In the Wireless Age, the image of the lone hacker hunched over his computer has given way to a far more frightening reality. Hackers are joining forces with other like-minded entrepreneurs, creating multinational organizations dedicated to cybercrime. The annual price tag: almost one trillion dollars, according to a 2009 study from McAfee.
In a March, 2010 speech, Steven Chabinsky, deputy assistant director of the FBI’s Cybercrime Division, reported that the organizations operate like corporations, farming out work to contractors. Besides the leaders, their ranks include hackers, programmers who create malware code, vendors who deal in stolen data, fraudsters who do spamming and phishing, cashiers and tellers who control the accounts and money laundering operations and tech support.
Corporate cybercriminals are known only by their screen names. They connect through members only online forums where they exchange advice and get work. How do they earn a living? Using hacking tools they’ve developed, legions of PCs they’ve taken over (botnets) and the banking and credit card information they’ve stolen with them.
Lessons from the Master Hacker
The most infamous example of the new corporate face of hacking is Albert Gonzalez whose Internet handles were Segvec and Soupnazi. In 2005, while wardriving in search of hacking targets, Gonzalez discovered the unsecured wireless networks in TJX Companies’systems. In a series of cybercrimes dubbed “Operation Get Rich or Die Tryin’” Gonzalez and his international accomplices used those entry points to infiltrate exposed systems and launch attacks against the more secure TJX networks, stealing over 40 million credit and debit card numbers. Then with two Russian partners, he moved on to hack Heartland Payment Systems, Hannaford Brothers and 7-Eleven – netting another 130 million card numbers. It wasn’t until 2010 that Gonzalez, a one-time informant for the Secret Service, was tried, convicted and sentenced to 20 years in prison – all before he turned thirty. According to the government, it was the single largest hacking and online identity theft case ever prosecuted.
Organized Crime Is Behind Most Data Breaches
“Get Rich or Die Tryin’” was a series of spectacular hacks. But multimillion dollar cybercrimes aren’t unusual. According to the 2010 Verizon Data Breach Investigations report, international organized crime was responsible for 85% of all stolen data last year.
This year, the Federal Trade Commission closed down a large number of dummy companies that had made $9.5 million in small credit card charges against 1.35 million compromised credit cards. What’s shocking is that less than 6% of the fraudulent charges were contested by card holders. The cybercriminals used money mules who were U.S. residents to funnel the stolen funds to banks in Bulgaria, Cypress and Estonia.
If your credit card information was stolen recently, there’s a good chance that organized crime was involved. To protect yourself, make stopping identity theft a priority.
What You Can Do
- Make sure your firewall is turned on and your security software is up to date. Check that your web browser is configured to warn you about phishing websites.
- Passwords are the weakest link in protecting your confidential information. Whether you’re a consumer or a business, use passwords that are easy for you to remember but difficult for others to guess. Use unique passwords for different websites and change them often.
- Avoid clicking on links contained in email or websites that you have no reason to trust. Never download or install any software unless you are certain that it comes from an authentic source.
- Besides running antimalware software on your computer full-time, periodically scan it for malware that could have slipped through the cracks. To defeat new threats, keep your computer’s operating system, applications, and antimalware program up-to-date.
- If you operate a business, make sure that sensitive data and confidential information are protected by complying with mandated security measures. Use monitoring tools to track security breaches.
- Use a VPN (virtual private network connection) like PRIVATE WiFi™ when sending sensitive information over the Internet. This will avoid interception by malware that could be recording your Internet traffic.