Computer crime gets organized
Hands on laptop computer keyboards. The Black Hat and Defcon conferences, occurring this week in Las Vegas, will feature security experts discussing strategies on keeping online data secure.
KAI RYSSDAL: Hundreds of law enforcement officials and computer security experts will be meeting at Kennesaw State University in Georgia in a couple of weeks. They'll be talking about the dark side of the computer revolution — computers as criminal tools. They make it oh so easy to target your money or your identity. And behind that rise in cybercrime is a sinister brand of entrepreneur, as Steve Tripoli reports form the Marketplace Entrepreneurship Desk.
STEVE TRIPOLI: A decade ago the movie "Hackers" portrayed a bunch of cyber-hip teens who busted into corporate computers mostly to show off.
HACKERS: Yesssss, home run, home run, OK, OK, OK . . .
Just showing off doesn't cut it anymore. Vincent Weafer of Symantec, which makes Norton antivirus software, says a far nastier group has now moved in.
VINCENT WEAFER: Really, we saw a dramatic transition from the old hackers, virus-writer era into the cybercrime era occurring the end of 2004 to early 2005. It was a very, very dramatic changeover.
These new bad guys saw big money in attacking computers. They want your personal information so they can rob you, or so they can pose as you and steal from someone else. Or maybe they want to hook up your computer to thousands of others in a cybercrime invasion army called a "bot-net."
Weafer says this group's different in another way, too.
WEAFER: Many of them are entrepreneurs coming in.
Entrepreneurs without their own hacking skills. What they're about is building a business based on hacking.
Dave Marcus of McAfee Labs, another antivirus firm, says organized crime groups worldwide are players. They and others recruit young geeks they find in coffee houses and other hangouts.
But they're drafting another cohort too — college students with more advanced tech skills.
DAVE MARCUS: And they look to them for a different reason. They're more look to the university students to place them later on down the line in a company that they're gonna need insider information on. They will look for a person who's in their second year or first year of college and actually sponsor their education.
These dark-side recruiters also chase seasoned pros.
Gadi Evron is a computer security expert with the Israeli firm Beyond Security. He says he's been recruited twice.
GADI EVRON: The first time somebody just gave me a call, out of nowhere, saying they hold my resume in their hands. And they wanted to know if I'm interested in a job hacking into websites.
Evron guessed that these callers were middlemen. He never found out who was behind them. But the next approach was more direct.
EVRON: I was in a formal meeting with very impressive people, and they said, "We are a global firm for private investigations. And we are interested in your help." And it became pretty clear over the conversation that they were speaking of industrial espionage.
Evron wouldn't name that company. But he says it's pretty clear both ends of these deals know they're breaking the law.
And he says people with no special computer skills might be tricked into cybercrime.
EVRON: You yourself, Steve, may get an e-mail for example saying, "Hey, are you interested in work from home? Or some sort of a 75K-a-year job?" And the one thing they don't tell these people is, that they'll be arrested in about a week or two.
These folks are being used to launder money. For a fee, they transfer stolen funds to Russia, China or another cybercrime outpost, thinking it's a legitimate transfer.
Then they get dumped. Their untraceable sponsors don't care if these so-called "money mules" are quickly busted.
HACKERS: Man, there's too many garbage files, I need more time.
In that decade-old movie, the fictional young hackers track down the evil computer virus and, of course, save the world.
HACKERS: I found it! I found it!
You should be so lucky in real-world 2007. Gadi Evron says most people don't realize how dangerous the Internet has become. Serious-looking websites and e-mails can be impostors. Celebrity websites, social sites like MySpace and hot sites like one for this year's Super Bowl have all been booby-trapped. Bottom line? You need to have all your computer defenses up, and you need good ones. Because there's no larger solution for fighting these new cybercrime entrepreneurs right now — and they know it.
I'm Steve Tripoli for Marketplace.