Last week, the US Department of Homeland Security, SRI International Identity Theft Technology Council and the Anti-Phishing Working Group issued a pretty telling report about how crimeware is being used to commit financial crimes and identity theft.
From the executive summary, here is how crimeware is used by Internet criminals:
Crimeware is software that performs illegal actions unanticipated by a user running the software, which are intended to yield financial benefits to the distributor of the software.
Crimeware is a ubiquitous fact of life in modern online interactions. It is distributed via many mechanisms, including:
- Social engineering attacks convincing users to open a malicious email attachment containing crimeware;
- Injection of crimeware into legitimate web sites via content injection attacks such as cross-site scripting;
- Exploiting security vulnerabilities through worms and other attacks on security flaws in operating systems, browsers, and other commonly installed software; and
- Insertion of crimeware into downloadable software that otherwise performs
a desirable function.
Full report, here.
Recently, we've read about organized crime groups employing "highly technical personnel" and carder rooms - where financial information is bought and sold.
A recent USA Today story about "carder forums" quoted the following statistics:
$67.2 billion: FBI estimate of what U.S. businesses lose annually because of computer-related crimes.
$8 billion: Consumer Reports estimate of what U.S. consumers lost the past two years because of viruses, spyware and Internet scams.
93.8 million: Privacy Rights Clearinghouse's count of personal records reported lost or stolen since February 2005.
26,150: The Anti-Phishing Working Group's count of unique variations of phishing scams reported in August 2006.
Crimeware and the Internet are fueling the identity theft problem - which in turn could threaten the stability of our financial systems. Some even say, might be a National Security issue, also.
In the rapidly changing world of technology, laws have failed to keep pace. Perhaps with the upcoming elections, it's time for all of us to examine what our political representatives are doing about this problem.
We might find that we all have a common interest on this issue!