Cyber Thieves Making More than Drug Traffickers?
June 22nd, 2009 by hmark Posted in PCI DSS**It should be noted that the claim of cyber theft surpassing illegal drugs as a criminal enterprise has been vigorously debated. While it has been variously reported for some time, it has also been disputed by a number of respected sources. **
CNN released an article today regarding cyber thieves targeting twitter users by embedding malicious URLs in “tweets.” The article was interesting in its own right, but what I found more interesting was a quote regarding the magnitude of the cyber theft industry. According to the article,(Digital Biz Twitter message could be cyber criminal at work,) government officials have said that cyber theft has “eclipsed illegal drugs as a criminal moneymaker.” Furthermore, according to Michael Fraser, director of the Communications Law Centre at the University of Technology Sydney in Australia, these criminal organizations are large enough to support Research & Development departments, distribution channels, customer service and other elements of “corporate structure.”
For most readers here, that will likely not come as a surprise. However, the magnitude of the illegal industry surrounding stolen data provides an object lesson for those of us working to prevent the theft of sensitive consumer information. Namely, that we are dealing with very talented, dedicated organizations, not necessarily individuals, that may be operating from a position of either ideological or financial (in some cases both) motivation. They are not likely to be dissuaded from their activities by the appearance of a properly segmented network and a PCI DSS compliant indicia on a website. While PCI DSS is a good starting point for the protection of data, it does have limitations (of particular note is the fact that the standard only addresses payment card information and not other sensitive customer data) and therefore cannot be the sole method of protection. Despite the efforts of the industry and security professionals, the FBI has reported a 33% increase in Internet Crime (this includes theft of corporate data).
Also of note, is the distribution channel of this news story. It was covered on CNN’s Headline News morning program and featured on their website. The tales of cyber thievery are now mainstream news, which again puts even more pressure on security professionals to protect 100% of the data 100% of the time. Any failure to do so puts the companies suffering breaches - not those causing them - in the sights of those looking to cast blame.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
2 Responses to “Cyber Thieves Making More than Drug Traffickers?”
By Anton Chuvakin on Jun 22, 2009
“eclipsed illegal drugs as a criminal moneymaker.”
Track this one online - I think this has been debunked, but I don’t remember who did it and where. Maybe Bruce Schneier, maybe smb else.
By hmark on Jun 22, 2009
Anton,
You are right, this has been hotly debated and I will add a disclaimer. I do think, however, that whether we have data to back this up or not, the fact that is being widely reported has the same impact on public perception, and therefore, the pressure under which security professionals and organizations must operate with respect to data protection.