USA Today reports a shift in Internet crime. In the past year, cybercriminals have begun to infiltrate corporate tech systems as never before. Knowing that some governments and companies will pay handsomely for industrial secrets, data thieves are harvesting as much corporate data as they can, in anticipation of rising demand. Criminal groups are beginning to refine business models for turning data raided from corporate networks into cash. “As they get better at finding ways to sell the information they steal, we can expect this type of attack to become more common – and harder to detect,” says Marcus Sachs, director of the SANS Internet Storm Center.
Elite cybergangs can no longer make great money stealing and selling personal identity data. Thousands of small-time, copycat data thieves have oversaturated the market, driving down prices. But cybercriminals on the cutting edge are now culling the ocean of stolen personal data for user names and passwords to access corporate systems. They’ve begun to target corporate employees who use free Web tools, such as instant messaging, Web-based e-mail and group chats on social-networking sites. The most fertile turf: AOL, Yahoo and MSN instant messaging; YahooMail, HotMail and Gmail; and MySpace and FaceBook. The most coveted loot: e-mail address books, instant-messaging buddy lists, PowerPoint slide presentations, engineering drawings, partnership agreements, price lists, bid proposals, supply contracts and executive e-mail exchanges.