Criminals sitting on stolen data ‘timebomb’

News 23 Oct, 2009

Criminals are starting to realise that they can make use of the compromised work computers they have in their grasp, according to security experts.

Thousands of work computers infected with trojans could be a ticking timebomb, according to security researchers.

The RSA Conference in London this week highlighted how criminals had already targeted computers in business networks, thanks to laptops and desktops with trojan infections like Sinowal and Zeus.

Uri Rivner, head of new technologies at RSA, said that criminals already had a lot of access to corporate and government data that the bad guys had collected from computers around the world.

‘Not just information that you type, but also information that is flowing in through sessions,” warned Rivner.

“Today, they don’t care about that. They care more about the financial aspects with online banking and credit card fraud. But they are starting to realise that they are sitting on a pot of gold. There are other people that are very interested in this type of information.”

Rivner said there was a lot you could do with this type of data, especially if it was information from a Fortune 500 company.

“That is something that will happen in the coming years,” added Rivner. “The same kind of threats that are hitting the financial sector will start expanding to additional verticals - government, military, the enterprise.”

Gerhard Eschelbeck, chief technology officer for Webroot, agreed that criminals were collecting data all the time, but they still had to work out how to put this information together and make a profit from it.

“All this data is very disparate today on all the distributed and connected computers,” he said.

“The question for the bad guys is how to data mine and get information that is valuable. That’s a big project they are working on,” he added.

David Jevans, chairman of the Anti-Phishing Working Group and chief executive for Iron Key, said that he believed criminals were now placing enterprise data up for sale for people who were interested.

“We’re starting to see, for example, healthcare data put out on networks and people who are wanting to access that data for whatever reasons they have," he said.

“Maybe they want to defraud the healthcare system, as there is a lot of fraud in healthcare claims.”

Jevans said he also saw military data put on networks, which he believed foreign nationals or nation states were looking for.

“There’s a lot of interest in intellectual property theft from some of the developing nations," he said.

“For example if they can get plans to build say a jet engine, it saves them 20 billion in R&D, and can make the engine or just the components.”