Cybercrime Profits Outpace Drug Trafficking

One visit to the Computer Crime and Intellectual Property Section of the U.S. Department of Justice's Web site offers an eye-opening glimpse into the world of cybercrime.

Case after case details how the Feds are cracking down on cyber-criminals, defendants are pleading guilty, and the judged are being sentenced to prison.

Out of Control

Despite aggressive law enforcement efforts, however, experts say cybercrime is growing at a rampant pace; a pace that rivals drug trafficking.

Cybercrime includes such illegal activities as child pornography, stock manipulation, software piracy, and extortion -- and security experts expect those activities to multiply as technology becomes more pervasive in developing countries.

"Last year was the first year that proceeds from cyber crime were greater than proceeds from the sale of illegal drugs, and that was, I believe, over US$105 billion," Valerie McNiven, who advises the U.S. Treasury on cybercrime, told Reuters recently. "Cybercrime is moving at such a high speed that law enforcement cannot catch up with it."

Phishing for Phishers

One practical example is phishing. Security experts said phishers, those who use fraudulent e-mail and fake Web sites to gather sensitive personal information from users, typically run their scam for 48 hours or less before moving on to the next ploy.

StillSecure Chief Strategy Office Alan Shimel told TechNewsWorld that phishing is a prevalent problem -- and one of the leading means for cyber-criminals to dupe victims.

"There are two ways organized crime groups get data: one name at a time through phishing scams or the wholesale method whereby they break into credit card processors and grab confidential information by the tens of hundreds of thousands," Shimel said. "There is no silver bullet that will solve phishing, spam, zombies, worms, Trojans and the like."

Beyond Phishing

Victimizing individuals is one level of cybercrime. Victimizing companies is another. Software piracy makes up a huge percentage of the cybercrime reported today. The Business Software Alliance reports that 35 percent of the software installed on computers is pirated. That represents a loss of nearly $33 billion to the software industry worldwide.

The good news is cybercrimes targeting businesses are at their lowest level ever, according to the Computer Security Institute (CSI). The annual CSI/FBI Computer Crime and Security Survey noted that the average loss per cybercrime incident in 2005 was about $250,000.

That compares to $500,000 in 2004 and more than $3 million in 2001. Increased demands on corporations to comply with rules and regulations like the Sarbanes-Oxley Act are partially credited.

Portable Devices Used Illegally

Then there's pornography. One of the latest trends with this old-fashioned crime is using handheld devices, like cell phones, PDAs and portable MP3 players, to transfer images of child pornography.

In fact, portable devices are becoming a useful tool for cyber-criminals, according to a report from Purdue University's Center for Education and Research in Information and Security. A report entitled "iPod Forensics" authored by cybercrime expert Dr. Marcus Rogers notes that the criminal element is finding alternative uses for the popular devices.

Protecting Corporate Assets

Will cybercrime continue to run rampant? Can corporations protect themselves? StillSecure's Shimel said the only way to stop this sort of crime is through layered security.

"You really need a layered model. It's a defense in-depth attitude," Shimel said. "You can put solutions in place to manage your risk, to reduce your risk, but I don't know if you can truly eliminate risk in today's environment. It seems the mouse just continues to get smarter."