Broadband News
News, views and analysis
Profile: Howard Schmidt
27 Jul 2009 | 16.54 Europe/London
Cybercriminals are turning in on themselves, the latest observations at the Information Security Forum reveals, and the security industry trade body’s President is not in the least surprised.
As a former policeman in the United States who did a stint as a security advisor at The White House, London-based Howard Schmidt has long maintained that cybercriminals are very similar to everyday thieves. They have varying levels of sophistication and they will steal from anyone who presents a target within their skill set.
“Cybercrime is like any other crime, you’ve got the loner opportunist that might rob you at the bus stop right up to the most organised crime syndicates,” he says.
“Criminals are generally pretty lazy and they just follow the least path of resistance. If someone’s property is easy to steal, they’ll take it, if it isn’t, all bar the most sophisticated will just look for another target.”
It is this inherent laziness that is leading to the latest development of cybercriminals turning on one another which he is beginning to notice.
“It’s been really interesting to see this latest development because it mirrors real life of criminals just robbing one another after they’ve done a robbery,” he says.
“I truly think we’re starting to get the equivalent of a gang culture where some hackers will stick together and then other groups will try to steal control of any systems they have got in to or try to steal control of the vulnerabilities the others have discovered.
“Instead of some criminals having to find the vulnerability and risk detection using it or trying to sell it, they’re taking the very low risk path of just stealing it and then it still looks like the original person who found the vulnerability and tried to sell it on is behind the crime. It’s the classic criminal activity of letting some other guy do the dirty work and then you steal the proceeds.”
Evolution of cybercrime
It is not clear what is behind this latest development but Schmidt believes it is all a part of cybercrime evolving to mirror traditional crime.
This has meant that the hackers and virus writers who used to just write destructive code to prove to their peers how clever they are will now instead concentrate on viruses which do not cause any overt damage but instead spy on their victim.
“It’s very different from just a few years ago, it’s all about money now,” Schmidt warns.
“You used to get something like the Kournikova virus which destroyed files but now virus writers don’t want you to know you’re infected. They want to spy on your passwords and steal private information so they can get control of your bank and credit card accounts.”
Hence virus writing has moved from kids pulling pranks to serious criminality within just a decade and, he believes, this has also seen criminals turn on one another as well as unwitting victims.
Be cautious but don’t panic
However, just like with offline, physical crime, Schmidt believes that web users need to keep their fears in perspective.
“It’s a little like my drive in to London nowadays,” he jokes. “You always hear on the radio about the hold ups but they never report the hundreds of thousands of drivers who got to work on time with no problems. The overriding vast majority of online data flowing around from user to user is perfectly legitimate, the bad guys only control a very small proportion of what goes on, destructive though that small part can be.”
Enabling automatic updates of software and keeping an up to date firewall and anti-virus software package will keep most people safe, he assures, although the most important factor is the ‘human factor’. Just as you would not give out sensitive data to people at the bus stop, the advice is to closely guard all private information closely and take great care with portable devices, such as smartphone and laptops, which can often carry personal information a thief can make good use of. Unless, of course, a rival steals it from him and beats him to it!
As a former policeman in the United States who did a stint as a security advisor at The White House, London-based Howard Schmidt has long maintained that cybercriminals are very similar to everyday thieves. They have varying levels of sophistication and they will steal from anyone who presents a target within their skill set.
“Cybercrime is like any other crime, you’ve got the loner opportunist that might rob you at the bus stop right up to the most organised crime syndicates,” he says.
“Criminals are generally pretty lazy and they just follow the least path of resistance. If someone’s property is easy to steal, they’ll take it, if it isn’t, all bar the most sophisticated will just look for another target.”
It is this inherent laziness that is leading to the latest development of cybercriminals turning on one another which he is beginning to notice.
“It’s been really interesting to see this latest development because it mirrors real life of criminals just robbing one another after they’ve done a robbery,” he says.
“I truly think we’re starting to get the equivalent of a gang culture where some hackers will stick together and then other groups will try to steal control of any systems they have got in to or try to steal control of the vulnerabilities the others have discovered.
“Instead of some criminals having to find the vulnerability and risk detection using it or trying to sell it, they’re taking the very low risk path of just stealing it and then it still looks like the original person who found the vulnerability and tried to sell it on is behind the crime. It’s the classic criminal activity of letting some other guy do the dirty work and then you steal the proceeds.”
Evolution of cybercrime
It is not clear what is behind this latest development but Schmidt believes it is all a part of cybercrime evolving to mirror traditional crime.
This has meant that the hackers and virus writers who used to just write destructive code to prove to their peers how clever they are will now instead concentrate on viruses which do not cause any overt damage but instead spy on their victim.
“It’s very different from just a few years ago, it’s all about money now,” Schmidt warns.
“You used to get something like the Kournikova virus which destroyed files but now virus writers don’t want you to know you’re infected. They want to spy on your passwords and steal private information so they can get control of your bank and credit card accounts.”
Hence virus writing has moved from kids pulling pranks to serious criminality within just a decade and, he believes, this has also seen criminals turn on one another as well as unwitting victims.
Be cautious but don’t panic
However, just like with offline, physical crime, Schmidt believes that web users need to keep their fears in perspective.
“It’s a little like my drive in to London nowadays,” he jokes. “You always hear on the radio about the hold ups but they never report the hundreds of thousands of drivers who got to work on time with no problems. The overriding vast majority of online data flowing around from user to user is perfectly legitimate, the bad guys only control a very small proportion of what goes on, destructive though that small part can be.”
Enabling automatic updates of software and keeping an up to date firewall and anti-virus software package will keep most people safe, he assures, although the most important factor is the ‘human factor’. Just as you would not give out sensitive data to people at the bus stop, the advice is to closely guard all private information closely and take great care with portable devices, such as smartphone and laptops, which can often carry personal information a thief can make good use of. Unless, of course, a rival steals it from him and beats him to it!