Net closes on cyber crooks as cost of online crime soars
BILL MAGEE

AMID the autumnal tourist traffic and relaxed café culture of the Cote d'Azur a meeting will take place this week aimed at tackling one of the biggest criminal activities threatening worldwide business.

Business and IT professionals will join forces with special investigators from a number of countries for a behind-closed-doors meeting in Nice on the growth of internet crime.

A senior special agent from the FBI's cyber-forensics unit is flying in to offer his hands-on expertise as they bid to stay one step ahead of so-called cybercrime which is costing international business $40bn a year.

FBI supervisory agent Mike Eubanks' know-how is being harnessed to tackle an escalating problem.

He will be joined at the conference by Eric Freyssinet, cybercrime projects co-ordinator of the Gendamerie Nationale, and David Aucsmith, senior director at software giant Microsoft's Institute for Advanced Technology in Governments.

They will tell an invited audience how the online phenomenon continues to embrace data espionage, credit card theft and fraud.

Another key speaker, John Madelin, BT's head of business continuity, security and governance and an industry leader on network security and identity management, will tell the conference that identity theft is the largest and fastest growing white collar criminal act in the UK.

"Simple, reliable and standardised authentication is essential," says Madelin. "The broad challenge for all organisations is balancing its cost against the risks and convenience to users."

Computer manufacturer Dell launches a new round of enterprise products this week, with security matched by energy efficiency, and Microsoft's chief executive Steve Ballmer is promising its partners a new and enhanced security approach.

However, cyber crooks continue to up their game, so businesses need to be constantly vigilant, especially when conducting credit card transactions online, warns Peter Burtwistle, managing director of Glasgow-based Sysnet, a networking and mobility specialist.

"The crooks are getting smarter and I fear that security will decrease in the future," he says. "This means that new ways have to be found to make payment over the web even more secure."

In the UK the new Serious Organised Crime Agency (Soca), which in April assumed the functions of the National Crime Squad, National Criminal Intelligence Service and HM Revenue and Customs, views hi-tech criminal activity just like any other form of organised crime.

Soca's director general Bill Hughes has promised a "specialised and relentless" attack on such net-based criminal acts. A large network of officers is based overseas at locations kept secret for security reasons. But in his first report, Hughes concedes it must be based on an approach more akin to a "marathon than a sprint".

As Scotland on Sunday reported last month, computer hackers and online fraudsters are stealing confidential company data that is expected to cost British business £700m a year by 2020.

The British government has just staged a national ID theft awareness week but CIFAS, the UK's fraud prevention service, reports that at the end of the third quarter of this year, the number of identity fraud victims reached record levels, and by the end of 2006 it is expected to be more than 68,000, a 20%-plus rise on last year.

The FBI appears to be running slightly faster. It has established Cyber Action Teams (Cats), highly trained teams of agents, analysts and PC forensics and malicious code experts who are travelling the world and responding to fast-moving cyber threats.

In a tale more resembling a John le Carré novel, a Cats outfit recently emerged in Europe to crack a big case, catching the authors of a highly damaging code that became known as "Zotob".

What amounted to a hackers' moneymaking scheme involved a computer worm, released into cyberspace and designed to steal credit card numbers and other financial data from thousands of infected computers throughout the world.

The FBI team launched an investigation and, on gathering information from Microsoft and other private and public sector partners, gained clues online and traced the culprits. Two Cats outfits, armed with forensic computer gear, were on site less than 72 hours after Zotob struck.

Once on the ground the teams identified IP and e-mail addresses and linked names plus hacker nicknames and other clues to uncover the computer code. Local police arrested two suspected hackers, fewer than eight days after the malicious code hit the internet.

In an ongoing investigation more arrests are imminent, routed back to the FBI's West Virginia agency and national white-collar crime centre clearing house, designed for triaging cybercrime complaints.

The location of the Zotob code perpetrators? Morocco and Turkey - representing, along with Nice, a Mediterranean triangle of cybercrime activity.