Cybercrime getting easier to commit, federal agents say

Experts speaking at a cybercrime event at the University of Washington said that it's getting easier for criminals to commit cybercrime

Committing cybercrime these days is as easy as building a fantasy football team, FBI and Secret Service agents said on Friday.

"I'm concerned that the cyber-underground is a beautiful business model. It's like going to eBay or Amazon. You just pick what you need -- coders, mules -- and build a dream team. It's like fantasy football," said Gordon Snow, assistant director in the U.S. Federal Bureau of Investigation's cybercrime division.

Snow and other legal and law enforcement experts spoke Friday at a seminar on cybercrime at the University of Washington's Law School in Seattle.

Cybercrime is becoming more professional and in many ways, easier to commit, they said. "The level of professionalism is amazing and I don't see a slowdown," said Pablo Martinez, deputy special agent in charge at the U.S. Secret Service.

People who want to commit cybercrime can go to forums online and assemble a team that specializes in writing malware, deploying malware or scanning systems for open ports. Others specialize in acting as "mules," where they open bank accounts for funneling stolen money, and yet others specialize in calling customer service departments posing as customers to collect information.

This model makes it very easy and attractive for people to commit cybercrimes. "It's low overhead and low risk," Snow said. People doing it are mostly motivated by acquiring cash. As evidence that this model makes it easy for anyone to get into cybercrime, he noted that some of the people authorities arrest aren't particularly well-off. "Some of the people we're picking up aren't of substantial means. We've found people who are using computers with missing keys," he said.

The criminals have new targets these days, the officials said. Increasingly, they are targeting sectors like retail and hospitality, instead of simply focusing on financial institutions, Martinez said. "Why hack into Citibank and steal 10 million pieces of information when you could hack into restaurants and get the same information and not have a big target, a bulls-eye, on your back?"

The open markets for talent make it easier for criminals to do things like steal money from companies, as well as attack governments. Espionage traditionally involved setting up a mole in a foreign country, which involves a lot of time and work for someone to build a false life. But today, with low overhead and minimal risk, someone can hack into computers and mirror hard drives to get the same kind of information that moles used to, Snow said.

To try to head off all kinds of cybercrime, the groups have beefed up their enforcement efforts. The Secret Service, for example, has 31 task forces in the U.S. dedicated to electronic crimes. The Seattle task force, started in 2006, has seized US$14.2 million in funds stolen electronically. The group has arrested 150 people and examined almost 1,700 computers including 128 terabytes of data, said Jim Helminski, special agent in charge with the Secret Service.

Nancy Gohring covers mobile phones and cloud computing for The IDG News Service. Follow Nancy on Twitter at @idgnancy. Nancy's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags U.S. Federal Bureau of Investigationsecurity

More about Amazon Web ServicesCitigroupeBayFBIFederal Bureau of InvestigationIDG

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Nancy Gohring

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place