Jobless IT pros may turn to cybercrime, says report

Downsizing, restructuring and layoffs triggered by the financial downturn have not left the IT sector unscathed.

Some IT workers who lose their jobs will turn to cybercrime to make ends meet, a recent report suggests.

SEE RELATED VIDEO – HOW CYBERCRIMINALS PROFIT FROM THE RECESSION

The Q4 Web Trends Report by San Jose, Calif.-based security products vendor Finjan Inc. predicts a significant increase in online crime in 2009 – and says a key driver of this trend will be unemployed IT professionals finding easy income in the underground economy.

The report predicts the market for stolen personal corporate data will grow in 2009.

It’s likely a few IT professionals who lose their jobs and are financially desperate will turn to cybercrime, according to Ophir Shalitin, vice-president of marketing for Finjan.

The ability to make quick and easy cash will be alluring to a few unemployed individuals with technical skills, the Finjan executive said. “We expect the [number of] attacks and their severity to increase.”

Finjan’s Malicious Code Research Centre offers three key predictions for 2009 relating to cybercrime:

  • Cybercrime will keep on rising with an increasing number of unemployed IT professionals joining in
  • Cybercriminals will benefit from the Obama Administration’s plan to bring Broadband Internet access to every American
  • Cybercriminals will continue to take advantage of the most advanced techniques and services that Web 2.0 can offer, with a focus on Trojan technologies

While cybercrime is being named a top challenge in 2009 by vendors, at least one analyst doesn’t believe laid off IT pros will be the ones committing the crimes.

“Most technologists I know abide by a professional set of ethics and I don’t see a lot of white collar workers waking up one day and deciding to pursue criminal activity,” said Julie Mehan, author of Cyberwar, CyberTerror, CyberCrime – a book dealing with the practical use of standards and best practices to address significant security problems caused by online crime.

“I do think a lot of people who are technically astute will capitalize on their knowledge, but these people will already be criminally inclined,” said Mehan, who is a principal analyst at Chantilly, Va.-based engineering consulting firm Femme Comp Inc.

Finjan’s Shalitin noted that computer hackers do not even need to be tech-savvy. He said instruction booklets and crimeware toolkits – created by professional hackers – are available online for about $200 to $300.

Using these require “minimal technical capabilities.”   

Several toolkits are free and provide instructions on hacking into Web sites and stealing corporate data.

Cybercrime outfits often emulate a legitimate business, he said.

Hackers can purchase credentials of a Web site they want to steal information from, log on as the Web master, download any information they need, or infect the site with information-harvesting malware.

Credit card information currently is the most commonly sold item in the underground market, due to the relative ease with which it can be obtained.

But experts say the number and range of highly sophisticated cyber crimes is on the rise – a trend that could put businesses at risk.

There isn’t much companies can do to protect against the highly intelligent threats that are out there, according to Patrick Peterson, chief security researcher at Cisco Systems Inc. Peterson, who is a Cisco fellow, says the level of sophistication displayed by some cyber criminals today is “mind-boggling.”

Increased layoffs in the financial sector will definitely trigger an increase in cybercrime, he said.

Businesses in the industrial control systems sector – including energy providers – are among those most concerned about security for the new year.   

Cyber criminals and terrorists will pay huge sums for any knowledge of critical infrastructure technology and propriety protocols, according to
Tyler Williams, CEO of Wurldtech Security Technologies in Vancouver.

Wurldtech is a provider of cyber-risk and compliance management products for industrial automation industries.

Services such as water provision, transportation, or the energy grid were designed 20 years ago and run on old, easily disrupted computer systems, which until recently were secure because of their obscurity.

However, today these businesses are remotely accessed and connected to the Internet, making them more vulnerable to hackers.

Many software engineers who developed the systems have been laid off due to downsizing sparked by the economic recession.

Williams says the public should be concerned about the spike in laid off IT professionals and the handful of engineers who have the intelligence and drive to exploit the infrastructure they helped develop.

“This is not just e-mail hacking. These people could disrupt the power grid, knocking out power from British Columbia to California.”

Williams said there has always been a risk of this threat but the public doesn’t hear about it. Now that the incentives to sell this highly technical information are greater, so is the risk. 

The increase in cyber crime during the latter half of the tech market collapse some years ago, was due to sophisticated technologists seeking alternative sources of income, another Wurldtech executive noted.

The situation is similar today, except now there is more information available on the underground activity, said Perry Pederson, vice-president at Wurldtech.

“The insider is really the biggest threat,” he said. “Occasionally an outsider could get in through a laptop theft, but historically the greatest damage has always been from [people] who knew what they were doing.”

The issue is a North American concern as critical infrastructure is shared between Canada and the United States. “Electricity flows across the border,” Pedersen said, “and all power grids operate in the same way – knowledge of North America’s system could destroy Europe or Asia.”

Chenxi Wang, principal analyst at Forrester Research, says the countries of the former eastern block, as well as China and Taiwan will be the ones responsible for the increase of cybercrime in 2009.

“There is recent data to suggest the global economic climate is starting to affect some of these countries,” Wang said, noting the rise nefarious online activity in these areas is “astounding.”

Wang says – both in terms of frequency of attacks and sophistication of attack methods – this growth is not coming from North America.

Share on LinkedIn Share with Google+