Print

Email story

Comment

Email editor

Summit aims at cyber scams

The target is moving for online scams and high-tech security threats.

By DAVE GUSSOW
Published February 13, 2006

West Africa remains a hot spot, but it's being challenged by Eastern Europe and, increasingly, China as centers for cyber crime. Florida is not a hotbed, but it shows up on some law enforcement maps as either a source or stopover for some scams.

It's also more than just geography that's changing. Once law enforcement and security catch up with one scheme, the crooks alter techniques or targets.

That's at least part of the picture painted by experts at the Cyber Security Summit held last week at Raymond James Financial. The summit, sponsored by the FBI, the University of South Florida and Raymond James, attracted more than 200 security experts, law enforcement officials and academics.

While progress was reported on the security front, there was no escaping one theme: The problem isn't going away any time soon.

"The threats we face are more diverse than ever," said Carl Whitehead, special agent in charge of the FBI's Tampa office.

Take this daunting case: An e-mail scam was sent from South America. A victim in California answered it and had data stolen, which was sent to Germany and then to Michigan, where it was controlled by someone in Romania.

The fact that it could be tracked quickly was seen as a success. Improved cooperation between law enforcement and businesses, particularly the financial services sector, was praised.

But the issues involved in handling such cases, from technical to legal, are daunting. The bad guys move faster and have no jurisdictional issues in their way.

On the other side, law enforcement must contend with not only the differences in laws from state to state, but from country to country as well.

Businesses are balancing the demands to maintain consumer confidence in online transactions while not making the security process so burdensome that it chases customers away.

And it's expensive. Tim Eitel, the chief information officer at Raymond James, which hosted the summit, said the company's information technology security budget has been doubling almost every year.

John Carlson of the BITS Security and Risk Assessment Working Group, part of a financial services trade group, estimated that patches and security measures after problems in August 2003 cost more than $1-billion.

In addition to the usual suspects of spam, viruses, phishing, pharming and hacking, a few newer terms turned up, as well as tactics.

"Botnets" are networks of infected computers that can be used for spam and, more dangerously as an emerging tactic, to attack specific targets. Law enforcement found one network with more than 1-million infected machines.

So instead of sending a batch of spam that blankets millions of in-boxes, the spammers could threaten to shut down a company if their demands weren't met.

"Reshippers" are sometimes unwitting participants, lured many times by "work at home" ads. In these cases, people think they are simply forwarding packages or financial transactions.

In reality, thieves have duped them and are using legitimate addresses to cover purchases made with stolen or fraudulent credit cards.

"There's always someone who's going to bite on something," said the FBI's Dan Larkin of the Internet Crime Complaint Center.

Getting consumers to handle online activity safely is an important aspect of the fight. But getting their attention has proven difficult, even with sometimes clever marketing, such as an informational Web site with the catchy address of www.lookstoogoodtobetrue.com

-- Dave Gussow can be reached at dgussow@sptimes.com or 727 445-4165.

[Last modified February 13, 2006, 07:43:15]