Organised gangs are operating in under developed countries to launch cyber attacks because of lax law enforcement, according to Bruce Schneier, CTO at BT Counterpane.
Speaking at the RSA Conference 2007 in San Francisco, the security technologist argued that many security breaches are now conducted by organised gangs working in countries where legal penalties are less stringent than in the West.
"We are definitely seeing crime go more professional and upmarket," he said. "Criminals are using countries with poor law enforcement and crimes, including identity theft, are still on the rise because this is how they make the money."
The CTO of BT’s recently acquired security company, Counterpane, also said that data breaches are so frequent today, they are no longer topical. "This is no good thing. If you look at all the data breaches right now, they are too frequent to make the news. A lot of these attacks are so common, they are no longer newsworthy."
Conversely, he said that cyber terrorism receives more media attention than it should. "Cyber terrorism is a non-event," he claimed.
Schneier, who addressed delegates at a BT Counterpane luncheon, went on to add that cyber attacks are becoming increasingly targeted. "We are seeing less massive attacks and more targeted attacks. Spammers are now doing marketing, and targeting people according to zip codes," he said. "Phishing is now much more targeted too. As a result identity theft is more common, so there is less headline grab."
The cryptographer also said that criminals are switching tactics and increasingly targeting applications. "The attack vector of choice is turning from the operating system towards the application. The recent example of the vulnerabilities discovered in [Adobe] PDF Reader highlights this."
Doug Howard, COO at BT Counterpane, added: "All this highlights that security is not just a business advantage but a business necessity. If you don’t invest in it you will fail."
In October last year, BT bought Counterpane, for nearly $40 million, as part of its strategy to expand and develop its global professional services capabilities, to large and small businesses and the public sector.