This article can also be found in the Premium Editorial Download "Information Security magazine: Reflections on the impact of Sarbanes-Oxley."
Download it now to read this article plus other related content.
Evolution of a Hacker
FOLLOW THE MONEY
How did playful malice blossom into corporate crime?
Asked, "Why do you rob banks?" Willie Sutton replied, "Because that's where they keep the money." Today, not just banks but also investment houses, insurers and a host of other financial services organizations all "keep" their money online.
Further, online crime looks easy.
"A lot of it has to do with the low-hanging fruit. If it requires fewer skills and has a high probability of success, that is where the crime is going to go," says Gunter Ollmann, director of security strategy for IBM.
In reality, cybercrime isn't easy. The white hats throw up new defenses all the time. New laws check the flow of ill-gotten gains. Yet, criminals sense a fundamental vulnerability inherent in how the mechanism has been set up.
"In order to make the ordinary people want to sign up for the Internet, we had to make it very easy for people to use it," says David Perry, global director of security education at Trend Micro. Users resent the slightest intrusion to seamless browsing, even if it's a security measure designed for their protection.
"People have demanded that everything be open to the world, and then they plug in without any thought," says Perry.
| of which potentially leaves the criminals in charge. Professional thieves work in teams, reaching across international borders to steal, launder and cheerfully spend their Internet-gained lucre. No longer a hobby, cybercrime has become a lucrative career.
The future? Watch the cocaine market for hints.
"We are going to see more specialization, more specific roles," Nazario says. "People who don't know how to code, but know how to commit crime. People who do know how to code and who become suppliers or authors. Sort of like the drug trade."
Adam Stone is a freelance writer based in Annapolis, Md.
Send comments on this article to firstname.lastname@example.org.
This was first published in January 2008