Page last updated at 15:41 GMT, Wednesday, 23 April 2008 16:41 UK

Thieves set up data supermarkets

By Jane Wakefield
Technology reporter, BBC News

Doctor writing medical notes, Eyewire
Many web criminals are selling stolen patient records

Web criminals are stepping back from infecting computers themselves and creating "one-stop shops" which offer gigabytes of data for a fixed price.

Speaking at InfoSecurity Europe, security firm Finjan said it had seen thousands of such online services.

Experts at the conference said web fraud was skyrocketing and called for police to urgently address the problem.

Security guru Bruce Schneier said anti-cyber crime efforts needed to be closely allied to the scale of threats.

Price lists

At the three-day conference Finjan said the latest tactic adopted by web criminals is to buy sensitive data from third parties rather than run their own crimeware servers and toolkits that compromise websites.

Sites offering medical histories, information about the shipment of goods and corporate e-mail and pension details have all been uncovered by the firm.

"All this was found on one hacker's server and we believe it was information that was collected to be sold online," said Yuval Ben-Itzhak, chief technology officer at Finjan.

The web has been discovered by criminals in a big way
Bruce Schneier, BT Counterpane

"It is even being marketed on certain forums - 'We are selling this type of data and here is our price list'," he said.

While credit card details are cheap, selling for only a few dollars, the logfiles of big companies can go for up to $300 (150), he told the BBC News website.

Recently released banking industry data show UK card losses from phone, internet or mail order crime totalled 290.5m in 2007.

A BBC investigation found if failed attempts had been successful the total could have been 500m.

New tactics

Bruce Schneier, founder of network security firm BT Counterpane, says the net is a hotbed of criminal activity.

"The web has been discovered by criminals in a big way," he said.

But he was not convinced that security solutions that focus on the tactics of such criminals were the best way to defeat it.

"The reality of the threat can change. It could be that this change is simply happening too fast and that we as a species can't handle it," he said in a keynote address to the conference.

Debit card and cash, PA
The price of credit and debit card numbers has tumbled online

"There are new tactics each month and next year there will be something we haven't even thought of yet. It is difficult to create a model of the threat when we don't know what is going to happen," he said.

He thought the issue of web crime was creeping up the political agenda.

"It isn't top of the agenda at the moment because people aren't scared and businesses are not losing enough money," he said.

Tony Neate, managing director of campaign group GetSafeOnline, believes a new e-crime unit is about to be created in the UK.

"Currently there is no easy way to co-ordinate reporting e-crime or even what it looks like. There is a missing piece between the Serious Organised Crime Agency and local police forces," he said.

He imagines such a unit would allow members of the public who had been the victims of e-crime to report their crime directly as well as providing a more detailed idea of what constitutes cybercrime and how big the problem is.

Teenage hackers

Other trends highlighted at the conference include findings from security firm Sophos which suggest a return to the old-school tactics of teenage hackers.

Olympic flag, AP
One Chinese spam gang is using the Olympics to snare victims

"We are seeing viruses that are reminiscent of the deliberately complicated viruses of the early nineties and it looks like they are written by the same sort of guys," said Paul Ducklin, head of technology for Sophos in Asia Pacific.

As well as facing up to five years in prison, this new generation of hackers could find themselves embroiled in net gangs.

"The risk is that they become the research arm for cybercriminals," said Mr Ducklin.

Meanwhile security firm MessageLabs has spent the last six months tracking one particular Chinese gang which has been targeting government and human rights organisations probably "to order".

Using trojans embedded in e-mail, the gang chose topical subjects such as the Olympics to lure people into opening attachments with malicious payloads.

Alex Shipp, chief technologist at MessageLabs, believes gangs such as these are looking for new file formats to exploit.

"I predict it could be PDFs," he said. "It is a complicated file format which makes it easy to exploit and a lot of people use it."

Customer data 'needs protection'
21 Apr 08 |  Technology
Cyber criminals to target mobiles
21 Apr 08 |  Technology
Computer viruses hit one million
10 Apr 08 |  Technology
Hi-tech crime: A glossary
05 Oct 06 |  UK
FBI tries to fight zombie hordes
14 Jun 07 |  Technology
PC stripper helps spam to spread
30 Oct 07 |  Technology
Paypal to block 'unsafe browsers'
18 Apr 08 |  Technology

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific