Cyber crime lords using big business tactics: Cisco

"A lot of techniques they are using today are not new; it is really about how they may be doing some of the same old things," said Cisco chief security researcher Patrick Peterson.

"The novel thing is that they have taken the Harvard Business School, General Electric board room business training and applied it to their old techniques."

The California technology firm specializing in computer networking gear summarized current threats in a "Midyear Security Report" that concludes hackers are increasingly operating like successful businesses.

Peterson cited how cyber hackers capitalized on interest in the death of pop icon Michael Jackson in late June.

Disasters, celebrity doings and other major news is routine fodder for bogus emails and websites booby-trapped with computer viruses, but in the case of Jackson's death, crooks cranked out fake news stories to dupe readers.

"They had their criminal copy editors working on copy for the story as fast as it happened," Peterson said.

"They brought the Jackson story to market in a way that rivals media outlets. They have an advantage; they don't have to do any reporting."

Billions of spam messages with links to trick websites or videos promising scintillating Jackson images and information were fired off in the days after his June 25 death, according to Cisco.

"Sales leads" that followed online links were turned into "customers," whose computers were stealthily infected with nefarious codes for stealing data, usurping control of machines or other evil deeds.

Cyber criminals are reportedly embracing a nefarious version of a "cloud computing" trend of offering computer applications online as services.

Commanders of infected computers woven into "botnet" armies rent out illegally assembled networks to fellow criminals for sending spam, launching attacks or other deeds, according to Cisco.

Peterson told of an "anti-anti-virus" online operation called "Virtest" that charges hackers monthly fees to keep them informed about which security firms can detect their malicious programs.

"It's a criminal service," Peterson said of the operation, which appears to be based in Russia. "We've seen lots of examples of criminals sharing tools, but we've never seen a commercial business like this."

Spammers also employ a business marketing practice of packing booby-trapped websites with terms typically used as keywords in various Internet search engines so that their links land high in query results.

Cisco referred to the practice as "Spamdexing."

"Because so many consumers tend to trust and not be suspicious of rankings on leading search engines, they may readily download one of the fake software packages assuming it is legitimate," Cisco said in the report.

Cyber crooks are also hunting for prey in the rapidly expanding population of mobile telephone users by sending trick text messages.

Criminals have taken to sending blanket text messages to numbers based on area codes of local banks directing people to call into a service center to address supposed concerns about their accounts.

Callers are connected to automated voice systems that, feigning to represent the banks, ask people to enter account passwords and other personal information that can later be exploited, Peterson said.

Online social networks, according to Cisco, are becoming popular "customer acquisition" territory for cyber criminals.

"It's big business now to penetrate those networks," said Peterson.

People in online communities are more likely to click on links and download content they believe is from people they know and trust, the report said.

(c) 2009 AFP