‘Hackers aren’t just one type of person,’ says Cal Leeming, a former hacker responsible for a £750,000 theft who now works in computer security.

‘It could be one person at home, a 15-year-old kid maybe, but there are others who have jobs, too.’

‘It’s an underground economy,’ says Kevin Haley, Norton’s director of security response.

‘It operates across geographic boundaries. It is spreading so that a lot of it now comes from countries that already have a high level of violent crime – developing countries with large computer populations such as South Africa and Brazil.’

In the past year, cyber crime has become dominated by organised, professional gangs that operate like legitimate IT companies.

In the cyber crime heartlands of Russia and eastern Europe, the criminals often are professionals.

Corrupt internet service providers often host the machines used by cyber criminals – the notorious ‘Koobface’ gang, which at one point made $1 million a month from disseminating viruses through Facebook, is largely comprised of webmasters in the pornography industry.

Despite being named last year, and having pictures of their offices circulated, all are still at large.

When your credit card details are stolen, it’s usually by well-trained groups of about a dozen people.

‘It pretty much is an industry,’ says Orla Cox.

‘There will be a manager behind the scenes and multiple players located in different parts of the globe. These people are launching millions of attacks every day.’

The lower ranks have few IT skills, having been taught one simple part of the ‘trade’, which they repeat over and over again for pay – such as simply sending out thousands of spam emails that, when opened, can infect your PC.

Once a PC is infected, it will be handed to another ‘junior’ criminal who will infect it with more malicious software, then pass it on to their bosses, who reap the profits.

‘Some groups of hackers will just buy a kit that provides all you need to launch a fairly sophisticated cyber attack,’ says Cox.

‘It has the tools and instructions to compromise a website to infect computers that visit it. Then the attackers will get paid for every time they install this infection on a computer.’

A software package that could be used to infiltrate a bank or similarly well-protected target used to cost about $8,000 on Russian cyber crime forums – now it can be bought for $380. Cyber crime is no longer for a hacker elite.

‘We are at a tipping point for the power and reach of organised digital crime,’ according to a report by British Aerospace’s cyber defence wing, Detica, which has begun to offer its expertise in bulletproof defences against hackers to ordinary companies.

For hackers, the man on the street is a more tempting target than a well-defended bank or government website.

In terms of damage caused, the global cyber crime industry has already overtaken the global trade in heroin, cocaine and marijuana, according to figures from Norton.

The Government is taking the threat seriously, too.
‘It has never been easier to become a cyber criminal,’ Foreign Secretary William Hague said at the Budapest Conference on Cyberspace in October last year, as he announced a £2 million centre to protect the UK against attack.

‘Today, such attacks are criss-crossing the globe, recognising no borders, with all countries in the firing line.’

A public-awareness campaign is also being launched in the spring to advise schoolchildren, and also men, who it is claimed can be reckless about online security.

The ‘old style’ of organised criminal is taking notice now, too. Mexican drug gangs have begun to diversify into cyber crime, kidnapping IT professionals and forcing them to hack into people’s bank accounts, or directly into banks.


Cyber attacks still often begin with your PC being infected with a virus.

These are spread in familiar ways – usually by email – but the attacks are often now cleverly disguised as invoices or even as deliveries scheduled to arrive at a home address.
Once a victim clicks a link or opens a document with invoice details, the infection has begun.

One in ten infections also now come via Facebook. Attacks often spread as videos that fail to play, instead popping up with a message that you need to ‘upgrade your video player’.
If you click the link malicious software invades your computer.

‘Over the past ten years we’ve seen incredible growth in the amount of personal information people will voluntarily share,’ says David Emms of antivirus software developer Kaspersky Lab.

‘Cyber criminals have naturally “followed the money” by creating scams and malicious programs specifically targeting social networks.’

Either way, the result is the same – an infection that takes over your PC, often downloading new software ‘to order’. Criminals will harvest passwords and bank details, and ensure that they remain undetected. Then the stealing will begin in earnest.

Cyber criminals ‘rent’ access to infected PCs for $2 a day. They sell time on it for use in spam attacks (which is when your friends notice that you’re sending them all kinds of unwanted emails).

Infected PCs no longer slow down or crash. Instead, they listen for instructions from their new masters.

Often, criminals will steal information with software that logs every keystroke typed on a computer, or by implanting software into web browsers such as Internet Explorer or Firefox.

Banking ‘apps’ on mobile phones can seem like a gimmick but they are usually safer than accessing a bank’s site from an unsecured PC. If you are unsure, phone the bank direct.

By another sleight of hand, banking attacks can now infest your internet browser, bringing up a fake page that ‘reassures’ you that nothing has happened, whereas in fact, money is vanishing from your account. The fake page shows only the real transactions you’ve done yourself.

‘For a criminal, it’s a lot safer than grabbing a bag in the street,’ says Haley.

‘Crooks are clueing into that. There are groups of people who have decided they are going to make their living this way.’

Read more: