WASHINGTON – Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, ID-Conn., and Ranking Member Susan Collins, R-Me., Sunday said the latest trend in cybercrime is directed at small to medium sized companies that have been robbed of both data and dollars.
The Committee will hold a hearing Monday to examine this new trend, and the Senators plan to introduce broad cyber security legislation later this fall that will improve cyber security in the private sector.
“The Internet now is a global asset – a new strategic high ground - that simply must be secured just as any military commander would seize and control the high ground of a battle field,” Lieberman said. “But unlike a battlefield, securing cyberspace is much more complicated to do since the Internet is an open, public entity. Security cannot be achieved by the government alone. Public-private partnership is essential. Together, business, government, law enforcement, and our foreign allies must partner to mitigate these attacks and bring these criminals to justice.”
Collins said the hearing would shine a light on the growth of national and international cyber breaches: “For every communications advance, there also is the risk that the technology will be misused and exploited. Indeed, experts estimate that cyber crime may cost our global economy $1 trillion in losses – nearly $8 billion of that in the United States. It’s critical that we take steps now to protect our nation’s cyberspace and build a strong, public-private partnership to ensure the security of this vital engine of our economy.”
Witnesses at the hearing will include the Department of Homeland Security’s top cyber security official; the Secret Service; a representative from the financial services industry; and the head of a company that was victimized by these new cyber swindlers.
Recently The Washington Post reported on this new cyber crime trend involving companies too small to have large information technology staffs on duty around the clock. Among recent victims are a school district near Pittsburgh that lost $700,000, an electronics testing firm in Baton Rouge, La., that lost $100,000, and a Texas manufacturing firm that lost $1.2 million.
The Senators explained that cyber criminals operating out of Eastern Europe have stolen millions of dollars and millions of credit card numbers by sending a seemingly innocuous e-mail to a company financial representative. The message will contain a virus or an internet link that installs malware designed to steal passwords.
The thieves steal in amounts under $10,000 to avoid triggering a bank report required by anti-money laundering law. The malware is so well written that the traffic seems to be coming from an authorized computer – and possibly is a legitimate computer that has been commandeered. The money is then transferred to “money mules” who may have been recruited over internet job boards or who have posted resumes on a job listing service. The mules may have no idea they are participating in a crime. Once the money shows up in the mules’ accounts, they are instructed on how to wire the money to the cyber gangs.