Nigeria may be overrun with ‘419’ fraudsters, and Indian outsourcing companies are apparently susceptible to hacking because they are open for business for such long hours, but the UK’s vulnerability is perhaps the most worrying of all.
According to leading security expert Chris Rouland, chief technology officer of US network security supplier Internet Security Systems (ISS), the UK, along with Australia, is “particularly vulnerable” to banking scams and hacking.
Why? Simply because there are so few banks relative to population size. Fraud is often a numbers game, and, with a bigger target market per bank, the fraudsters have a higher chance of fooling users with ‘phishing’ attacks – emails that purport to be from a genuine bank and seek to trick people out of their login details and passwords.
Rouland says UK email addresses are also easily identifiable, making it easier for cyber criminals to imitate a national bank. The US-based Anti-Phishing Working Group has estimated that 5% of individuals sent such emails fall victim to the scam.
The new trend also high-lights the growing commercialisation of Internet crime. Says Rouland: “In 2004, hacking achieved profitability.” He contrasts that with previous years when hackers tended to focus on vandalism and gaining peer respect, rather than the more lucrative practice of teaming up with spammers and virus writers.
Often backed by organised crime, sophisticated IT criminals are now reinvesting profits in engineering, making so-called ‘zero-day’ exploits – a virus taking advantage of a previously undetected vulnerability – increasingly common. “The Russian mafia is the sales and marketing arm for computer hackers,” Rouland adds.
Cyber criminals are becoming well educated in the principles of good computer science, such as reusing code. Some recent worms even show signs that their authors have been beta tested in a computer lab before releasing it into the wild, ensuring it has maximum impact.