool of war.

 

Russian hackers allegedly mounted huge assaults on Internet networks in Estonia and Georgia last year, while Palestinian sympathizers have orchestrated attacks against hundreds of Israeli websites in the last few days.

 

Following years of fighting online criminal groups, the Federal Bureau of Investigation and other countries' security services know hackers as the most elusive and innovative of foes.

 

"It used to be we'd chase people around, literally carrying duffel bags of cash," said Donald Codling, the FBI's cyber unit liaison with the Department of Homeland Security.

 

"Nowadays the guy can use his SIM chip and he can move money all over the world and his confederates can withdraw that money from an ATM in a currency of his or her choice. It's extraordinarily difficult for us to catch them."

 

Codling, like other cyber crime fighters, expressed grudging admiration for the skills of his adversaries, who he said are highly motivated and often a step ahead.

 

"What the Internet has allowed you to do is make all the human frailities like greed, avarice and all those lovely things much more efficient," he said.

 

"We're seeing that the folks on the cutting edge of this tend to be the bad guys. There's a financial reason for them to be good at this."

 

Christopher Painter, an FBI specialist focused on building international cooperation, described another basic weakness in the fight for cyber security: the threat is largely invisible and therefore not always taken seriously.

 

"It's not like a fire," he said. "It's hard to get your head around the threat. We often discover a company has been attacked and we tell them that and they don't know."