In St. Petersburg, Russia’s second city, a tiny start-up has struck Internet gold, says the San Jose Mercury News. Its dozen-odd employees are barely old enough to recall the demise of the Soviet Union, but industry analysts believe they’re raking in well over $100 million a year from the world’s largest banks via online crime. The enigmatic company, dubbed “Rock Phish” by critics, has rapidly grown into a giant of the Internet underground “People talk about a ‘Digital Pearl Harbor,’ but that’s already happened,” said Rick Wesson, chief executive of Support Intelligence, one of many Silicon Valley companies battling cybercriminals. “It’s just that people don’t understand it has happened.”
The number of new pieces of malicious software, or malware, tripled in the first half of this year vs. the previous six months, according to computer security company Symantec. The number of phishing Web sites spotted in the first three months of 2007 by Santa Clara security software maker McAfee skyrocketed 784 percent compared with the year before. Americans lost at least $200 million last year to online fraud – and that’s just the people who took the time to report their misfortune to the FBI’s Internet Crime Complaint Center. Those 200,000 cyberfraud victims said they were swindled out of an average of $724 – an amount small enough to discourage individual reporting. Average annual business losses from security incidents doubled to $345,000 per company in the 2007 Computer Security Institute survey. A 2006 FBI estimate pegged the total cost of cybercrime to businesses above $67 billion. Security researchers say Rock Phish was among the first criminal groups to employ a twist on the botnet system called a fast-flux network. It’s a technological shell game that makes it harder to track malicious Web traffic to its source. It takes, on average, twice as long for Web hosts to locate and shut down the group’s fast-flux phishing sites, compared with its already long-lasting traditional sites.