Cyber crime, cyber criminals and information professionals

In his new book Dark Market: CyberThieves, CyberCops and You, Misha Glenny identifies and explores three major threats posed by networked computing.Cyber crime, which is very often high value/high-volume includes such criminal activities as card skimming and identity theft and represents in most instances the more low hanging fruit for cyber criminalsCyber warfare, which has been recognised by the Pentagon as the fifth domain of warfare (in addition to land, sea, air and space).  Whether a nation state - and which one - was responsible for the Stuxnet attack on Iran's nuclear industry has been hotly debated.  Even if it is impossible to prove the original source, Glenny sees this as the start of a new arms race in cyber offensive weapons.Cyber industrial espionage, which sees organisations targeted for extortion or competitive espionage purposes.  The problem is that, until it becomes compulsory to report such breaches, it is impossible to estimate the true cost of cyber industrial espionage.   Glenny quotes estimates ranging from $100 billion to $1 trillion per annum.Fake malware - a case studySpeaking at the RSA this week, Glenny presented a case study which seeks to put this estimated value into context.  Based in the Ukraine IT company, Innovative Marketing advertised prize winning malware to its customers.  The hitch was that the prizes were not real and the anti-virus software being sold was both fake and liable to open up users PCs to viruses.  Many people took the company's claims at face value, and failed to carry out even the most basic check - such as whether the top computer publications named really HAD granted prizes to the company.Ironically, the company failed to address its own computer security and it was possible for someone to review its invoices and estimate that the company had made in excess of $500 million.Who are the hackers?Glenny is perfectly aware that the subject of data security might put many readers off (although it didn't seem to put off too many readers of the Millennium trilogy).  In his book he features the people who are involved in hacking, reasoning that it is important to understand exactly what it is that motivates hackers.  Not all of them, for example are motivated by money.  Many of them are simply 'ahead of the curve' when it comes to applying internet technology.  The growth 'carding' websites for example enabled  the industrialisation of cyber crime on a massive scale.The hackers Glenny encountered shared some common characteristics.   In most cases they were men and obsessive gamers.  Many - but by no means all - were lacking in 'real world' social skills and were easy prey to criminal elements.   The solution, Glenny suggests, would be to intercept such people very early in their hacking career, which in almost all cases happens in their teens.   It is important to understand the human element behind hacking, and to remember that financial gaine is not always the main driving force.Fight complacencyMeanwhile, there are some pretty obvious lessons for the corporate sector.  The risk of cyber crime and data breaches should be on every organisation's agenda at board level.  Reputational as well as financial risks must be taken seriously.  And as the story of Innovative Marketing in Ukraine proves, there is still much work to be done by information professionals in helping colleagues recognise scam sites and helping them to understand why, and how, they should check a website's claims for its products and services.