Cybercrime is lucrative

By Candice Jones, ITWeb online telecoms editor

Johannesburg, 24 May 2007

More money is made from cybercrime than from the drug trade, said Gregg Day, senior security strategist at McAfee, speaking at the ITWeb Security Summit yesterday.

Citing an FBI report, Day said organised crime represents a $1 trillion-per-year industry. He noted the industry remains popular because it is a low-risk, high-reward situation that attackers can easily exploit.

"The criminal charges related to Internet crimes are, on the whole, more lenient than traditional crimes of similar capacity." He added that part of the reason it is such a lucrative business is because online criminals are extremely hard to track.

"Online organised crime is no longer just an industry, but has evolved into an ecosystem."

Day explained most malware or malicious code has a hierarchy of developers. "In the source code for the virus Agobot, there is a list of nicknames and their respective job functions in the development of the code."

He said lists of vulnerabilities and virus codes are becoming easier for attackers to come by because part of the ecosystem is the sharing of possible exploitations. In one example, someone attempted to auction a Microsoft vulnerability on eBay.

"It doesn't matter where you are in the world, you can still be affected by online crime."

Facts and figures

Day stated that, on average, a person receives 2 200 spam e-mails in a year, some of which could carry links to phishing sites, Trojan key-loggers, or any number of viruses. "Eighty percent of all mail being sent today represents spam."

He added that an estimated 50% to 80% of computers attached to the Internet have some form of spyware.

Profiling the culprits

Day noted the average online attacker is most often between the ages of 14 and 19, and will usually start out as a hobbyist. "Sixty percent to 80% of students have admitted to trying an attack."

While it starts out relatively innocently, attacks like these can become something of an addiction. "It is easier to perform an online attack, because you are not face to face with the victim and the immediate impact of what you have done is not visible."

Day explained the biggest challenge is to create an international consensus on how to deal with organised online crime, because the problem has no borders.