[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Friday, 1 October, 2004, 07:58 GMT 08:58 UK
Hi-tech thieves target businesses
Horse race, PA
Bookies were first to be hit by hi-tech extortionists
Businesses are being held to ransom by tech-savvy criminals who have stolen important data, say police.

The thieves exploit lax security to nab customer lists and then extort cash from victims for their safe return.

The UK's National Hi-Tech Crime Unit said criminals were moving on from targeting gambling sites to firms because they were easier targets.

Telecoms supplier Energis said some of its customers had reported attacks by thieves looking for important data.

Fresh victims

Over the last couple of years the main victims of cyber-extortionists have been online gaming sites that let people bet on sporting events.

Many criminal groups, often based in Eastern Europe, have used so-called Denial of Service attacks to overwhelm websites at key times to deny people the chance to place a bet.

But, says Detective Chief Superintendent Mick Deats, head of the UK's National Hi-Tech Crime Unit, some of the criminals are now moving on to target firms that are not doing enough to protect important data.

Companies that fail to protect themselves are just asking for trouble
Malcolm Seagrave, Energis
"It's a problem," he told BBC News Online. "This is financially-motivated hacking whereas a few years ago they would have been doing it for mischief or notoriety."

"Any company that's engaged in e-commerce has to be very careful as their data is very valuable," he said.

"The cases we have had reported have tended to be thefts of personal information," he said. "They want people's details, credit card numbers, for obvious reasons."

In some cases the groups want cash to return an entire customer database, in others firms are being asked to pay a bounty for each entry in that contact list.

Mr Deats said the criminals also make money selling the contact list on to spammers and phishing groups keen to get hold of live e-mail addresses.

Lax security, improperly configured firewalls, unpatched programs and poor anti-virus efforts all allow the criminals to get access to businesses, said Mr Deats.

Secure computers

"This is easy money for these guys," said Malcolm Seagrave, security expert at Energis, "it's a lot less dangerous than burglary and stealing things that way."

In some cases even back-up copies of data had been stolen so firms could not even restore the information that had been taken.

Mr Seagrave said firms needed to take computer security as seriously as they took the physical security of their buildings.

Users had to be educated about the risks of clicking on attachments in e-mails that could bear viruses, key loggers and trojans that pass information back to criminal groups.

As well as installing anti-virus software, firewalls and intrusion detection systems firms must do more work to spot new threats before they strike, he said.

"Companies that fail to protect themselves are just asking for trouble," said Mr Seagrave.



SEE ALSO:
Bookies extortion gang caught
21 Jul 04  |  Business
Web worm tests network security
10 May 04  |  Technology
Bookies race to beat net attacks
02 Apr 04  |  Technology
Hi-tech criminals commit old crimes
25 Feb 04  |  Technology
Bookies suffer online onslaught
19 Mar 04  |  Technology


RELATED INTERNET LINKS:
The BBC is not responsible for the content of external internet sites


PRODUCTS AND SERVICES

News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific