Wall Street & Technology: Blog: The Multi-Billion Dollar Hacking Industry

The Multi-Billion Dollar Hacking Industry

It is a multi-billion dollar industry. Today’s IT attacks are regional, targeted, going after specific people and companies in the world, and entirely driven by profit, according to David Rand, CTO of security firm Trend Micro.

“Yesterday's hacker was typically aged 15 to 34, had no girlfriend and was living with his parents. This is no longer true today,” Rand told the audience at the SIFMA trade show.

Hackers used to break into computers just to prove a point. “But today, hackers are professional, motivated, have lots of cash and are doing it for the cash. It’s all about the money and the money is huge. It’s all profit driven. That’s a remarkable change in the last ten years,” he said.

Rand said that in today's underground economy, users’ stolen account information is currently priced at $1000-$5000, a credit card number with pin is valued at $300, birth certificate information goes for $150, while a credit card number with security code and expiration date is currently valued at $7-$25.

Rand pointed to a dramatic shift to web-based threats. Users are clicking on a malicious URL in an email or an instant message, and redirected to compromised Web sites. "Often software or freeware is bundled surreptitiously with malware,” Rand said.

He cited the example of a malicious site claiming to show a Web video of Saddam Hussein’s execution. But when users clicked on it, they unwittingly downloaded spyware.

Last week, the FBI and the Department of Justice said they had identified over one million potential victims of botnet cyber crime.

A botnet is a collection of compromised computers under the remote command and control of a criminal “botherder.” Most owners of the compromised computers are unknowing victims. They have unintentionally allowed unauthorized access and use of their computers facilitating crimes like identity theft, denial of service attacks, phishing, click fraud, and the mass distribution of spam and spyware.

Infections today are designed not to interrupt normal business, Rand said. They stay hidden to users as long as possible. “They install updates but they’re clever – they don’t even ask you to reboot, so you never notice. They’re more clever than legitimate software makers,” he said.

In the last two years, there have been more than 300,000 new versions of malware – more than in the last 15 years as a whole, Rand said.

Posted by Melanie Rodier at 09:44 AM

This is a public forum. CMP Media and its affiliates are not responsible for and do not control what is posted herein. CMP Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of CMP Media LLC and may be edited and republished in print or electronic format as outlined in CMP Media's Terms of Service.

Important Note: This comment area is NOT intended for commercial messages or solicitations of business.