Stealing the limelight

Global gangs are infiltrating our computers, which could threaten the success of the internet. Peter Warren and Michael Streeter report 

The internet has become a non-stop source of crime stories. Later this month, detectives from Scotland Yard will sit down with representatives from online auction community eBay to discuss how to tackle a series of frauds on users carried out by Romanian criminals.

Just weeks before that sting, the Bank of America revealed it had lost computer tapes containing financial data on 1.2m federal workers, including US senators. And British police recently charged 28 people with involvement in a sophisticated identity fraud racket that swindled almost £2m from more than 100 private bank accounts.

Welcome to the world of cyber crime – the fastest-growing form of crime since the production line of Henry T Ford ushered in the era of car theft.

Cyber crime was once largely the preserve of the lone individual or politically aware groups that wanted to make a “point” about government and big business taking over what they felt should have been the gently anarchic internet world. The only real victims were companies and bureaucracies, and the rest of us looked on unconcerned – and even amused.

The internet a new world for crime

All that began to change with the emergence of damaging computer viruses that spread around the world, costing companies money and making individual computer users increasingly irritated.

Now, however, the criminals don’t want our attention – they want our money. In the UK alone, the government reckons £1.3bn is lost to identity fraud each year. While much of this results from people carelessly throwing away old credit card bills and other potentially valuable documents, criminals are increasingly committing ID theft after hacking into databases, building up consumer electronic profiles or conning us into handing over personal data.

America’s Federal Trade Commission revealed last year that 10m US citizens had fallen victim to ID theft at a total cost of $50bn, and that 2m people were conned by “phishing” attacks.

In the UK, the relatively recent phenomenon of phishing – in which criminals pose as a bank or building society to steal data and, ultimately, cash – costs financial institutions tens of millions of pounds a year. Police fear the next big target of this increasingly sophisticated fraud will be high-profile online retailers, such as supermarkets.

The most worrying development, meanwhile, is that more and more of these attacks are being committed by sophisticated crime gangs operating across the world. Indeed, according to Tony Neate, the industry liaison officer of the UK’s National High Tech Crime Unit (NHTCU), these gangs have been preparing the ground for a number of years by getting their members trained for the job.

Organised crime puts members through university

“Serious and organised crime is very aware of the use of technology to further its activities,” says Neate, who is one of the new breed of cyber cops in the developed world, trained to counter online crime. “Serious and organised crime is now investing in people in order to further those activities. We have evidence that they are putting people through university to further those activities.”

This trend was confirmed by a hacker with links to a north London crime syndicate in the 1990s. “One member put his daughter through university so she could get a job in a bank and then they set up the crime,” says the hacker. “Apparently, she ‘made a mistake’ as she transferred around £500,000 into a dodgy account and the bank sacked her – but the deed was already done.”

Meanwhile, in the 1990s, hackers such as Nicholas Whitely, the first to be imprisoned in the UK, have confirmed they were approached by criminals while inside to use their skills to help gangs. Other hackers have revealed how they were employed by syndicates to wipe hard drives from stolen computers to eradicate any trace of ownership.

In effect, crime organisations are operating like those legitimate businesses that saw the advantages of embracing the technological revolution and developed a strategy accordingly. “They see a new opportunity come up in crime and they set up a new section,” says Neate. “There certainly is a research and development department in these organisations.”

There are, of course, some differences in how the gangs recruit their staff. According to one accomplished Russian hacker, he was initially offered a small sum of money to co-operate with a gang – or face a violent alternative. This is a familiar story in Russia and former eastern bloc countries, which provide the bulk of the world’s cyber criminals.

Detective Chief Superintendent Len Hynds, head of the NHTCU, has been working with the Russian authorities to counter the problem. He says much of the activity is centred on St Petersburg, which has a high number of very able maths and computer studies graduates.

The advance of the bot net armies

“I do know that the programmers concerned have been set a whole range of different tasks including the management of websites, the development of phishing scams, and the control of ‘bot net armies’,” he says.

“Bot net armies” are a growing weapon of choice for many gangs. The criminals, using viruses or spyware downloaded on to unprotected computers, control hundreds or thousands of software robots all around the world. At a pre-arranged signal, these PCs simultaneously bombard the intended target with an endless stream of junk data, until it is brought down.

The real purpose of this scam is extortion – website owners are threatened with the loss of their website (and therefore business) unless they hand over protection money. Offshore UK gambling sites have been a target of these crimes in recent years.

the fastest-growing form of crime since the production line of Henry T Ford ushered in the era of car theft

Such attacks can net between £7,000 and £17,000, which may seem small, but when multiplied by a factor of 80 or so, they start to generate healthy revenue streams for more forward-thinking Russian organised crime groups, such as Tambov and Solntsevo. In the Far East, where gambling is a popular pastime, the Russians have found rich pickings.

The computers that the criminals use to hide their bot armies – or herds, as they are also called – are usually poorly protected home PCs, especially those with high-speed broadband links.

Like so much else in the world of computers and the internet, this practice started out as relatively harmless fun among computer buffs. It was the age of “bot rustling”, a competition in which herdsmen would compete to try to seize the slave computers from their rival’s bot herds. Soon, however, the bot herdsmen found organised criminals literally knocking on their doors. A new and recent trend has been the renting out of bot nets for about $1 per bot a day.

The subversion of computers worldwide by a variety of spyware and Trojan programs to make them into bot-hosting zombies is often carried out using viruses. Viruses now typically have several different payloads and purposes – those that are meant to be discovered and treated, and those designed to lie dormant until they are needed to compromise the computer.

Money not fame the name of the game

However, such programs may not just be used to launch bot attacks. They could also be harvesting the data we store on our computers. US expert Robert Siciliano warns that spyware may pose one of the biggest technological threats from cyber criminals. “Installed remotely or at the terminal, monitoring the software allows scammers to record all activities of computer users and automatically deliver logs to them via email – including email sent, websites visited, file operations, every keystroke, username and password and online chat conversation. It’s just like a surveillance camera directly pointed at the computer monitor.”

More and more viruses are being used by gangs to make money, rather than by internet vandals who just want a few seconds of fame.

One virus trend some experts fear is the “male and female virus”, in which the two different components (sexes) are harmless and undetected on their own, but when they combine on an infected computer, they produce deadly offspring.

Viruses and bot armies are even being used for political purposes. Last year, South Korea claimed that North Korea had recruited a small army of hackers to wage cyber war on western armies, including the United States.

Yet the main motivation for cyber crime is still money. One of the problems is that so many new computer and internet users know little about how to guard themselves, and are therefore easy targets for scams and crimes. One hacker, who had been involved briefly in internet crime, reveals how he could scarcely believe how stupid many people were when using the internet.

“But then I realised the internet was just like society,” he says with a smile. “There’s clever people and there’s stupid people – and the internet magnifies that by a factor of millions.”

Expect the criminal gangs to be making more headlines in the coming months.

· Cyber Alert: How the World is Under Attack from a New Form of Crime by Peter Warren and Michael Streeter is published by Vision at £10.99. To order a copy for £10.44 with free UK p&p, call the Guardian book service on 0870 836 0875 or go to


The Guardian, Thursday 17 March 2005