December 30, 2008

Poor Economy Could Lead To More Hi-Tech Crime

Experts say the economic downturn is likely to affect hi-tech criminals over the next year.

However, hi-tech criminals are likely to see opportunities to prosper rather than suffer in the downturn.

"Crime tends to rise when you have more unemployment," said Mikko Hypponen, chief research officer at F-Secure.

"If you look, in general, where the attacks are coming from you can find social reasons behind them," he said.

He believes it is not a technical problem, but a social problem.

Hypponen said layoffs of many people familiar with net technology may tempt more into crime simply because their chances of being caught are slim. Equally, the punishments for those that are caught are not harsh.

Those that did turn to hi-tech crime would find an underground service economy that will sell them all the bits they need to get started as a net criminal, he said.

Job losses could also trigger a wave of crime as aggrieved workers strike back at their employers, according to security firms.

This could mean that the intellectual property that a company relies on to keep going, such as its customer database, is copied and walks out of the door when employees pack up and leave.

Adam Bosnian, a spokesman for Cyber-Ark, said the damage that insiders can do should not be underestimated. "It can take just a few minutes for an entire database that has taken years to build to be copied to a CD or USB stick," said.

Companies need to be especially vigilant about protecting their most sensitive data against nervous or disgruntled employees during faltering economy, he added.

"I would imagine that fraud is going to increase next year," said Carl Clump, chief executive of Retail Decisions that helps businesses spot and tackle credit card fraud.

Clump believes even with the global economic slump fraud had been increasing year on year and there was no reason to expect that 2009 would buck that trend.

Widespread economic malaise would only act as a fillip to that rising tide, he said.

"It's a lucrative area and it's relatively easy to do," said Clump.

He suggested that security initiatives such as chip and pin may have tackled fraud at some points, but that only meant fraudsters had focused on the next weakest area.

Many fraudsters, in particular, have moved on to so-called Card Not Present fraud, which is typically carried out via e-tail sites on the net.

CNP fraud was up 18% on 2007. Over the same period losses from UK online banking fraud rose by 185%, according to figures released in September by the Association of Payment and Clearing Services (APACS) which represents the UK's card firms.

Clump said those unwilling to become spammers or phishers might well be a tempted into low-grade fraud, especially if they have lost their job or are struggling to make ends meet. "In times like these people take desperate measures," he said.

The grim times could tempt people to make choices they would not make in better times, according to Dan Hubbard, chief technology officer at Websense.

"Gambling tends to go up when economies are down," he said.

He believes people could be more willing to work alongside web criminals and act as money launderers or mules.

The ongoing development of the web, mash-ups and semantic technologies could introduce new vulnerabilities, Hubbard said.

"These will all add another level of complexity to the web. It will create a rich user experience but behind the scenes it is grabbing data from all over the place," he warned.

And it could prove tempting for criminal groups if not properly managed and thoroughly checked for security loopholes.

"There are more targets than ever," said Hubbard.


On the Net: