The battle to keep online information secure is a continuous game of one-upmanship, with law enforcement officers, businesses and academics pitting themselves against hackers and other cyber criminals.
At “Tackling Digital Crime: Tales from the Trenches,” a lunch panel held on Feb. 17 on the Lincoln Center campus, experts shared their successes, failures and predictions about the cyber fights that are yet to come.
The panel included:
• Adam Palmer, Norton lead cyber security adviser at Symantec Corporation;
• Christopher K. Stangl, supervisory special agent at the FBI’s New York cyber branch; and
• Dan Larkin, director of strategic operations at the National Cyber-Forensics and Training Alliance.
Palmer noted that 73 percent of United States web servers have been affected by cyber crime, according to surveys conducted by his company. “If there were a street on which two-thirds of the people were robbed, we’d recognize it as a very serious problem,” he said.
One of the panelists’ biggest concerns is the ease with which inexperienced criminals can engage in cyber crimes such as identity theft, spamming and credit card fraud.
“You don’t have to be a technical expert to run a cyber crime ring. You can hire someone to do almost every step of it—to run your botnet or do technical activities that might be a challenge for you,” Palmer said.
“So we’re seeing organized criminal gangs who recognize—like the old joke goes—‘Why do you rob banks? Because that’s where the money is.’ They know that there’s big money on the Internet.”
By their very nature, mobile devices are susceptible to breaches because people lose them. People know to secure their computers, Palmer said, but they are still learning to be vigilant with their smartphones and tablets.
Cyber crime has grown in far-flung areas of the world where educated people do not have opportunities for advancement, according to the panel. In places such as Eastern Europe, the payoff for cyber crime is exponentially higher than for doing work that is legal.
In other instances, hackers invade corporate servers just because they can.
“Some of the people we’ve debriefed [told us]they found a lot of un-patched corporate servers and—though the remedies had been out for years—the corporations hadn’t gotten around to fixing them,” Larkin said. “So the criminals just said, ‘Well, we’re going to teach them a lesson.’”
While cyber attacks have become more common, they also have grown increasingly complex, Stangl remarked.
For example, a group of cyber criminals stole vast sums of money from three brokerage firms by hacking into customers’ online accounts and adding secondary phone numbers.
Two months later, the hackers began siphoning money away from the accounts while simultaneously blasting the customers’ phone lines with an automated dialing system.
“The brokerage firms noticed the trades and tried to contact the customers. When they couldn’t get in touch with them, they tried the alternate phone numbers. The bad guys on the other end told them [that the trades were authorized].”
Last year was a good one for the FBI’s fight against cyber crime, Stangl said. He detailed five major crackdowns, including the dismantling of the “Carding World” credit card theft ring.
In addition to changing domestic laws to better cope with online crime, international partnerships are key, too, he said. He noted that many of the FBI’s busts were successful due to the cooperation of foreign law enforcement agencies.
“Ten years ago, when the FBI created the cyber division, overseas criminals could target the U.S. with few, if any, repercussions,” he said. “It’s a totally different story today. We’ve made leaps and bounds in investigating these matters.”
The panel was moderated by Kevin Kelly, Ph.D., adjunct professor of computer science at Fordham, and was sponsored by Symantec and the Department of Computer and Information Science at Fordham.