Social networking websites like Facebook as well as cell phones may be the new vehicles of choice for cyber criminals who are getting better at what they do, says the director of the federal agency responsible for helping to prevent and respond to computer attacks.
Randy Vickers, director of the U.S. Computer Readiness Emergency Team, told The Greenville News that he believes cyber attacks overall are increasing because of the number of groups that are doing the attacks. The bad guy, he recently told an auditorium of South Carolina law enforcement officials, isn’t really doing anything new. “He’s just doing it better.”
Technology that attracts large numbers of people, such as social networking sites and cell phones, also attract criminals, who may want to steal information, hack into a financial account or capture personal information for identity theft, Vickers said.
“We’re starting to see that (cell phones) become a big threat as phones become smarter,” he said. “Not because the device itself is a negative thing but because that is what we’re doing.”
He said the same thing is true with social websites, where users can be redirected to malicious sites.
“It looks like Facebook, smells like Facebook but it’s not,” he said. “Or embedded in a Facebook page is redirection to malware or actual malware. The bad guy knows we use the Internet. He knows we use the Internet for almost everything.”
In South Carolina, officials in 2003 established a joint task force to fight cyber crime that now includes agents from the U.S. Secret Service, the State Law Enforcement Division, banks and local law enforcement agencies, including the Greenville County Sheriff’s Office and Greenville Police Department.
The task force targets attacks ranging from “skimming” ATM cards to hacking into banks’ computer systems.
“We’re, in a lot of ways, woefully behind on that front,” Reggie Lloyd, director of the State Law Enforcement Division, told The News.
“I think, quite honestly, we’re getting up to speed but we’re nowhere near where we need to be. That’s not a criticism of anybody. But I think we’ve got to understand the threat that is out there.”
Michael Williams, special agent in charge of the Secret Service’s South Carolina offices, said in 2009, there were two reported instances of skimming in the state, stealing information off of ATM, credit or debt cards by store clerks or devices planted at ATM machines or gas pumps to read the numbers and passwords.
So far this year, he said, there have been 10 such incidents statewide and may involve a group of Bulgarians and be traced to South Florida.
Vickers, whose agency is a part of the U.S. Department of Homeland Security, said computer system sensors and an increased awareness are behind some of the increase in reported computer attacks.
“But I think there is some increase to the activity because more and more groups are able to do it because of the pervasiveness of the information on the Internet,” he said.
Phishing scams, where criminals use personal or business email to lure recipients, remains a big problem, Vickers said.
“That’s why phishing is so prevalent because it’s one of the hardest things to stop,” he said. “That’s why Web-based redirection and attacks is so prevalent because it’s one of the hardest things to stop because it’s so much a part of the way we do business.”
It’s also hard to stop because many machines in the nation remain vulnerable to attack, he said. The average infection of a computer is 300 days old and 80 percent of compromised machines are infected more than a month, according to Vickers’s presentation to law enforcement.
Businesses can arm themselves, he said, by staying current with software security. Some of the incidents involving Conficker, a major computer attack last year, concerned two-year-old vulnerabilities that weren’t patched.
“That’s what the bad guy is exploiting,” he said. “If there is any message to be sent, it’s to stay current with best business practices, always look to improve your security posture.”
Aiding cyber criminals is the proliferation of toolkits that allow even the unskilled to create custom malware, or malicious software, that can be used to steal personal information. Vickers said some software allows criminals to monitor the collection of stolen information much as a stock broker monitors the market.
“It is becoming a system,” he said.
Vickers said identity theft may be changing to focus where individuals sit in a corporation “so you can target them because they may have access.”
“It’s not so much because of the credit card piece, even though that’s huge right now, still, but because of the regulations and the changes in credit card laws, I think that focus is going to shift,” he said.
Lloyd, a former federal prosecutor, said the state has to do a better job of educating not only the public but also local law enforcement and prosecutors on the dangers of cyber crime and what to look for.
“That’s one of the things we’ve got to catch up to the bad guys on,” he said.
Source:http://www.greenvilleonline.com/article/20100425/NEWS/304250029/1004/NEWS01/Social-networks-cell-phones-becoming-new-focus-of-cyber-criminals
