McAfee reports on worldwide identity theft trends

Although, identity theft has become a global issue, there are very few studies that put the trends together from a global perspective.

Since identity theft can travel thousands of miles with the click of a mouse (or with the use of automated software), we could learn a lot by studying the problem as a whole.

McAfee has just released a white paper, which does this.

From the McAfee site:

According to the report, the number of keyloggers - malicious software code that tracks typing activity to capture passwords and other private information - has increased by 250 percent between January 2004 and May 2006. Additional findings show that the number of phishing alerts tracked by the Anti-Phishing Working Group has multiplied 100-fold over the same period of time. The report also provides practical guidelines that minimize the risk of identity theft to help readers protect themselves and prevent this increasingly common crime.

The study shows that identity theft exacts a high toll on national economies around the world. According to the Federal Trade Commission, the annual cost for consumers and businesses in the United States alone reaches $50 billion annually(1). In the United Kingdom, the Home Office has calculated the cost of identity theft to the British economy at $3.2 billion during the last three years(2) and some estimates from the Australian Centre for Policing Research place the cost of identity theft at $3 billion each year(3).

The conclusion of their report is:

We must first admit that every one of us—individuals and businesses—are threatened and potentially vulnerable to identity theft; this is not something that happens only to others. Despite the seriousness of current incidents and the
increasing threat, some basic principles allow us to significantly reduce the risk. Awareness is the best defense. Through awareness, we develop our senses to spot identity theft and to protect personal and corporate information, while maintaining the benefits of information technology.

Not only covered in the report are technological means in which identities are stolen and used, but it also covers known cases, such as "dumpster diving, mail theft and employee theft."

It also shows how victims are denied credit, identification and even labeled as "terrorists" because their identity had been assumed, and used for "illicit" purposes.

The paper is substantiated by referencing a lot of (worldwide) government and private studies.

The paper also has a lot of relevant tips for both individuals and organizations on how to avoid becoming a victim.

All in all - a very "interesting" read.

McAfee White Paper, here.

IT Students Aren't the Only Human Resources that Internet Criminals Desire

In the past couple of days, I've seen a lot of articles about IT (Information Technology) students being taken to the dark-side (recruited) by organized crime.

Reuters is quoting a McAfee report released in the past couple of days.

Although, hiring IT students seems to be the latest story going around, recruiting people to commit Internet crime is nothing new. As the article aptly states, organized crime has the money to recruit whatever experts they need.

And IT students aren't the only ones being recruited.

Starting with the fall of the (Soviet Union) "evil empire" and the rise of Eastern European organized crime, there have been a lot of "technical experts" being used for nefarious purposes. The Reuters article mentions that the tactics being used are the same ones used by the KGB to recruit spies.

In fact many experts speculate that Eastern European crime has a lot of "highly placed" former KGB types in their ranks.

In 1997, FBI Director Louis Freeh stated before Congress:

The Russian syndicates conduct the most sophisticated criminal operations ever seen in the United States, based on their access to expertise in computer technology, encryption techniques and money-laundering facilities that process hundreds of millions of dollars.

According to Freeh, part of that expertise is said to be provided by "former KGB officers working directly with some of those organized crime groups, and that poses an additional level of threat and sophistication.

Story courtesy of Risk Assessment Services, here.

And Russian organized criminals aren't the only players out there.

Dr. Phil Williams, a visiting CERT (Computer Emergency Readiness Team) scientist wrote about this a few years ago:

In recent years, there has been a significant increase in the sophistication of organized crime and drug trafficking groups. Colombian drug trafficking organizations, for example, have followed standard business practices for market and product diversification, exploiting new markets in Western Europe and the former Soviet Union. Criminal organizations and drug traffickers have increasingly hired financial specialists to conduct their money laundering transactions. This adds an extra layer of insulation while utilizing legal and financial experts knowledgeable about financial transactions and the availability of safe havens in offshore financial jurisdictions. Similarly, organized crime does not need to develop technical expertise about the Internet. It can hire those in the hacking community who do have the expertise, ensuring through a mixture of rewards and threats that they carry out their assigned tasks effectively and efficiently.

Dr. Williams full essay, here.

Although, I'm sure IT students are being recruited -- they probably aren't the first -- or the only type of experts being hired.

And there are a lot of disorganized criminals recruiting people, also.

Here are a some previous posts, I've done on so-called "disorganized criminals," who recruit other people to do their "dirty work."

Work at Home Scams

Cyber Gangs Luring Children to Launder Money

BBB Worker Takes Job Processing Fraudulent eBay Transactions