FBI: Cyber crime targets businesses

Matthew Daneman – Staff writer
Business – October 20, 2010 - 5:00am

Chevron.com/we agree is the official website for a new Chevron Corp. marketing campaign.

Chevron-weagree.com is a site put up by activists that takes the oil giant to task for spills and pollution in Nigeria, Ecuador and the Gulf of Mexico.

Long gone are the days when the business world had to contend with computer hackers who did their dastardly digital deeds merely for the sake of bragging rights. Businesses and consumers increasingly are grappling with well-organized groups using such arcane weapons as SQL injections, spear phishing and the Zeus virus and often motivated by capitalism.

Cyber crime is very much a for-profit business,” FBI Special Agent Paul Schaaf told a crowd of several hundred people gathered Tuesday at the Hyatt Regency Rochester. “It’s no longer for kudos. It’s no longer for recognition.”

Schaff, who is based in Arizona and specializes in cyber crime, was keynote speaker at the 12th annual Hackerfest, a trade show put on by Dox Electronics Inc. of Rochester. Hundreds of IT professionals attended a variety of seminars and vendor displays on information technology and cyber security.

The Federal Bureau of Investigation has 62 legal attaches in U.S. embassies around the world. Working with local law enforcement agencies in other nations, it tries to tackle crimes ranging from theft done via the Internet to online trafficking in child pornography.

Pitfalls and threats abound on the Internet, from the simple — those attorney e-mails promising you a cut if you help move money from a deceased client’s estate — to the cleverly masked, such as the worms and viruses hidden inside fake anti-virus software downloaded from the Internet.

The Internal Revenue Service earlier this month put out a warning about fake e-mails seeming to come from the U.S. Treasury Department’s Electronic Federal Tax Payment System that sent recipients to a website where their computers would be infected with the Zeus virus, which then gathers sensitive information. (On a side note, the IRS does not e-mail you about payment information.)

In his presentation, Schaaf ran down a laundry list of ways Internet scammers operate, from “spear phishing” — a very targeted attempt on one company’s employees to direct them to sites that will infect their computers — to SQL insertion that exploits vulnerabilities in databases, to “blended attacks” such as one case when hackers cashed a counterfeit check written against a company while simultaneously jamming the business owner’s phone so the bank couldn’t get through to verify the check.

Hackers “are getting a lot more evolved,” he said. “You plug in your computer and this is the threat — the world. Anyone with an Internet connection.”

And businesses don’t enjoy the same legal protections as consumers sometimes do when victimized by cyber crime, he said, pointing to an Arizona company that lost $900,000 when hackers got access to its bank accounts. “The bank didn’t lose it, they did,” Schaaf said of the company.

MDANEMAN@DemocratandChronicle.com

Text alerts to your cell