Organised groups are now the dominant source of cybercrime, according to security and law enforcement experts, in an Infosecurity Europe panel moderated by Eleanor Dallaway, editor of Infosecurity.
The source of hacking attacks and data theft has shifted decisively away from the sole hacker to an industrialised model of cybercrime, where exploits and malware are bought and sold, and where perpetrators need only a basic knowledge of technology, in order to launch an attack.
"Hackers are not all geniuses with computers. They just need to know someone who is, or go out to the marketplace to buy the tools they need," said independent security consultant Graham Cluley. "These are people interested in making money, and who are prepared to break the law, in order to do it."
This view was echoed by Lee Miles, deputy head of the UK's National Cyber Crime Unit. "There are still some people motivated by ideology, but 70-80% are motivated by money," he said. "We are seeing the development of a service model," said Michael Driscoll, FBI assistant legal attaché at the US Embassy in London. "That also means that more people are getting involved [in crime]."
Growth in cybercrime, though, has not yet led to a reduction in physical crime, suggested Cluley. "We still see as much real-life bank crime. Cyber has not taken crime off the streets."
This, though, is forcing law enforcement and intelligence agencies to think about how best to deploy their resources.
The UK's National Crime Agency, of which the NCCU is part, has already succeeded in improving co-ordination and giving a national focus to investigations and to cybercrime prevention. Miles also pointed out that the NCCU is involved in more multi-national investigations, with agencies such as Europol's EC3. Even a relatively simple cybercrime case can involve four or five countries, he said.
But the national priorities for security and intelligence agencies, as well as police forces, may not always be the priorities for victims or companies that might find themselves under attack. "To the average business, state sponsored cyberthreats don’t mean much. Their concern is the email that takes £3000 from their bank account," said Driscoll.
This means that law enforcement agencies need to look both at national level attacks, and more basic forms of cybercrime. But it also means forging closer links with industry, said Miles. And it also means taking into account the commercial impact of criminal justice investigations.
"Industry owns the infrastructure and the data… we are reaching out to industry and that is delivering results, not just in criminal justice but in preparation and prevention," he said.