High-tech mobsters

Organized crime is a ruthlessly efficient machine: It follows the money. And these days, the big bucks — passwords, identities, intellectual property, or cash from compromised credit cards and bank accounts — are secreted behind corporate firewalls worldwide.

So it’s no surprise that Russian mafia and U.S. mobsters have done the math and moved in. As Contributing Editor Roger A. Grimes, author of our 2005 Security Research Report “IT under siege: The security arms race”, notes, “When there’s a cash goal, you suddenly see serious criminal types, guys with guns, getting involved.”

So much for the stereotype of the rebel-without-a-cause virus writer, some kid trying to impress his buddies. Today’s prototypical malware purveyor has a specific cause: to infiltrate a network and steal something of value, often on a grand scale. This financial incentive drives the surge in attacks (up 29 percent from last year, according to our survey). It’s also why attacks have become more targeted and harder to stop.

Grimes, a security consultant and author of InfoWorld.com’s Security Adviser column, has seen particularly rapid growth in bot nets, networks of hacked computers. Interested parties can rent these compromised networks by the hour, hiring them to spew spam or viruses or even to launch denial of service attacks. “This activity is right out in the open,” Grimes says. “Bot nets are advertised for rent in IRC chat rooms, which can be unsavory places to hang out unless you know what you’re doing.” Bot net providers typically direct customers to a Hotmail account or a private IRC channel.

So why haven’t the police cracked down? “The feds don’t have the resources,” Grimes explains. “Plus, these kinds of crimes are notoriously hard to prosecute.” In other words, expect your company’s security problems to get worse before they get better.