ITWeb |

	Section editor: Mariette du Plessis Tue, 7 February 2012

Cybercrime is lucrative
BY CANDICE JONES , ITWEB JOURNALIST

[Johannesburg, 24 May 2007] - More money is made from cybercrime than from the drug trade, said Gregg Day, senior security strategist at McAfee, speaking at the ITWeb Security Summit yesterday.

Citing an FBI report, Day said organised crime represents a $1�trillion-per-year industry. He noted the industry remains popular because it is a low-risk, high-reward situation that attackers can easily exploit.�The criminal charges related to Internet crimes are, on the whole, more lenient than traditional crimes of similar capacity.� He added that part of the reason it is such a lucrative business is because online criminals are extremely hard to track.

�Online organised crime is no longer just an industry, but has evolved into an ecosystem.�

Day explained most malware or malicious code has a hierarchy of developers. �In the source code for the virus Agobot, there is a list of nicknames and their respective job functions in the development of the code.�

He said lists of vulnerabilities and virus codes are becoming easier for attackers to come by because part of the ecosystem is the sharing of possible exploitations. In one example, someone attempted to auction a Microsoft vulnerability on eBay.

�It doesn't matter where you are in the world, you can still be affected by online crime.�

Facts and figures

Day stated that, on average, a person receives 2�200 spam e-mails in a year, some of which could carry links to phishing sites, Trojan key-loggers, or any number of viruses. �Eighty percent of all mail being sent today represents spam.�

He added that an estimated 50% to 80% of computers attached to the Internet have some form of spyware.

Profiling the culprits

Day noted the average online attacker is most often between the ages of 14 and 19, and will usually start out as a hobbyist. �Sixty percent to 80% of students have admitted to trying an attack.�

While it starts out relatively innocently, attacks like these can become something of an addiction. �It is easier to perform an online attack, because you are not face to face with the victim and the immediate impact of what you have done is not visible.�

Day explained the biggest challenge is to create an international consensus on how to deal with organised online crime, because the problem has no borders.

Related stories:
Economics drive security
Complexity the enemy of security

NINE must-read security books are up for grabs

You could be one of 10 lucky delegates to win one of the following must-read security books that are up for grabs in the Intersoft lucky draw at the 2007 Security Summit.

Computer Security 2/e: 20 Things Every Employee Should Know (2 copies)
Computer Forensics Jumpstart (1 copy)
Secrets of Computer Espionage (1 copy)
Anti-hacker toolkit (1 copy)
Hacking Exposed 5th Edition (1 copy)
Hacking Exposed: Web Applications 2nd Edition (1 copy)
Security and Usability (1 copy)
Art of Deception (1 copy)
Art of Intrusion (1 copy)

Click here for more information on these books

Speaker documentation

Conference delegates click here to access the speaker documentation.

Endorsed by

EVENT SPONSOR

SecureData is a specialist value-added distributor of perimeter, application, network, and endpoint information security and risk management solutions. SecureData's security and risk management solutions include best-of-breed business continuity, secure content and threat management solutions, devices and appliances for the perimeter, data centres, network, endpoints, messaging and Web.

PLATINUM SPONSORS

For close on three decades, Oracle has built a reputation for delivering many of the industry's most secure solutions. Enterprises today rely on Oracle to meet their information protection and security needs � for both Oracle and non-Oracle systems. Oracle ensures security inside the data centre and beyond, spanning the database, middleware, and business applications.
Also sponsor of Executive CIO Roundtable