Today’s criminal hackers are very different than those who hacked for fun and fame a decade ago. Every week, I see stories about more criminals in faraway lands, making millions from various scams, emptying the bank accounts of small businesses or draining the financial reserves of entire towns.

High-tech crimes can be committed by lone individuals, by small groups, or by organized web mobs. These web mobs structurally resemble the longtime operation of the Russian and Italian mafias, the Irish mob, the Bandidos, and the Hells Angels.

The Anti-Phishing Working Group has noted the success of Avalanche, a particularly large and successful web mob with an emphasis on phishing: “Phishing has always been attractive to criminals because it has low start-up costs and few barriers to entry. But by mid-2009, phishing was dominated by one player as never before—the ―Avalanche phishing operation. This criminal entity is one of the most sophisticated and damaging on the Internet, and perfected a mass-production system for deploying phishing sites and crimeware– malware designed specifically to automate identity theft and facilitate unauthorized transactions from consumer bank accounts.”

Avalanche was responsible for two-thirds of all phishing attacks launched in the second half of 2009, and for the overall increase in phishing attacks across the Internet.

Cybercrime of this magnitude requires a carefully ordered hierarchy. The players include:

  • Programmers, who write the viruses that will infect victim’s PCs
  • Carders, who sell stolen credit card data
  • IT guys, or black hat computer professionals, who maintain the hardware necessary to keep the operation running
  • Hackers, who look for vulnerabilities in networks and plant malicious code
  • Social engineers, who come up with the scam and write phishing emails to send to potential victims
  • Money mules, who are often foreign, traveling to the US specifically to open bank accounts, and who may also launder money
  • Bosses, who run the show, bring together talent, manage, and delegate

All of this is very real and it is happening right now. Even though data security hasn’t been in the media spotlight this year, we should all be aware of these risks.

To protect yourself from the bad guy, make sure your PC is fully updated with critical security patches, antivirus software, anti-spyware software, a secure wireless connection, and a two-way firewall. Check your online account statements frequently, and consider investing in identity theft protection that monitors your credit reports and monitors your information on the internet’s back ally chat rooms.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses hackers hacking wireless networks on Fox Boston. Disclosures

Be Sociable, Share!