Cybercrime grows up, fans out
Internet frauds have come a long way, and now involve cross-border white-collar gangs, writes N. Madhavan. See graphicsindia Updated: Apr 09, 2010 22:30 IST
Among the many things showcased in a tour of Hollywood’s famed Universal Studios is the amazing way of a silent movie star called Lon Chaney, who used make-up so effectively that he was called “The Man of A Thousand Faces.”
Not far from the studios, in another Los Angeles suburb called Culver City, software experts are racking their heads to face an Internet Age version of the famed filmstar.
Experts at Symantec Corporation, the anti-virus software company that makes the Norton suite of security software, are fretting over what they call Scareware — which like Chaney, offers fake software in a thousand names and packages.
Typically, when you are surfing the Web, you may get a virus alert with an offer to clean up the mess with a cheaply priced anti-virus software (at about $15 or Rs 660). If you are worried enough to quickly make the purchase, you may be walking into a trap by sharing personal details including credit card information that can be abused. But trapping them is difficult. Some even have call centre support to make it look real.
IT industry experts and officials of the US Federal Bureau of Investigation (FBI) say Scareware is one of the many new faces of cyber crime and fraud as the Internet gets bigger and goes wider across the planet.
“The days of a teenage hacker in a basement is long gone,” says Adam Palmer, lead cyber security advisor at Norton consumer software division.
There was a time when a Google search meant a string of results that contained the Websites most likely to match what you are looking for. Not anymore.
In what experts now call “search results poisoning,” spurious or dubious websites are created to work in sync with the factors that Google uses to rank sites. This results in innocent surfers enticed to visit sites that may trick them.
Sitting in a conference hall called the War Room, Kevin Haley, director at Symantec Security Response, purveys 11 monitoring centres and 29 global support units to scan information from computers in 200 countries to look for malware or suspicious websites.
Malware — or malicious software code — is no longer acquired only from an executable (EXE) file or clicking on an unsafe link. Downloading of PDF (portable document format) files can trigger suspicious activity or even a browser like the Microsoft Internet Explorer can carry hidden agents that compromise safety.
“We saw a shift begin in 2007. Now 90 per cent of what we see is professional criminalisation,” said Haley.
Phishing — the by-now familiar practice of making people part with sensitive financial data — is now sophisticated.
Kashima Brown, a Californian finance professional, got conned when she clicked on a link that seemed to be from online payment site PayPal, of which she was a user. She ended up parting with her personal details which was used to seek money from her friends. She got alerted, but found her Yahoo password changed and also that someone had opened a fake bank account in her name. She had to go out of her way to fight all that.
To prove their point about sophisticated cybercrime, Symantec officials stage “black market” events where they showcase Internet activity as if it was taking place in the real world.
In a corner of their Culver City campus, Norton's senior director, Dave Cole, jokes as he shows a sackful of “credit cards” piled up like wheat or salt — to be sold like a commodity.
Symantec officials speak of an underground trade in which hacker toolkits, fake software, credit card details and passwords are sold.
“We steal your mother’s maiden names,” says a poster, symbolically showing the re-selling of personal details. He says cash-rich bank accounts can be sold for a fraction of the amount in balance to cyber criminals who try to extract funds from it through fake transactions.
Cole said the technology experts who created targeted Internet advertising, called “Ad ware” are being tapped by organised gangs in places such as Russia and Ukraine to aid cyber crime. “It is marketing gone wild,” he said.
Vincent Weafer, vice-president at Norton, says cyber criminals make use of social networks such as Facebook and Orkut because enticing messages can be spread through trusted friends and contacts who make their task easier.
With a global network of operatives, tracking the trail, gathering evidence and prosecuting the accused is not an easy task, FBI officials say. In one instance, 53 US citizens and 20 in Egypt were found working in tandem.
“Many of the organised groups are leaning towards white collar crime,” said Jason Smolanoff, an FBI official.
That makes it sound like a cyber mafia.
The writer’s travel, boarding and lodging for a US visit to cover the story were provided by Symantec Corp