Complexity of Online Threats Increasing in 2006
Online account takeovers -- especially those targeting retirement portfolios -- are the kind of fraud and identity theft most troubling to U.S. Secret Service cybercrime experts, said Larry Johnson, special agent in charge of the agency’s criminal investigative unit. Online accounts are being targeted more frequently because “that’s where people have the most money, as opposed to checking accounts and/or savings accounts,” he told a Capitol Hill briefing Tues. Hackers take control of an account through social engineering tactics, empty its contents and close it out, Johnson warned.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The emergence of that technique illustrates how the complexity of attacks is increasing, Johnson said. A few years ago, skimming fraud -- stealing credit card information with a simple ATM swipe -- was considered a high-tech crime and now it’s “just above low tech,” he said. Criminals can stealthily “hide behind a keyboard” anywhere in the world, which facilitates innovative threats, Johnson said.
Digital currency conduits and electronic exchange brokers are also worrisome. Johnson’s agency is part of the Treasury Dept., which recently released a report highlighting risks in electronic currencies. The way the industry, which is essentially unregulated, is classified by the govt. might need to be changed in the future to safeguard consumers, he indicated.
Prevention is the Secret Service’s core principle when safeguarding the president and fighting cybercrime, Johnson said at the Symantec-sponsored event. The agency has about 20 ongoing online operations that put prevention front-and-center, he said. “With those types of crimes, once the cow is out of the barn, then it’s mop-up time.” Some victims spend most of a year trying to get their identities back, he said.
The future of cybercrime is scary, panelists said. Symantec Vp Art Wong said hackers will become more organized and a black market is emerging around threats for financial gain, he said. As crime rings get more advanced, hackers get more specialized, Wong said. Since wide-sweeping threats -- like previous years’ Blaster and Slammer worms - aren’t as prevalent in 2006, consumers are being lulled into a false sense of security. “People probably think they're safer today than they have been in past,” but that’s not the case, he said. The risks are greater now than ever, he said.
The new year promises to be “more of the same, but very much different,” Wong said. There’s been a change in scammer activity and a shift in hacker motivation, he said. According to Symantec analysts, there’s been a massive increase in malware variants rather than an abundance of new viruses and worms, he said. Existing threats have been modified and they travel slower and attack a narrower set of targets, Wong warned. “Hackers today have moved from, instead of hacking for fame, hacking for profit and financial gain,” he said. An IBM report released Mon. reached similar conclusions (WID Jan 24 p7). Andy Purdy, acting dir. for the Homeland Security Dept.’s National Cyber Security Division, and Betsy Broder, FTC’s assistant dir. for privacy & identity protection, also shared their agencies’ views on cybersecurity.