As computer hackers grow up, they are no longer simply looking to make their mark on the world wide web, but want to use the increasing amount of digital information we store online against us.

Cybercrime


While we are all aware that the amount of information we store digitally is increasing, what we may not be so aware of is that the type of information we are storing online is changing and that hackers are looking to leverage that new information and use it to make hundreds of millions of pounds.

A recent survey by security firm Symantec, called State of Information, put the global cost of digital information at £714bn, with 50 percent of every business' value tied up in this data. According to Symantec, there is currently 2.2 zettabytes of information being stored by businesses around the world, including confidential customer information to intellectual property to financial transactions. It is this information which hackers are now targeting.

So, not only has the threat from cyber-criminals changed completely, but the data which we now need to protect has evolved too. Digital data used to be fairly structured and relatively easy to protect. It was lists of numbers and account names.

Today however the information criminals are after is much less structured and therefore harder to defend against. The type of information we are taking about is ideas, knowledge, intellectual property, designs, blueprints, contracts etc.

"It used to be that data, when we were looking at it through our IT systems, was very structured. We understood what it was, we understood where it was located, and we understood who had access to it, because it was a fairly limited amount of access points into that data," Didier Guibal, executive vice president of global sales at security firm Websense told IBTimes UK today.

Guibal added that not only is the type of information stored by companies different, the systems used to store it are different too. "The last three or four years has seen an explosion in different infrastructures and different access points from more staff or employees into the world."

Leveraging

"The bad guys have leveraged those opportunities. To us, these are an opportunity from a business perspective and that is exactly how the bad guys think about it too."

Back in the 1990s security companies and IT managers only had to worry about kids looking to make their mark on the newly-minted World Wide Web, by simply tagging it, Today however things are very much different.

Kids soon grew tired of hacking for the sake of it, and discovered hacking was a very lucrative way of making money. The most profitable hack that is known of was carried out by Albert Gonzalez who stole details of 170 million credit and ATM card numbers making around $10 million from the hack.

Guibal said this morning that while stealing credit card and banking information is still taking place, increasingly companies calling Websense are seeing different types of information being targeted.

"They [hackers] are trying to leverage information to generate huge amounts of money." One high profile example of this was when hackers attacked the Nasdaq's computer system and remained inside the system for 6 months without being noticed.

During that time, they were able to spy on directors of publicly held companies, according to sources who spoke to Reuters at the time. Listening to what is going on at board level would allow them to sell information collected for a very high premium.

Currency

An even more profitable system is the currency market and Websense has been previously contacted by the International Monetary Fund (IMF) who had detected that hackers were trying to access its network and uncover confidential information which they could use to make hundreds of millions of pounds. "Where there is money there is motivation," Guibal added.

One of things which preoccupies many IT managers these days is where the threat is coming from. Who is out there trying to steal their information? Martin Jordan, Director of Information Protection at KPMG said that it is so-called "script kiddies" who are keeping him in a job.

"I wouldn't be in business today [without a young hacker]. He's my best salesman out there. No skills, doesn't know how to hack, but knows how to press a button. And he's got every chief executive in Europe worrying today that they are going to be published in the FT."

Jordan says that he and his fellow security professionals have been warning companies for years about potential threats to their data security, but it is only with the emergence of these young, inexperienced hackers that CEOs have become switched-on to the threat.

Jordan, who has been in the business for over 20 years, says he has seen the hacking world "tilt on its access" in the last two years, with criminal gangs no longer looking to steal specific information, such as credit card numbers, but are instead brokering access to networks, which people can buy per day or per megabyte.

"For some large defence contractors that could be $20-30,000 dollars per day to get access to the network." This system allows those paying for access to networks, be it companies, individuals or government, a level of deniability.

"It's allows the criminal gangs and governments yet one further edge of deniability. The internet offers fantastic deniability but then if you go through a criminal gang to access a network, you go one stepped removed from that."

IMF Cybercrime International Monetary Fund