Online Criminals Move On To Corporate Espionage

from the plain-old-phishing-doesn't-pay dept

Thu, Nov 13th 2008 11:07pm — Mike Masnick

One of these days, someone will do a fascinating study or book on the evolving nature of online crime. It's a constantly changing phenomenon that would be quite interesting to study. A few years ago, we noted that the ease with which script kiddies could jump into the phishing and online extortion market meant that margins were getting squeezed for older online organized crime groups who had focused on such practices in the past. Apparently, the big money now has moved away from standard phishing and into corporate espionage. Organized crime groups are figuring out ways to hack into company networks, suck up as much data as possible, and then sell it off to the highest bidder -- whether it's competing firms or foreign governments.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: corporate espionage, cybercrime, espionage, organized crime, phishing

7 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

louise, 14 Nov 2008 @ 1:54am

technology grows, cybercrime grows
It seems the more I read about growing online or technological trends, the more I see about cybercrime trends. We're all concerned about phishing - and it's almost become second nature to some people to avoid spam-like emails but now how do you spread the word about Spear-Phishing and Vishing and all the other new attacks that lurk about?

The only thing we can do is diffuse the importance of being vigilant. I work for Passpack, which is an online password manager - we try to make it so that 'the highest bidder' has nothing to bid on anymore.

Here is a quick post on how privacy is evolving:
http://tinyurl.com/43m5s7

Louise
[ link to this | view in chronology ]
Roger, 14 Nov 2008 @ 5:25am

The key to understanding
The key to understanding crime generally, and the evolution of crime, is to appreciate it as a biological phenomenon. In this sense, criminals are parasites. Not just metaphorically, but in a very literal sense.

Any biological system that has input of energy, transformation of energy and output of energy, has the potential to be parasitized by organisms that exploit weaknesses in the system's defenses.

This is not to justify crime or to say we shouldn't fight it. Of course we should. But it behooves us to appreciate that with any new system that we devise, new ways of feeding from it will emerge.
[ link to this | view in chronology ]
Killer_Tofu (profile), 14 Nov 2008 @ 5:37am

Ha
And while everybody else gets all of the knowledge of how stuff works, America continually falls farther behind thanks to copyright and patent laws. News at 11 ...
[ link to this | view in chronology ]
Chris Brenton, 14 Nov 2008 @ 5:48am

Thank you for blogging this. For about seven years now I've been following the trend of malware writers using non-signature Trojans in spear phishing attacks. Anti-virus software is completely ineffective against this business model. If you are not running HIPS and application control on your desktops, you are going to get whacked.
[ link to this | view in chronology ]
Roger, 14 Nov 2008 @ 6:00am

The future of fighting fraud
Check out this BBC article on cybercrime

http://news.bbc.co.uk/2/hi/technology/7729218.stm
[ link to this | view in chronology ]
chris (profile), 14 Nov 2008 @ 7:22am

Bruce Potter called this years ago
BP (from the shmoo group) talks about the spectrum of security threats, and how highly automated attacks by individuals or small groups with relatively low skill levels (viruses, trojans, etc.) are largely ineffective thanks to signature based tools like AV and IDS/IPS and therefore represent the low end of the threat spectrum.

the middle of the threat spectrum is represented by more specialized and targeted attacks (spear phishing, rootkits, malware, bots etc.) by teams of skilled programmers. this is the current state of the art for information security professionals. these teams require funding and recruiting and are probably backed by a corporation, criminal organization, or nation state.

the high end of the threat spectrum is the insider: a person with varying levels of security clearance and physical access. in the industry this is largely ignored or written off as detecting and defending against these attacks are not feasible if not impossible.
[ link to this | view in chronology ]
Blake Laocoon, 20 Nov 2008 @ 12:22pm

The Weakest Link
The weakest link in any organisation is always going to be at the point of interface between man and machine. There's no shortage of information out there on how to protect data and the key remains awareness, regular training and re-training. In relation to data security and integrity my company, www.systeminterfacesolutions.co.uk, is dedicated to three words once coined by Tony Blair, 'education, education, education' - the difference is that we mean it.
[ link to this | view in chronology ]