IT Students Aren't the Only Human Resources that Internet Criminals Desire

In the past couple of days, I've seen a lot of articles about IT (Information Technology) students being taken to the dark-side (recruited) by organized crime.

Reuters is quoting a McAfee report released in the past couple of days.

Although, hiring IT students seems to be the latest story going around, recruiting people to commit Internet crime is nothing new. As the article aptly states, organized crime has the money to recruit whatever experts they need.

And IT students aren't the only ones being recruited.

Starting with the fall of the (Soviet Union) "evil empire" and the rise of Eastern European organized crime, there have been a lot of "technical experts" being used for nefarious purposes. The Reuters article mentions that the tactics being used are the same ones used by the KGB to recruit spies.

In fact many experts speculate that Eastern European crime has a lot of "highly placed" former KGB types in their ranks.

In 1997, FBI Director Louis Freeh stated before Congress:

The Russian syndicates conduct the most sophisticated criminal operations ever seen in the United States, based on their access to expertise in computer technology, encryption techniques and money-laundering facilities that process hundreds of millions of dollars.

According to Freeh, part of that expertise is said to be provided by "former KGB officers working directly with some of those organized crime groups, and that poses an additional level of threat and sophistication.

Story courtesy of Risk Assessment Services, here.

And Russian organized criminals aren't the only players out there.

Dr. Phil Williams, a visiting CERT (Computer Emergency Readiness Team) scientist wrote about this a few years ago:

In recent years, there has been a significant increase in the sophistication of organized crime and drug trafficking groups. Colombian drug trafficking organizations, for example, have followed standard business practices for market and product diversification, exploiting new markets in Western Europe and the former Soviet Union. Criminal organizations and drug traffickers have increasingly hired financial specialists to conduct their money laundering transactions. This adds an extra layer of insulation while utilizing legal and financial experts knowledgeable about financial transactions and the availability of safe havens in offshore financial jurisdictions. Similarly, organized crime does not need to develop technical expertise about the Internet. It can hire those in the hacking community who do have the expertise, ensuring through a mixture of rewards and threats that they carry out their assigned tasks effectively and efficiently.

Dr. Williams full essay, here.

Although, I'm sure IT students are being recruited -- they probably aren't the first -- or the only type of experts being hired.

And there are a lot of disorganized criminals recruiting people, also.

Here are a some previous posts, I've done on so-called "disorganized criminals," who recruit other people to do their "dirty work."

Work at Home Scams

Cyber Gangs Luring Children to Launder Money

BBB Worker Takes Job Processing Fraudulent eBay Transactions

Terrorism on the Internet?

SITE (The Search for International Terrorist Entities) has published an analysis of a new "how to beat Internet security" magazine sent out to password protected "jihadist forums."

SITE reports:

The first issue of what is indicated to be a periodic magazine, Technical Mujahid [Al-Mujahid al-Teqany], published by al-Fajr Information Center, was electronically distributed to password-protected jihadist forums today, Tuesday, November 28, 2006. This edition, 64-pages in length, contains articles that primarily deal with computer and Internet security, in addition to other pieces explaining Global Positioning System (GPS) satellites and video types, editing, and encoding into different formats. The editors of the publication state that it was written to heed the directives of the Emir of al-Qaeda in Iraq, Abu Hamza al-Muhajir, and his call for technical support. Material such as this, regarding anonymity on the Internet, concealing of personal files locally on a computer, and utilizing all schemes of encryption, is to serve as electronic jihad, and a virtual means of supporting the Mujahideen.

Full analysis, here.

In another story out there, CIO Today is reporting:

According to the U.S. Computer Emergency Readiness Team (US-CERT), a joint venture between the U.S. Department of Homeland Security and private industry, threats were found on an Islamist Web site calling for attacks against U.S. financial Web sites through December, until the "infidel new year."

CIO Today story, here.

According to the story, there has been no evidence of any attacks and the alert is only to caution the industry.

Nonetheless, similar activity has been seen in the recent past:

Israeli Sites Under Attack by Islamic Hackers

I wonder how many attacks never happen because of some dedicated individuals at US-CERT and SITE?