MCAFEE VIRTUAL

CRIMINOLOGY REPORT
ORGANISED CRIME AND THE INTERNET
December 2006

© McAfee 2006
CONTENTS

INTRODUCTION

SECTION ONE
CYBERCRIME: A NEW GENERATION OF CRIMINALS

SECTION TWO
HI-TECH CRIME: HOW ORGANISED CRIME IS PROFITING FROM THE INTERNET

SECTION THREE
THE INSIDERS: THE NEW THREAT TO CORPORATES

SECTION FOUR
FUTURE CHALLENGES

REFERENCES

01
INTRODUCTION
In 2005, the McAfee Virtual Criminology Report
revealed how European cybercrime had expanded
from geeks in their bedrooms to organised
cybercrime gangs.
The McAfee report, the first to examine organised
crime and the Internet, highlighted how old-style
crime gangs were going hi-tech and replacing
baseball bats with botnets to carry out systematic
and professional cyber crimes.
A year on and cybercrime represents the fastest-
growing category of crime globally.
Cybercrime is no longer in its infancy, it is now big
business. Organised crime is capitalising on every
opportunity to exploit new technology to perform
classic crimes such as fraud and extortion to make
money illegally. And they are targeting businesses
and individuals alike.
Organised crime gangs may have less of the expertise
and access needed to commit cybercrime but they
have the financial clout to buy the right resources and
operate at a highly professional level.
NEW GENERATION GROOMED FOR CYBERCRIME
The new research reveals how organised crime is
grooming a new generation of high-flying
cybercriminals using tactics which echo those
employed by the KGB to recruit operatives at the
height of the cold war.
TEENS AS YOUNG AS 14 ATTRACTED BY CULT OF
CYBERCRIME
The study also reveals how internet-savvy teens as
young as 14 are being attracted into cybercrime by the
celebrity status of hi-tech criminals and the promise of
making money without the risks associated with
traditional crime.
FROM BEDROOM LONERS TO COMMUNAL
CAFES
The report examines how cyber criminals are moving
away from bedrooms and into public places such as
Internet cafes and Wi-Fi enabled coffee shops.
Experts across the globe recognise the growth of
cybercrime. Dave Thomas, Section Chief, FBI Cyber
Division, says “If you have people reading in the
media that other people are making a lot of money
from cybercrime – and if they have criminal intent –
then they are definitely going to also take that path.”
The threat of cybercrime to businesses and individuals
continues to increase at a staggering rate. In July
2006, McAfee researchers reported that over 200,000
online threats had been detected. It took 18 years to
reach the first 100,000 (2004) and only 22 months to
double that figure. McAfee’s researchers expect it to
double yet again in a similar timeframe. Organised
crime has realised the potential of making money
through the Internet as we move forward into our
cyberworlds.
Commissioned by McAfee and with contributions from
Robert Schifreen, expert author of the best-selling
book Defeating the Hacker, law enforcement agencies
and cybercrime experts across the globe, the second
McAfee Virtual Criminology Report shows how hi-tech
crime is developing and looks into the future threat
this activity poses to home computers as well as to
government infrastructure and corporate
organisations.
GREG DAY, MCAFEE SECURITY ANALYST
“It’s been dubbed Web 2.0 or the internet’s second
wave. Millions of people are now harnessing the
internet to network with each other socially, create
and share content and buy products and services in
even greater amounts. So too is organised crime.
Organised crime is seizing the potential of the digital
space we live our lives through today for financial
gain.The increasing take-up of broadband and new
technologies such as voice over internet (VoIP) services
present new opportunities for hi-tech criminals.
Cybercriminals are not standing still either.
They are developing faster, stealthier and more
resilient methods such as ransomware to target new
and unsuspecting victims such as home PC users and
small businesses.
The security industry has also not stood still. Today,
global viruses like Mydoom and Sober are no longer
effective means of causing mass infection. So
cybercriminals are using more subtle and sophisticated
methods that are harder to detect. As such, proactive
protection is becoming imperative – it is the only way
to offer users absolute confidence.
As the largest dedicated security company in the
world, McAfee is at the forefront of enabling
consumers and businesses to better understand the
risks they face online - showing them the best ways
they can take a proactive approach to securing the
things that matter most to them, including their
identity and personal belongings such as digitally
archived photos and music.
McAfee has worked with leading hi-tech enforcement
experts and agencies across Europe and the US over
the past five months to reveal its second study into
organised crime and the Internet. The study
underlines how vigilant we should all be as new
technologies propel our usage of the Internet but also
provides new opportunities for hi-tech criminals.”
02
SECTION ONE
CYBERCRIME: A NEW GENERATION OF CRIMINALS

Governments, companies and enforcement agencies

have intensified their efforts to bring hackers and
other malware authors to justice over the last year.
The publicity surrounding high profile court cases and
cybercrime activity has thrust cybercrime into the
media spotlight and heightened public awareness.
At the same, time it’s never been easier to commit
crime online. Opportunity is everywhere and as a
result the threat of cybercrime is now omnipresent.
Old-style criminals are driven largely by a desire to
cause harm or make money. Rarely will a criminal rob
a bank, mug a stranger or kidnap a person to make a
point or to see how easy it is to do. Conversely, the
Internet has prompted all manner of rogue behaviour
– some out of intellectual interest and curiosity but
most because the opportunity and financial incentive
is there.

“The number one motivator is opportunity. Whatever

the underlying motivation, be it financial or
otherwise, if they have the opportunity they can
commit the crime. Take away the opportunity and the
motivation becomes less important. People don’t
spend enough time exploring why potential criminals
have the opportunity to commit crimes in the first
place.”
Professor Martin Gill - Director of Perpetuity Research and
Consultancy International and a Professor of Criminology at
the University of Leicester

03
SECTION ONE
CYBERCRIME: A NEW GENERATION OF CRIMINALS
CULT-LIKE STATUS OF CYBERCRIME
“If you have people reading in the media that other
people are making a lot of money from cybercrime –
and if they have criminal intent – then they are
definitely going to also take that path.”
Dave Thomas, Section Chief, FBI Cyber Division
As a result, cybercrime has established a cult
following, with online offenders rising almost to
celebrity status within hacking communities.
Virus writers, hackers and other malware authors have
well-publicised conferences and seminars where they
showcase their methods to highlight potential security
issues. But as well as revealing potential security issues,
they also expose vulnerabilities and the opportunity
for criminals and black hat activities.
CASE STUDY: THE CULT-LIKE STATUS OF
CYBERCRIMINALS – GARY MCKINNON
Gary McKinnon was indicted by a US court in
November 2002, accused of hacking into over 90 US
Military computer systems from the UK. Gary faces up
to 70 years in jail but has a huge online following of
people trying to get him out of jail and/or protesting
his extradition to the US for trial and punishment.
Many people believe he should be tried in England
and serve his time in the UK.
http://freegary.org.uk/
Gary claims his inspiration to become a hacker came
from watching the movie WarGames when he was 17
years old. He thought, “Can you really do it? Can you
really gain unauthorised access to incredibly
interesting places? Surely it can’t be that easy.” And so
he gave it a try.
SPOTLIGHTING CYBERCRIME
• Defcon, the annual hacker gathering in Las
Vegas: Attendees were encouraged to hack their
entrance badges
• The Blackhat Security Conference: Microsoft
encouraged hackers to take their best shot at its new
operating system, Windows Vista
• Hack in the Box – labelled as ‘the most intimate of
the hacker conferences’
04
SECTION ONE
CYBERCRIME: A NEW GENERATION OF CRIMINALS
FROM INQUISITIVE TO INCRIMINATING: HOW
YOUNG TEENAGERS FALL INTO CYBERCRIME
Many young people are first enticed into cyber-
criminality by intrigue, by the challenge and by the
promise of getting something for nothing. Some are
aware of their illegal actions from the start; others
edge slowly toward the murky underworld from
seemingly innocent beginnings.
“Young hackers and script kiddies get involved on the
small scale and it steamrolls from there. They start
with very simple tasks but move quickly to accessing
credit cards and other money-making schemes. The FBI
focuses a lot on attacks and criminal networks coming
out of Eastern Europe. Many of these cybercriminals
see the Internet as a job opportunity. With low
employment, they can use their technical skills to feed
their family. Cybercrime becomes an occupation.”
Dave Thomas, Section Chief, FBI Cyber Division
Newsgroups, forums and Internet cafes are full of
people looking for information and passwords.
Initially, their aim is fairly harmless and many do not
have aspirations of being a serious cybercriminal - they
are only password-hunting because they wish to hack
into a computer program to see if they can, to see
how it works or access a game which is protected.
However, other hackers and malware authors freely
exchange tips in online forums and feed beginners the
knowledge to hook them in. The typical hacker is
1
between 14-19 years old.
For many, the thrill of the challenge and the
community is too tempting a scenario to resist. Just as
a drug addict enjoys their first high and increasingly
looks for the next fix, so too does the lure of the next
cyber-scam prove addictive – and all too easy if you
know where to go for advice. That addiction grows as
the stakes become higher and organised criminals pay
youngsters to execute their extortion scams. As a
result, cybercrime amongst teenagersis rising.
“Once an amateur hacker becomes more proficient at
compromising systems, it is easy to realise that they
can make money doing so (for example: renting out
bots or leasing out slots to send spam). At the same
time, criminals pro-actively recruit people for their
technical jobs. Those people may not know what they
are really getting involved in.”
Erik de Jong, Project Manager, Govcert.NL
CASE STUDY: FROM INQUISITIVE TO
INCRIMINATING
By the age of 20, Shiva Brent Sharma had amassed in
excess of $150,000 of cash and merchandise reaping
through computer crime. When he was arrested for
the third time for identity theft, he claimed he could
earn around $20,000 in a day and a half. An addiction
to the challenge and to the reward, he fears that
when he finishes serving his two to four year prison
term, he’ll relapse and start tapping into online
wallets again.
From a middle-class family background and the
youngest of three children, Sharma was always
battling for access to the Internet. His criminal
activities started when he began regularly visiting sites
where users from all over the world met to swap tips
about identity theft and to buy and sell personal
information. The tricks and techniques he learned
there enabled him to undertake his variety of scams.
He began with phishing, then dealt in bootleg
software before ultimately moving on to buying
stolen credit card accounts online, changing the
information and sending the money to himself.
Sharma never could provide a clear reason for his
crimes. At times he claimed it was simply a game to
pass the time, whilst at others he implied it was a
more focused attack against the banking industry.
“Well, you know – I mean there’s no justification
behind it at all. You know it was wrong and I did it
– it was wrong.”
2
05
SECTION ONE
CYBERCRIME: A NEW GENERATION OF CRIMINALS
WWW.HOWTOHACK.COM
“The availability of tools online has assisted the
growth of cybercrime. The complexity of tools has also
increased. For example: creating one’s own bot and
setting up a botnet is now relatively easy. You don’t
need specialist knowledge, but can simply download
the available tools or even source code. In general,
you see that tools that were once only available to a
privileged group of “specialists” become available to
the general public over time.”
Erik de Jong, Project Manager, GOVCERT.NL
It’s never been easier to commit cybercrime. There’s
more opportunities and more information on how to
get started with just the click of a mouse.
Within seconds of searching online, anyone of any age
can access numerous sites and information on hacking
and other cyber scams.
While the vast majority of content online has fostered
a sprit of enterprise and sharing of information and
knowledge for good, it has made it easy for
impressionable young teenagers, and those people
intent on making money, to find the tools to get
started in cybercrime.
The tools necessary for spamming and phishing are
easily accessed and publicly available on the Internet.
Companies sell lists of email addresses at $39.95 per
3
million for multiple use. Compare this with the going
rate of 20p per name for conventional mailing lists
from reputable firms for just one-time mailings and it
is easy to see the opportunity for criminals. Once they
have the addresses all they have to do is send the
‘loaded’ email and engineer the welcome message
that will get consumers to open it.
“Hacking tools have been available on-line for some
years now. Criminals often will adopt and put them to
illicit use. Despite this, we continue to arrest and
prosecute those who seek to engage in computer
crime.”
Robert Burls MSc, Detective Constable, Metropolitan Police
Computer Crime Unit
06
SECTION ONE
CYBERCRIME: A NEW GENERATION OF CRIMINALS

HOW ORGANISED CRIME IS GROOMING THE
NEXT GENERATION OF CYBERCRIMINALS
“Cybercriminals need not only IT specialists – they
need people that can launder money, people that can
In the words of former KGB Maj. Gen. Oleg Kalugin: CASE STUDY: POTENTIAL TARGETS OF
“If you can find a young person, perhaps a student, CYBERGANGS
before his opinions have fully matured, then make
him truly believe in your cause, he will serve you for
many years.”
4

specialise in ID theft, someone to steal the credit In June 2006, researchers surveyed 77 computer
numbers, then hand it off to someone who makes In some cases, organised crime gangs are going even science students at Purdue University, USA, using an
fake cards. This is certainly not traditional organised further to sponsor eager would-be hackers and anonymous, web-based questionnaire. Students were
crime where the criminals meet in smoky back rooms. malware authors to attend information technology asked whether they had indulged in one of several
Many of these cybercriminals have never even met university courses to further their expertise. Criminals “deviant” computer acts, some of which could be
face-to-face, but have met online. People are openly are also earmarking university students from other classified as illegal.
recruited on bulletin boards and in online forums disciplines and supporting them financially through These activities were guessing or using another
where the veil of anonymity makes them fearless to their studies with a view to them gaining employment person’s password, reading or changing someone
post information.” with, and inside access to, target organisations else’s files, writing or using a computer virus,
and businesses. obtaining credit card numbers and using a device to
Dave Thomas, Section Chief, FBI Cyber Division
obtain free phone calls.
Although organised criminals may have less of the
expertise and access needed to commit cybercrimes, The number of IT students who admitted to such
they have the funds to buy the necessary people to do behaviour was high. Of 77 students, 68 admitted to
it for them. engaging in an activity that could be classified as
5
deviant.
In an echo of the KGB tactics employed during the
cold war to recruit operatives, organised crime gangs
are increasingly using similar tactics to identify and
entice bright young net-savvy undergraduates.
Organised crime gangs are starting to actively recruit
skilled young people into cybercrime. They are
adopting KGB-style tactics to recruit high flying IT
students and graduates and targeting computer
society members, students of specialist computer skills
schools and graduates of IT technology courses.
At the height of the cold war, potential KGB
operatives were often identified by skimming trade
journals for expert names, checking trade conferences
attendees or were approached out of the blue on
university campuses.

07
FROM PURISTS TO PROFITEERS:
THE CYBERCRIME FOOD CHAIN
Perpetrators of cybercrime today range from the
amateurs with limited programming skills who rely on
pre-packaged scripts to execute their attacks, right
through to the well-trained professional criminals who
are armed with all the latest resources.
THE INNOVATORS
Who? Focused individuals who devote their time to finding security holes in systems or
exploring new environments to see if they are suitable for malicious code
Why? The Challenge
How? Embrace the challenge of overcoming existing protection measures
and seek to break in through the back door
Danger Rating: Low
These purists, the ‘elite threat authors’, only make up 2% of the hacking
and malware author population

THE AMATEUR FAME SEEKERS THE COPY-CATTERS

Who? Novices of the game with limited computing Who? Would-be hackers and malware authors
capabilities and programming skills
Why? The celebrity status of the cybercrime community
Why? Hungry mainly for media attention has prompted an upsurge of those desperate to replicate
their formulae for fame
How? Use ready-made tools and tricks
How? Less focused on developing something new
Danger Rating: Moderate and more interested in recreating simple attacks
Threat lies in the unleashing of attacks without
Danger Rating: Moderate
really understanding how they work

THE INSIDERS
Who? Disgruntled or ex-employees, contractors and consultants
Why? Revenge or petty theft
How? Take advantage of inadequate security, aided by the
privileges given to their positions within the workplace
Danger Rating: High
This group is a growing and serious security problem

THE ORGANISED CYBER-GANGSTERS

Who? Highly motivated, highly organised, real-world cyber-crooks
Limited in number but limitless in power
Why? Intent on breaching vulnerable computers to reap the rewards
How? Like in most communities of successful criminals, at the centre is a
tight core of masterminds who concentrate on profiteering by whichever means
possible – but surrounding themselves with the human and computer resources to make
that happen
Danger Rating: High

08
SECTION ONE
CYBERCRIME: A NEW GENERATION OF CRIMINALS

PROFILE OF A DRUG-COURIER: PROFILE OF A BOTNET AUTHOR:

NAME: AGE: NAME: AGE:
Scott Rush 19 Jeanson James 20
Ancheta

COMPARISONS BETWEEN REAL WORLD YOUNG MOTIVE: METHODS: MOTIVE: METHODS:

Money Drug trafficking. Caught Money Used trojan horse to
OFFENDERS AND CYBERCRIMINALS
couriering heroin from infect and control
Criminals are exploiting the fact that the cyber-world Australia to Bali computers before selling
represents a vast domain of global opportunity with to adware, spyware and
virtually no barriers and little risk of detection and spam companies
punishment. A US Treasury advisor has stated that
more money is now made from cybercrime than from REWARD: RISKS AND REWARD: RISKS AND
6
the traditionally high revenue-yielding drugs industry. 1.3kg of heroin PUNISHMENTS: $0.15 per install PUNISHMENTS:
Whilst law enforcement agencies are working hard to with a street Also on charges of fraud, $3,000 per botnet James was the first botnet
combat the cybercrime threat, in the opportunity value of $1m theft and drink-driving, $60,000 in 6 months author ever to sentenced, in
versus risk versus reward ratio, online crime is Scott was sentenced to and over May 2006. He got four years
currently proving more appealing to serious criminals life imprisonment. On $170,000 in total in prison.
than traditional organised crime. appeal this was upgraded
to the death sentence.

09
SECTION TWO
HI-TECH CRIME: HOW ORGANISED CRIME IS PROFITING
FROM THE INTERNET
Online crime has changed dramatically in recent years.
The previously common and global virus events are
now all but a thing of the past. In the first half of
2004, 31 virus outbreaks were rated medium and
above. The second half of 2004 saw 17 more. That
number fell to 12 for the whole of 2005 and in 2006
there have been no outbreaks of comparative severity.
The focus has turned towards altogether stealthier
and more targeted means of attack.
Cybercriminals are refining their means of deceit and
the victims they are targeting. Evolving their
techniques and targets allows them to stay one step
ahead of detection.
KEY TRENDS OVER THE PAST YEAR INCLUDE:
• Moving away from bedrooms and into public
places to avoid detection
• Exploiting the new online social networking
explosion
• Targeting identities by employing new
techniques such as spear phishing
• Targeting new technologies – mobile phones
and devices
• Targeting individuals and small businesses
• Criminal collaboration and the creation of
malware mafia families
FROM BEDROOM LONERS TO CAFE CRIMINALS
The stereotypical view of lone cybercriminals
operating out of their bedrooms is no longer a valid
one. Nowadays, they are to be found right in the
public eye. But rather than opening themselves up for
discovery they are covering themselves with an
invisible cloak.
Hackers and malware authors traditionally worked
from the hidden depths of their homes because they
needed access to a telephone line for modem-to-
modem communications. But the Internet, its
popularity and its pervasiveness, has changed all that.
They can access the Internet in a cybercafé, university,
library, telephone kiosk, from a PDA or mobile phone
– or even by stealing bandwidth from any unprotected COVERT COMMUNICATIONS IN PUBLIC SPACES
Wi-Fi network that they happen to be parked near to.
By using the Internet in a public place, cybercriminals
maintain crucial anonymity and avoid detection. Many Following the explosions in London on 7th July 2005,
Internet cafes clean their computers by automatically the National Hi-Tech Crime Unit (NHTCU) contacted
rebooting the machines and wiping all non-standard JANET, the Joint Academic Network, which connects
files between each customer. Anonymity is key and UK universities, colleges and schools.
tracks are more easily covered from a public location. The NHTCU suspected that the terrorists used a
telecommunications system in the planning and
execution of their attack, and that universities may
have information on their networks that could assist in
its investigations. The NHTCU requested that all data
be preserved.
10
SECTION TWO
HI-TECH CRIME: HOW ORGANISED CRIME IS PROFITING FROM THE INTERNET
SOCIAL NETWORKING: HOW CRIMINALS ARE
TARGETING THE WEB’S SOCIAL NETWORKING
EXPLOSION
Since its beginning, the web has often been used
as a tool to meet new people, but over the last
year the interaction between Internet users has
grown dramatically.
Web 2.0, or the Internet model where content is
created and shared, has given birth to some of the
most popular websites the Internet has ever seen.
Sites like MySpace, Bebo, Friendster, Facebook and
LinkedIn (a site used for business networking) have
fuelled the social networking trend.
It’s a hugely powerful medium and people are just
starting to grasp how effective it can be to link with
friends, or potential business associates.
By their very nature, these sites are vulnerable to
misappropriation. There is a false economy of trust.
People don’t present personal information to
strangers in the street, but building profiles online
mean that Internet criminals can instantly access a
mine of details – names and interests, pets and life
stories. All of which help them to either take those
identities directly to defraud, or understand
personalities to better and more effectively target
phishing or adware scams.
The inclusion of music on MySpace has been one of
the biggest reasons for the site’s success.
Unknown bands have demonstrated that social
networking sites can be an effective way of promoting
themselves. Artists like Lilly Allen and Arctic Monkeys
have used MySpace as a springboard.
But this also presents the perfect opportunity for
criminals to embed spyware and adware within
downloads, capable of compromising PCs, tracking online
behaviour or directing users to inappropriate content.
Whole profiles can be developed for illegal purposes.
SOCIAL ENGINEERING IN PUBLIC COMMUNITY
SITES
Just like with social networking sites like MySpace, the
very openness of Wikipedia that allows users to freely
add or edit available content has made it an attractive
target for virus authors to plant malicious code in
articles.
In October 2006, a piece on the German edition of
Wikipedia was re-written to contain false information
about a supposedly new version of the infamous
Blaster worm, along with a link to a supposed fix. In
reality, the link pointed to malware designed to infect
Windows PCs.
An email was also mass spammed to German
computer users requesting them to download the
security fix. The email was crafted to supposedly
appear from Wikipedia, complete with an official
Wikipedia logo.
SOCIALLY UNACCEPTABLE – SCAMS ON
MYSPACE
In October 2005, the Samy worm was discovered on
popular community site MySpace.com. By exploiting
vulnerabilities in the MySpace.com site, the worm
added a million users to the author’s friends list.
Additionally, the malicious code would be copied into
the victim’s profile, so that when that person’s profile
was viewed, the infection spread.
In summer 2006, a banner ad on MySpace
compromised almost 1.1 million computers. When
users opened the image, the hacker was given access
to the infected PC. The spyware installation program
contacted a Russian-language web server in Turkey
that tracked the PCs on which the programme had
been installed. The ad also attempted to infect users
of Webshots.com, a photo-sharing site.
MySpace was also subject to a phishing scam in 2006.
The attack started when users were sent a link
through an instant messaging program. The link was
from someone in their contact lists, asking them to
click the link to MySpace to view photos. The link led
to a fraudulent MySpace login page. Once the victim
entered their information, they were then
transparently logged into the real MySpace pages. But
in the meantime, all their log-in information become
the property of the phisher.
11
SECTION TWO
HI-TECH CRIME: HOW ORGANISED CRIME IS PROFITING FROM THE INTERNET
CONTEMPORARY SCAMS: HOW CRIMINALS ARE
TRICKING PEOPLE BY TOPICAL CROWD PLEASERS
Popular national and international news and sports
events draw in the crowds – but now they attract the
cybercriminals too. Whether it’s via viral marketing, or
just plain viruses, a topical subject header, website link
or download is capable of reaping in the rewards.
The 2006 World Cup generated exactly this sort of
criminal opportunity. Popular with millions world-
wide, fans hunger for information proved insatiable.
Viruses using related messaging circulated fast and
furious; and thousands frantically downloaded score
spreadsheets and screensavers giving criminals almost
instant and unsuspected presence on hundreds of
thousands of computers.
WORLD CUP WOES –
CRIMINALS 3: CONSUMERS: 0
Virus writers got themselves into a football frenzy
unleashing attacks attempting to cash in on sports
supporters. In May 2006, a trojan horse which
disguised itself as a World Cup wallchart was
distributed by spam email. It specifically targeted
German speakers.
Another virus attack infected Microsoft Excel files
cloaking itself as a spreadsheet charting the national
teams participating in the World Cup.
An analysis of screensaver pages associated with the
World Cup found that a high proportion of sites were
loaded with adware, spyware and malicious
downloads. Among the teams, Angola (24%), Brazil
(17.2%) and Portugal (16.2%) rated especially highly,
while among the players, superstars Cristiano Ronaldo
of Portugal, David Beckham of England and
Ronaldinho of Brazil posed a significant danger to
fans.
IDENTITY THEFT: STEALING PERSONAL
INFORMATION TO DEFRAUD
There has been a dramatic increase in the collection
methods used by criminals to steal personal identifier
information.
“Victims of identity theft-related malware lose ALL of
their personal privacy and there is a high probability
they also lose substantial amounts of money. They
might even be involuntarily involved in criminal acts
through misuse of their
identity.”
Christoph Fischer, General Manager of BFK edv-consulting
GmbH
12
SECTION TWO
HI-TECH CRIME: HOW ORGANISED CRIME IS PROFITING FROM THE INTERNET

KEYLOGGING CASH FROM TRASH CASE STUDY: THROWING AWAY CONFIDENTIAL

Hackers use keylogger programs to silently collect
keystrokes from unsuspecting victims whose use of
online chat rooms and instant messaging type
programs makes them vulnerable. On activation, the
hacker can collect any information that the user has
inputted online, including personal data used in
online transactions. A large proportion of this data is
transmitted internationally to countries where it is
difficult for the law to intervene. The perpetrator then
uses that information to assume an identity and gain
access to credit card accounts.
Cybercriminals are also cashing in with simpler tricks.
People often have little realisation of the value of the
information they just throw away. Criminals have
sought out confidential information by riffling
through rubbish. Now cybercriminals have realised
that when computers are dumped or resold, more
often that not, they still contain a wealth of files and
data that can be used for financial gain or deception.
INFORMATION
In April 2005, a hard drive of the police of
Brandenburg, Germany, showed up on eBay.
Confidential police documents like internal alarm
plans for extreme situations like hijacking and
hostage-taking were fully accessible. There were also
lists of names on the hard drive showing the manning
of crisis management groups, lay-outs, orders and
analytics: information which could be very useful on a
number of criminal levels, not least for terrorists.

According to the FBI: “Identity theft costs American

businesses and consumers a reported $50 billion a
year, causes untold headaches for an estimated 10
million US victims annually, and even makes it easier
for terrorists and spies to launch attacks against our
1
nation.”
As a result, in June 2006, the FBI joined corporate,
academic, and government leaders in announcing a
new Center for Identity Management and Information
Protection (CIMIP) to combat the increasing threat
that identity fraud and theft pose to personal and
national security.

13
SECTION TWO
HI-TECH CRIME: HOW ORGANISED CRIME IS PROFITING FROM THE INTERNET
MIND GAMES: HOW CRIMINALS ARE
EMPLOYING INCREASINGLY DEVIOUS MEANS TO
TRICK PEOPLE INTO HANDING OVER MONEY
AND INFORMATION
While cybercriminals continue to churn out attacks on
larger institutions and en masse hits, the majority have
turned to subtler and more effective methods which
introduce the mind games and social engineering
techniques that unravel not only chunks of data but
entire identities.
PHISHING FACTS
2
• 17,000 phishing reports per month in 2006
3 user rather than from the auction site. For example,
• 40% in non-English language
• 90% of people still don’t recognise well-
4
constructed phish
Phishing - the act of sending an email to a user falsely
claiming to be an established legitimate enterprise in
an attempt to scam the user into surrendering private
information that will be used for identity theft – is on
the rise. But the nature of phishing attacks
isconstantly changing.
Over the last year, McAfee has seen phishing emails
increase by approximately 25%. Fraudsters continue to
target the high profile banks, financial institutions and
e-commerce sites that they always have done but
increasingly they are changing the content of the
phishing mails away from the ‘update your details
now’ scams to a more varied and directed message.
In addition to attacking these well known companies,
fraudsters are increasingly targeting smaller European
and American financial institutions, and the targets
are changing almost daily.
“While virus and worm epidemics have been reduced
– mostly as a consequence of improved tools for
detection and removal – phishing and pharming have
become predominant means of attacks, especially
targeting banks.”
Professor Klaus Brunnstein, University of Hamburg
The e-commerce phish has also become more directed.
Much of the phish targeting popular online auction
sites appear as if they have been sent from another
many of the phish nowadays are fake messages
claiming that you bought an item and have not paid,
or the other user has raised a dispute against you, or is
enquiring about an item for sale.
In February 2006, the various ‘update your account
information’ phish accounted for 90% of the ebay
phish, and 10% were other types. Now it is less than
50%.
A less high-profile attack comes with the growing
number of spear-phishing messages. These look like
they have come from employers or colleagues who
might feasibly send IT communications and include
requests for user names or passwords. But the real
truth is that the email sender information has been
spoofed in an attempt to gain access to a company’s
entire computer system.
14
SECTION TWO
HI-TECH CRIME: HOW ORGANISED CRIME IS PROFITING FROM THE INTERNET
MOBILE THREATS: HOW CRIMINALS ARE
EXPLOITING NEW TECHNOLOGY
“SMiShing” (phishing via SMS), is a recent
phenomenon that takes the concept and techniques of
phishing via email and translates it to text messages.
Episodes of this activity have been minimal to date but
the nature of current attacks suggests that much of it
has been authored by script kiddies looking to take
new code to standard execution. Now SMiShing has
become part of the cybercrime toolkit, there will be a
considerable rise in attempts over the coming months.
As we become more reliant on our personal mobile
devices outside of the home and office, SMiShing
stands as a clear indicator that cell phones and mobile
devices will increasingly be used by perpetrators of
malware, viruses and scams.
CASE STUDY: SMISHING
August 2006 saw the first example of a threat moving
from the PC environment into the mobile space with
an attack that started as a simple mass mailing worm
but was then turned into a SMiShing attack.
The threat targeted two major mobile phone
operators in Spain, sending SMiSh messages free
of charge via randomly generated mobile phone
numbers through the operators’ email-to-SMS
service gateway and specifically targeting Nokia
Series 60 devices.
It attempted to trick the victim into downloading free
‘anti-virus software’ from the operator. Users that
downloaded and installed the software from the link
found themselves infected with malware.
Most of the code was in Spanish with some
German comments, illustrating that cybercrime
knows no borders.
UPDATING OLD TRICKS – SPAM BECOMES
PICTURE PERFECT
Spam continues to remain one of the biggest
challenges facing Internet consumers, corporations,
and service providers today - with the cost of spam
impacting bandwidth, delayed email, and employee
productivity. Spammers continue to employ new
tricks to avoid detection and open up new streams
of revenue.
Image spam has been significantly increasing and now
many varieties of spam - typically pump and dump
stocks, pharmacy and degree spam - are now sent as
images rather than text. In October 2006, image spam
accounted for up to 40% of the total spam received,
compared to about 10% a year ago. Image spam is
typically three times the size of text-based spam, so
this represents a significant increase in the bandwidth
used by spam messages.
Traditionally, spammers have also used well-known
top level domains (TLDs) such as .com, .biz or .info. But
now, by using top level domains from small island
countries, such as .im from the Isle of Man in the UK,
spammers attempt to avoid detection by using
domains previously unknown to spam filters. This
trend has been nicknamed ‘spam island-hopping’.
15
SECTION TWO
HI-TECH CRIME: HOW ORGANISED CRIME IS PROFITING FROM THE INTERNET
HOW HOME USERS ARE BECOMING A
FAVOURITE TARGET FOR CRIMINALS
In the 2005 McAfee Virtual Criminology Report it was
revealed how there had been a massive increase in
extortion demands primarily targeting businesses
reliant on the Internet for their business.
Using thousands of computers around the world that
were infected with malicious code, the report
revealed how criminals were able to marshal botnets
to bombard corporate websites blocking all genuine
transactions and communities – also known as a
distributed denial-of-service attack (DDoS).
The report highlighted how criminals had targeted
online gambling sites given the volume of transactions
purely online.
In 2005, the OCLCTIC (Office Central de Lutte contre
la Criminalité liée aux Technologies de l’Information et
de la Communication) investigated 48% more
business-related crimes than in the previous year. The
number of people accused and prosecuted increased
by 30%.
The increase in crime investigations can be explained
partly by the rise in the number of criminal activities
5 Barrow contacted police and an IT expert who
such as blackmail, racism and extortion.
Today this kind of extortion and distributed denial-of-
service (DDoS) attack using botnets are being used by
criminals on home pc users. Online blackmailers are
increasingly looking towards the easy pickings of the
relatively non-savvy home pc user. With consumers
storing more and more documents of financial and
sensitive value (banking details, work files) as well as
sentimental value (photos and music) criminals have
realised that they will pay up to have them restored.
PERSONALLY HELD TO RANSOM
In May 2006, Helen Barrow, a 40-year-old nurse from
Rochdale in the UK, discovered her computer files had
vanished and had been replaced by one 30 digit
password -protected folder.
She also found a new file named “instructions on how
to get your files back.” On opening it, Ms. Barrow was
told that the password to unlock the encrypted folder
containing her files would be provided following a
payment for drugs from an online pharmacy. Ms
managed to recover some of her files, which included
coursework for her nursing degree.
“When I realised what had happened, I just felt sick to
the core,” Helen said. ”…I had lots of family
photographs and personal letters on the computer
and to think that other people could have been
looking at them was awful.”
Thankfully, the password for this particular attack was
made widely available by security firms, but the
underlying trend is worrying.
GLOBAL BOTNET ARMIES
Botnets – the jargon term for a collection of software
robots, or bots, which run autonomously.
BOTNET FACTS
• IRC BOTS grown from 3% – 22% of all malware
(2004 – 2006)
• Costs of protection can be more than ransom costs
“By far the major emerging threats are Botnets and
we are also seeing more sophisticated malicious code.
For example, some malware has the ability to deploy
keystroke-loggers, harvest stored passwords and take
screen captures of infected hosts. These techniques
can enable criminals to obtain full identity profiles
from victims as well as being able to potentially access
their financial and personal data.”
Robert Burls MSc, Detective Constable, Metropolitan Police
Computer Crime Unit
In the 2005 McAfee Virtual Criminology Report it was
revealed how botnets were becoming the method of
choice for criminals. Organised crime gangs were
hiring script kiddies to deploy a large number of
asymmetric threats simultaneously on a business via its
website.
As predicted last year, there has been a significant
increase in botnets and they are now the preferred
weapon of choice for cyber criminals, used for
phishing schemes, illegal spamming, stealing
passwords and identities and spreading pornography.
At least 12 million computers around the world are
now compromised by botnets.
16
SECTION TWO
HI-TECH CRIME: HOW ORGANISED CRIME IS PROFITING FROM THE INTERNET
CRIMINAL COLLABORATION & MALWARE MAFIA
FAMILIES
OPEN SOURCE TECHNIQUES
The growth of bots is due to two factors - financial
motivation and the availability of source code.
Without financial incentives, there would be far fewer
variants. For example, the financially neutral Mydoom
family has far fewer variants than any major bot
family. And without large-scale source-code sharing,
we would not see the handful of massive families that
are evident today.
Bot authors are increasingly using open source
development techniques, such as multiple
contributors, releases driven by bug fixes, paid feature
modifications, and module reuse. A virus or Trojan is
usually written by a single author who has complete
control of the features and timing of the release
updates. Bots, however, are different. Most bots are
written by multiple authors.
The use of a professional development methodology
represents a critical change in malware evolution. This
form of collaboration is expected to make botnets
more robust and reliable - and being able to offer
customers a guaranteed ROI will cause the bot and
overall malware market to grow explosively within the
next few years.
Bots will continue to push the malware
engineering envelope.
ADWARE AFFILIATIONS AND FAMILIES
ADWARE FACTS
• All major search engines return risky sites when
searching for popular keywords
• Between 2000 and 2002, there were only about ten
adware families. By May 2006, there were more than
700 adware families with more than 6,000 variants
• The most prolific distributors of adware are actually
star/celebrity sites, not the commonly believed adult
and pornography websites
Spyware and adware are usually made and marketed
by legitimate corporate entities for specific advertising
and market research purposes. They install themselves
on a user’s machine, often as the trade-off for a piece
of “free” software, collecting marketing data and
distributing targeted advertising.
However, the emergence of lucrative online affiliate
marketing models, whereby advertisers share revenue
with other websites which feature ads and content
designed to drive traffic to the advertiser’s site, has
opened up new opportunities. Hackers are abusing
the system by fraudulently taking money as an
affiliate, then hacking into computers without the
permission of the computer owner. By varying the
download times and rates of adware installations,
as well as by redirecting the compromised computers
between various servers, hackers can evade the fraud-
detection of the advertising affiliate companies who
pay them for every install.
CASE STUDY: THE INTERNATIONAL BATTLE
AGAINST BOTNETS
A 63-year-old man in Suffolk, a 28-year-old man in
Scotland, and a 19-year-old man in Finland were
arrested on June 27, 2006 in connection with an
international conspiracy to infect computers using
botnets. The Metropolitan Computer Crime Unit, the
Finnish National Bureau of Investigation (NBI Finland)
and the Finnish Pori Police Department collaborated
to arrest the men, who are all suspected of being
members of the M00P cybercriminal gang.
CASE STUDY: HACKER MARKETING
Majy, a hacker, was paid $0.20 per install on
computers in the US and $0.05 per install on
computers in 16 other countries including France,
Germany and the UK.
He received income from a host of affiliate-marketing
companies including TopConverting, GammaCash and
LOUDcash.
Adware distribution is also a key example of just how
inter-related cybercriminals are in today’s world. The
vast majority of adware and spyware is thought to be
the result of one large, distributed but connected
organisation.
Undercover criminal operations have seen many
adware-distributing companies often mutually linked
by agreements with varying degrees of secrecy and
some sites regularly change names, which means
that money generated is high whilst detection is
virtually impossible.
17
SECTION THREE
THE INSIDERS: THE NEW THREAT TO CORPORATES
Criminals cannot operate without opportunity. The
fast evolution of technology and the struggle of
consumers and businesses to stay in step with the risks
mean their prospects and profits are growing at a
rapid pace.
In terms of corporate IT security worries, top of the list
right now is spyware as well as data theft using
devices such as USB sticks. Viruses, firewalls and spam
are, to a large extent, understood and under control.
But detecting spyware centrally, and controlling the
use of USB sticks, is a real worry to companies both
large and small, from a theft and confidentiality point
of view.
“One of the biggest challenges of today’s data-rich
world is making the most of technology. Technology
provides an opportunity for offenders and also an
opportunity for crime prevention. I have great faith in
the technology but much less faith in humans in being
able to use it properly.”
Professor Martin Gill - Director of Perpetuity Research and
Consultancy International and a Professor of Criminology at
the University of Leicester
INSIDE THREATS
Most companies view security threats from an outside-
in perspective. There are, however, significant
emerging threats to security that are not being
introduced from external, unknown sources, but from
employees themselves.
Employee ignorance and negligence within the
workplace is opening up cracks for cybercriminals to
exploit. Lack of security attention and awareness by
employees means there is a high risk of malware,
viruses, worms and Trojans being spread to the work
network. It only takes seconds for an employee to
attach an unprotected laptop or PDA to the work
network and seriously expose the whole environment
to infection. Few have any idea that their company
laptop may not have the latest security updates.
Workers are also bypassing their company security
procedures by attaching their own devices, such as
iPods, USB sticks and digital cameras.
INSIDER FACTS
• Nearly a quarter of European professional workers
connect their own devices or gadgets to the
company network every day
• Nearly a quarter of European workers use their work
laptop to access the internet at home
• A staggering 42% of Italian workers let family and
friends use work laptops and computers to access the
internet
• One in five Spanish workers download content
inappropriate content while at work
18
SECTION THREE
THE INSIDERS: THE NEW THREAT TO CORPORATES
DATA LEAKAGE
A key threat for companies is the ease of which data
and information can be taken out of the company.
Criminals are realising that unsecured removable
media devices such as USB sticks provide an easy
means of carrying confidential and financially valuable
information out of the workplace.
Criminals are actively targeting employees or
sponsoring under graduates. An insider puts a wealth
of information in their hands, easily transferred and
virtually undetectable. They then hold the stolen data
for ransom or sell it to the highest bidder.
This threat is set to worsen with the emergence of U3
sticks - if they are not secured. These new generation
devices can be booted from more easily and can carry
installed applications that can be run directly from the
stick, meaning that essentially it is possible to have
your entire PC in your hand – or someone else’s.
CORPORATE ESPIONAGE:
Corporate espionage is big business. Data is often
priceless property and can mean the make or break of
a company. Stealing trade secrets – information or
contacts - is a lucrative money-spinner for
cybercriminals. As well as exploiting data leakage via
new technologies and devices, criminals are finding
new ways to use keylogger programs to get
passwords, read email and keep track of a user
activity. Spyware writers are also using Trojans to
remotely access computers and execute code for
instant access to information.
“We believe that targeted attacks will continue to
grow in number, both for businesses and governments
(industrial and political espionage). We’re seeing office
applications combined with social engineering
techniques being used as vectors in these.”
Erik de Jong, Project Manager Govcert.NL
CONFIDENTIAL AND COMPACT INFORMATION
TRANSFER
In 2006, an almost full 1GB flash drive of classified US
Military information was apparently lost and later sold
at an Afghani bazaar outside a US air base.
The flash memory drive, which a teenager sold for
$40, held scores of military documents marked secret,
describing intelligence-gathering methods and
information — including escape routes into Pakistan
and the location of a suspected safe house there, and
the payment of $50 bounties for each Taliban or Al
Qaeda fighter apprehended based on the source’s
intelligence.
19
SECTION FOUR
FUTURE CHALLENGES
“As long as client/server systems and basic Internet
methods remain inherently insecure, there is no hope
for a reduction in criminal activity.”
Professor Klaus Brunnstein, University of Hamburg
The growing ingenuity of cybercriminals is a serious
challenge for consumers, businesses and law
enforcement organisations. Like hackers, organised
criminals are looking for the next new opportunity
to exploit.
A lot of work is being done to educate users, focusing
on increasing awareness and encouraging them to not
be duped into revealing personal information such
as passwords.
As broadband usage becomes ubiquitous, always
connected means users are always at risk. As credit
chip and pin becomes the standard, criminals will look
to ways it can fraudulently make money from
transactions online.
The Internet is now common place for organised
crime gangs.
McAfee believes the following are key IT security
trends for businesses and consumers to be aware of in
the next 12 months:
AVAILABILITY OF LOW-COST PCS
Unprotected or under-protected computers are the
new currency of organised crime. Most companies or
consumers who understand the value of the growing
content on their computers will take some
preventative measures to ensure that it is protected
from prying eyes, loss or theft. But with advances in
technology and research progressing to build
computers and laptops at ultra low-cost, the incentives
to put those measures in place will likely be
increasingly overlooked, providing easy targets for
cybercriminals to profit from identities and
information stored.
RISING THREATS TO MOBILE DEVICES
Mobile devices present a serious challenge to data
security, with the growing power of connectivity, the
increasing volume of data stored on them and the
enormous potential to infect both personal and
enterprise networks.
The growth of malware targeting mobile telephony is
an area for concern. The numbers are still small at
around 300 and rates of growth are often
exaggerated, but there can be no denying that this
figure will grow. Examples of financially motivated
mobile malware have already been seen and when the
phone becomes the standard means to transfer
money, the attack rates will explode.
Additionally, modern mobile phones (smartphones)
are in essence miniature, portable computers–and they
bring with them all the same associated risks as the
technology matures: viruses, spam, phishing (or
SMiShing), and people stealing data from lost, stolen,
recycled, or resold devices. Highlighted previously in
this report were the risks of data leakage and identity
theft via not wiping files effectively before disposing
of a computer, but the same holds true of today’s
mobiles which contain contacts, photos, emails and
confidential files or information. Data leakage or theft
has already been seen on live devices too.
20
SECTION FOUR
FUTURE CHALLENGES

Smartphone sales have increased by 75.5% in the last
year to 37.4 million units, and will grow by a further
1
66% during 2006. The growing prevalence of the
multifunctional mobile in today’s society and which
we hold as a natural lifestyle accessory which we
effectively connect with - even more so than a
computer – guarantees them a very real target for
identity and data cyber-thieves.
EXPLOITATION OF INTERNET PHONE CALLS
personal information is on show and available for
those identity thieves looking to build up their
pseudo-profiles.
Additionally, consumers who use web-based services
like loglines or Web browsers such as Firefox to view
news feeds and blogs are vulnerable to embedded
malicious code that can install spyware, log keywords
and passwords and scan networks and PCs for
open ports.

Total VoIP subscribers are projected to grow from 16

2
million in 2005 to over 55 million in 2009 worldwide.
The introduction of VoIP on enterprise networks in the
absence of appropriate security measures will
introduce another entry point for attackers to exploit
– the next generation of phone hacking.
GROWTH OF MULTIMEDIA DEVICES
The integration of technology brings integrated risk.
This risk is heightened by the fact that the vast
majority of users fail to understand the full
functionality and capabilities of technologies, and do
not appreciate or protect themselves against the
security threats.
SUBTLE INFECTION VIA SOCIAL NETWORKING
SUCH AS BLOGGING
Businesses and individuals alike have been creating
and reading blogs increasingly over the last 12 months
and this too presents associated risks. Millions of
young people post online diaries that are often open
to anyone that is surfing the web, meaning that

21
THE CYBERCRIME EXPERTS AND LAW
ENFORCEMENT AGENCIES:
US:
FBI CYBER DIVISION
The FBI’s cyber mission is four-fold: first and foremost,
to stop those behind the most serious computer
intrusions and the spread of malicious code; second, to
identify and thwart online sexual predators who use
the Internet to meet and exploit children and to
produce, share, or possess child pornography; third, to
counteract operations that target US intellectual
property, endangering national security and
competitiveness; and fourth, to dismantle national and
transnational organized criminal enterprises engaging
in Internet fraud.
UK:
METROPOLITAN POLICE COMPUTER CRIME UNIT
The Computer Crime Unit is a centre of excellence in
regard to computer and cyber crime committed under
the Computer Misuse Act 1990, notably hacking,
maliciously creating and spreading viruses and
counterfeit software. The unit provides a computer
forensic duty officer and offers computer evidence
retrieval advice to officers.
PROFESSOR MARTIN GILL:
Director of Perpetuity Research and Consultancy
International and a Professor of Criminology at
the University of Leicester
Professor Martin Gill has published over 100 journal
and magazine articles and 11 books including
Commercial Robbery, CCTV, and Managing Security. He
is co-editor of the Security Journal and founding
editor of Risk Management: an International Journal.
Martin Gill is a Fellow of The Security Institute, a
member of the Risk and Security Management Forum,
the Security Guild (and therefore a Freeman of the
City of London), the ASIS International Foundation
Board, an overseas representative on the ASIS NETHERLANDS:
International Academic Programs Committee and the GOVCERT.NL
ASIS International Security Body of Knowledge Task
Force. With PRCI colleagues he is currently involved GOVCERT.NL is the Computer Emergency Response
with a range of projects related to different aspects of Team for the Dutch Government. Initiated by the
crime in organisations and private security, this Ministry of the Interior and Kingdom Relations and
includes shop theft, frauds, staff dishonesty, burglary officially operational since June 5, 2002, it supports
reduction, robbery, the effectiveness of security the government in preventing and dealing with ICT-
measures, money laundering, policing, violence at related security incidents
work, to name but a few.
GERMANY: GOVCERT.NL works independent of suppliers as a
PROFESSOR KLAUS BRUNNSTEIN government organization, and are part of ICTU, the
Professor of Information Technology at the Dutch organization for information and
communication technology in the public sector.
University of Hamburg
Professor Brunnstein is President of the council of the
“Notfall-Rechenzentrums für Großrechner in Banken,
Versicherungen und Industrie” in Hamburg, a role he
has held since 1983. His areas of speciality are data
protection, IT Security and computer viruses.
Previously, Professor Brunnstein was a member of the
chairmanship of GI (Gesellschaft für Informatik) from
1996 until 2001 and currently still holds the role of
President of the International Federation for
Information Processing (IFIP).
CHRISTOPH FISCHER:
General Manager of BFK edv-consulting GmbH
Christoph Fischer is the general manager of BFK
edv-consulting GmbH. He has more than 20 years of
experience in the IT Security area, specialising in
creating and testing security concepts. He is also a
member of the following organisations: EICAR, FIRST,
Cybercop Forum and EECTF. Christoph Fischer studied
at the University of Karlsruhe (TH).
22
REFERENCES
SECTION ONE
1
Source: Robert Schifreen, author of Defeating the Hacker, derived from online research June-September 2006
2
In an interview with Tom Zeller Jr. of the New York Times:
http://www.nytimes.com/2006/07/04/us/04identity.html?pagewanted=3&ei=5088&en=18bc230a1ae1ba06&ex=1309665600&adxnnl=0&p
artner=rssnyt&emc=rss&adxnnlx=1162985316-o1mmMf67Bb0R8vQ8wCG6QQ
3
Source: Robert Schifreen, author of Defeating the Hacker, derived from online research June-September 2006
4
Source: Article on Stasi Recruits by Jamie Dettmer: http://findarticles.com/p/articles/mi_m1571/is_38_15/ai_56904965
(Accessed 17 July 2006)
5
In an interview with computer scientist Marcus Rogers of John Jay College, New York:
http://www.newscientisttech.com/article.ns?id=dn9619&feedId=online-news_rss20. (Accessed 28 July 2006)
6
In an interview with Valerie McNiven, advisor to the US government on cybercrime:
http://www.theregister.co.uk/2005/11/29/cybercrime/ (Accessed 4 June 2006)

SECTION TWO
1
Figures taken from the FBI website: http://www.fbi.gov/page2/june06/cimip062806.htm (Accessed 4 July 2006)
2
Figures from Secure Computing Research cited in: http://www.securecomputing.com/index.cfm?skey=1634 (Accessed October 2006)
3
Figures taken from an RSA Security report cited in: http://www.rsasecurity.com/press_release.asp?doc_id=6877&id=2682
(Accessed June 2006)
4
Figures taken from a Harvard University and the University of California study:
http://www.computerworld.com.au/index.php/index.php?id=217996450 (Accessed September 2006)
5
An extract of an article entitled “Les chiffres de la cybercriminalité en France” by Francois Paget, Senior Virus Research Engineer,
McAfee Avert Labs. September 2006.

SECTION FOUR
1
Taken from Gartner statistics reported in the media in October 2006: http://news.com.com/Smart-phone+sales+are+soaring/2100-
1041_3-6124049.html
2
In Stat prediction figures: http://www.instat.com/newmk.asp?ID=1566

23