Cybercrime Gangsters Infiltrating Businesses?
McAfee has said that Cybergangs are recruiting undergraduates and other needy skilled computer users and using them as moles in businesses to siphon off identity information and corporate secrets that can be used in “Spearphishing.”
From Reuters here:
Organized gangs have adopted “KGB-style” tactics to hire high-flying computer students to commit Internet crime, a report said on Friday.
Criminals are targeting universities, computer clubs and online forums to find undergraduates, according to Internet security firm McAfee.
Some gangs have sponsored promising students from other disciplines to attend computer courses before planting them in businesses as “sleepers.”
McAfee said the students write computer viruses, commit identity theft and launder money in a multi-billion dollar industry that is more lucrative than the drugs trade.The gangs’ tactics echo the way Russian agents sought out experts at trade conferences or universities during the Cold War, the company said in an annual report.
McAfee said its study was based partly on FBI and European intelligence.
This sounds far-fetched, but it is the next logical step for large cyber-gangs that subsist on the trade of identity theft and credit cards. Now that standard phishing (sending fake emails to a huge spam list), does not catch as many suckers as it used to thanks to new technology, the hackers must evolve to a new higher level of sophistication. Spearphishing has a very high catch rate and is the best way to install trojanized software within a protected network.
Such trojans could keylog passwords to the network to provide remote access to hackers, or steal credentials for use in identity theft. The most valuable targets for such attacks would be military, medical and credit reporting agencies, followed by financial hubs.
It will not be long now before employees for civilian positions will have to submit to intense background checks and home personal computer audits as conditions of employment to ensure that moles and corporate hackers are weeded out.