The mind of a cyber criminal

From organised criminal gangs designing malware to fraudulent employees in the midst of an organisation, the threat to digital systems and data can come from all directions – not always the most obvious.

“They’re not just spotty teenagers sitting in their back bedrooms anymore,” says Iain Ainslie, technology and cyber liability underwriter at Ace European Group. “These are large-scale industries targeting companies and individuals.”

The threat environment is rich and evolving. This is one of the conclusions of the Lloyd’s 360 report on digital risk. It looks at the growing sophistication of cyber criminals, including gangs involved in carding and online fraud, cyber terrorists, industrial espionage and disgruntled employees.

“Many different attackers, with different motivations, are pooling their skills,” says the report. “We need to think about how attackers will adapt to take advantage of any potential vulnerabilities in our IT systems.”

State-sponsored hackers

The big story this year was the Stuxnet computer worm, which attacked Iran’s nuclear facilities. Described as "one of the most refined pieces of malware ever discovered”, security experts think it is the work of a national government agency.

“It was targeted at a specific control system but if you look behind it, it was very sophisticated and the analysts are now saying a lot of time, energy and money was spent designing, writing and flowing it out,” says Marcus Alldrick, Lloyd’s senior IT manager.

While most companies may not expect to be the target of modern espionage, there are multiple reasons for individuals and gangs to try to compromise a firm’s IT infrastructure or to steal its data.

Financial gain is an obvious one. A major cyber-crime network that was shut down in 2009 stole $70m from a range of victims – mainly in the US – including SMEs, municipalities, churches and individuals. The gang used Zeus Trojans to steal online banking information.

What is significant about this case is its broad international reach. From their offices in the Ukraine, hundreds of hackers (mostly students) were encouraged to hack into bank accounts, stealing vast sums of money. In September 2010, 37 individuals were charged in the US for their role in the scheme, following 11 arrests in the UK and five in the Ukraine.

Ideological attacks

Expecting all attacks to be financially motivated is a mistake, thinks Airmic board member Elaine Heyworth. “I can see how a criminal mind and a non-rational mind could attack from a cyber space perspective,” she says. “We may not be ready for it because it may have never entered our minds to think that somebody would attack that type of company.”

Head of risk management for an international mobile phone company, she is concerned that we may see more ideologically-motivated attacks in the future. “People may think, ‘I’m going to take down a mobile network today’ or ‘I’m going to take down a hospital because my grandmother died there’ – there may not even be a rational explanation for what they’ve done.”

The enemy from within is also a growing concern for many companies, particularly during a period of recession. In the UK, fear of losing jobs is cited as the main reason why fraud is committed, according to a PwC survey.

“In a situation where you have a big merger going on, you may have the disgruntled employee who is going to lose his job but still has access to data that could be valuable to other people,” Heyworth says.

Internal fraudsters may act alone or be coerced into stealing from their employers by a third party. In 2006, one in ten Glasgow call centres was infiltrated by criminal gangs according to reports.

Companies need to react as quickly as possible and have the right controls and procedures in place to catch fraudsters in their midst. Heyworth says: “Reputational damage is a huge issue and the whole insider employee issue concerns me a lot because we do give people authority to access data.”

 

Comments

No comments