Attack of the cybermen

IT'S just about the biggest growth area in global crime, its victims run into millions and huge amounts of money are being stolen by its perpetrators. What makes it all the more remarkable is that, unlike drug trafficking or gun running, cybercrime does not rely on sophisticated networks of snub-nosed villains tooled up with shotguns.

Instead, it is usually carried out by young people, mostly men, sometimes women, operating in back bedrooms armed simply with a computer and a mass of technical know-how.

Some might dismissively call them 'geeks' but that is to underestimate the potential for chaos which they pose with their shadowy and illegal activities.

Even computer security experts freely admit that the hackers are so clever that they are often one step ahead of the official computer world, and that as soon as the good guys catch up, the hackers come up with another innovation.

Electronic crime is nothing new and hackers and virus writers were the trailblazers in the 1980s. Hackers realised that once you had cracked open a computer system you could wreak havoc, whether it be poking around the Pentagon network or moving vast sums of money out of bank accounts.

Virus writers create programmes which, once e-mailed, can disable computer networks the world over. Business and private users across the North-East will have noticed a rapid increase in the number of viruses which they are being sent: at least four new ones over the last week alone.

What attracts the hackers and virus writers is the challenge and the sheer scale of the potential for mischief. Recent figures suggest that there are well over 250 million Internet users worldwide with at least 400 million websites. The real figures are probably even higher; an amazing Internet revolution heaven-sent for the cybercriminals.

Hackers are a distinct breed: according to intelligence sources they are often aged in their late teens or early twenties, representatives of the first generation to have grown up regarding computers in the same comfortable way previous generations used pen and paper.

Hackers operate alone or in small cells, jealously protecting their identities and loathe to reveal themselves to the outside world, conscious that police and other intelligence agencies are starting to get their act together and make inroads into Internet crime.

Many hackers are motivated by a desire to show how clever they are, their reward the witnessing of computer systems brought to a juddering halt, or official websites suddenly adorned with computer graffiti. A favourite trick is to hack into a website and re-route visitors to porn sites.

The cost of that damage could be financial but, more importantly, some companies have suffered huge damage to their reputations when news of the attack becomes public.

However, not all hackers are in it for fun, because some do it for the money and it has taken the banking world a long time to win over the confidence of customers following some high-profile security breaches during the 80s and 90s.

The hackers succeed because many companies and individuals have not embraced Internet security as they should: it is fairly easy, for instance, to guess that someone called William will have a password revolving round Bill. Some companies even have 'password' as password. The latest scam is to ring an employee and pretend to be the IT systems department at head office, claiming to be checking up on security systems and asking for passwords. It is amazing how often it works.

Other hackers tend to be disgruntled employees, wreaking revenge on their bosses or stealing sensitive commercial information for sale.

Virus writers tend to be more motivated by the desire to show how clever they are. By and large, they operate alone or in loosely formed groups, which communicate on concealed chatroom sites. They specialise in finding weak spots in email systems and firing viruses through them which can wipe out data or bring operating systems to a halt.

Intelligence sources estimate that there were 1,100 artificially-created viruses in 1992 and tens of thousands now. Over the last two or three years, numerous viruses have struck. Melissa and IloveYou, for instance, disabled tens of thousands of computers worldwide.

The method is ridiculously simple: sending an email bearing words like I Love You, Following Our Recent Conversation, or Hi, will often intrigue the recipient. Once the email is opened, the Pandora's Box of viruses is let loose.

But there is a more sinister side to all this because there is evidence that some hackers have been recruited by major criminal gangs who can see the advantages of a crime which is unseen and still carries a lower risk of detection than more traditional offences such as drug dealing and armed robbery.

And it could be even more alarming than that: just over a year ago, businesses from across the region met for the annual Northern Information Security Conference at Redworth Hall Hotel, near Darlington. Coming after the September 11 terrorist attacks, the conference heard from a former British Special Branch operative, now advising an American company on security, who said terrorists were capable of bugging offices and telephones and hacking into computer networks to carry out sabotage or obtain sensitive information.

Addressing the event, he said: "There really are no rules as far bin Laden is concerned. Western businesses and civilians are all classed as legitimate targets. The terrorists will attack businesses if they get the opportunity. Predictability is vulnerability. If you do not take appropriate precautions you will get hit. When bin Laden attacks our mainland - which he will do - it may not just be explosions. It may be more sophisticated."

Lack of awareness has long been the cybercriminals' biggest weapon but that is changing and today some nations like the United Kingdom, those in Western Europe, and America are developing sophisticated methods of countering cybercrime through specialist police and intelligence units.

Their approach is starting to achieve results and more and more cybercriminals are discovering that once wrenched from their virtual worlds, the four walls of a prison cell are very much bricks and mortar. As one intelligence officer said: "Make no mistake, our technological knowledge is such that we can do anything a hacker can do."

Battle is well and truly joined.

A brief history of hacking

* In 1994 Russian hackers gained entry to a major US bank and transferred $400,000, one of the first such cases. In January 1998, in Europe's first case of electronic bank blackmail, a hacker demanded DM1m ($530,000) from a major German bank after claiming that he had gained access to customers' accounts and would make them public on the Internet.

* One disgruntled sacked computer programmer in the US exploded a 'digital bomb' which wiped out his former company's design and production programme causing $10m worth of damage. In 1996 a hacker broke into the UK Labour Party website and reworded it to guide visitors to pornography. Australian Prime Minister John Howard became 'the Dishonourable' on the web, and the CIA the 'Criminal Stupidity Agency'.

* No one is safe: even the Pentagon has suffered from hacking.

* The Internet is a highly flexible tool for politically-motivated hackers, known as 'hactivists'. Several anti-nuclear protest groups have altered websites to make their point as have campaigners calling for East Timor's independence. And animal rights campaigners staged 'virtual sit-ins' to protest at the activities of fur traders in Finland, Sweden and America. Protestors were encouraged to use a programme to sabotage the victims' websites.

* Kevin Mitnick, a 39-year-old American, spent five years in prison for his crimes and was one of the first hackers to be prosecuted. Jailed in 1995, one of his most spectacular offences was to use a programme to break into a security specialist's home computer to gain access to military networks.