If you needed another reason to pay attention to computer security and to ensure that you have reliable backups of your critical business data, a new report from the Federal Bureau of Investigation should serve as a splendid reminder.
As reported by Ben Worthen over at the Wall Street Journal (see FBI: Cyber-Crime Outlook is “Bleak��?, paid sub), the FBI has come out and said:
“The problem is so vast and so systemic that people need to be prepared for the worst… Companies need to assume that they’ll be a victim.”
Certainly doesn’t fill me with a great sense of confidence, needless to say.
More alarmingly, FBI agent Scott O’Neal, Chief of the Computer Intrusion section, tells Worthen that the difference is that cybercrime is no longer about young hackers seeking notoriety or testing systems (a classic definition of “hacker” for us old-school computer types) but moving more into the purview of organized crime and crime syndicates.
“Criminals saw the early hackers and said wow, that’s a lot less dangerous than drug trafficking.”
A typical cybercrime now apparently involves the criminals targeting an individual company — or individual employee in that company — to gain access to marketable information like credit card numbers. A key point: this new breed of hackers who break into systems aren’t necessarily the ones that use the stolen data. That’s another group entirely.
In fact, here’s a chilling exercise: Go ahead and Google buy credit card number site:cn and you’ll find that this search for sites just located on domains in China (.cn) matches over 300,000 pages, including the following entry as #1:
“I would like to buy as many credit cards as possible. Each credit card must have Credit card number : 16 digits Card Identification Number : 3 digits …”
Indeed, let’s have a closer look at that first one because, as you can see, it’s pleasant, nicely written and almost seems innocuous if you don’t think about what they’re really asking for:
And let’s look at one more match, a bit more random:
“RUSTOLEUM ENAMEL : download stolen credit card numbers ,stolen paintings world war … stole buy christmas grinch movie poster stole babe ruth stolen base . …”
The upshot of this is that both as individuals and as a member of a company, even a one-person company, you really do need to become more savvy about the price of our modern information age, more vigilant about your own security, your customer data, your business.
The cost of not doing that might just be far higher than you’re prepared to pay.
Sadly This is all too true.
Another point made by Law Enforcement. Is many of the attackers are Eastern European or China.
They target US companies and citizen, and when asked why, their response is often: “Why don’t you protect your systems better!”
Case in point is the UK hacker currently being extradiated, he hacked into US government agencies (NASA included) with Administrator access and a (hold on to your hat) a blank password.
Sadly this is not only the case in US government agencies, but US corporations. Setting up Windows Servers with confidential information and a blank password to the Administrator account.
US corporations just do nothing and when attacked
just pass the cost on to the client/customer.