The year 2010 was a hugely significant one for computing criminality and could turn out to mark the beginning of a ‘third era’ of cybercrime, security expert Graham Cluley of Sophos has said in advance of the company's latest threat review of the year.
The first era was marked by amateur hacking and virus creation on the PC, the second by the fusing of organised crime with the new technologies of the Internet, and as expected 2010 saw plenty on both these fronts in ever more sophisticated and varied forms.
On that score, during the year criminals appeared to migrate to some degree from old-style spam and web exploits to embed themselves in the next e-crime battlefront, social networks.
“The scale of malicious activity on Facebook appears to be out of control,” notes report co-author, Graham Cluley. “The social media site, however, is either unable or unwilling to invest the necessary resources to stamp it out,” he writes, the latest in a line of stinging comments he has made in recent months on Facebook’s apparent security complacency.
But it is the 'third era' that has finally started in earnest that marks out the last year as different, and which can be defined loosely through the sudden emergence of cybercrime as a geo-political theme.
Hillary Clinton railed at China in thinly veiled terms for its supposed involvement in the Aurora attack on US companies, Stuxnet hit the Iranian nuclear program in what now looks like a carefully-crafted targeted attack, and a new UK government suddenly defined cyberdefence as one of its highest military worries.
Topping the year off were the extraordinary leaks of US military and diplomatic data to Wikileaks, and the hacktivism of the Anonymous group which developed the idea of cybercrime as an unconventional political tool.
“2010 was an unusual year. This was the year the gloves came off and it became serious,” comments Cluley.
All three tiers of cybercrime – nuisance hacking, the criminal, and now the paid or unpaid political hacker - represent a threat to consumers and companies alike and sometimes telling them apart can be difficult.
A good example of how these different layers can fuse into one crime came with September’s odd ‘onMouseOver’ Twitter worm, which was a social media attack that caught out senior political figures, including Sophos notes, ex-UK Prime Minister Gordon Brown's “wife Sarah Brown, Lord Alan Sugar, and even Robert Gibbs, the press secretary to US President Barack Obama.”
One encouraging and significant statistic from 2010 was a spike in the number of arrests for alleged cybercriminal activities, which hit organised gangs as well as loners out to cause nuisance.
Before 2010, Internet crime was assumed to be low risk and the pressure to find the culprits was apparently modest. Now, with cybercrime suddenly deemed important by governments, criminals in developed countries can no longer assume they won’t be found out and possibly even, in 2011, extradicted from countries other than the ones in which crimes were committed.