Tales of Cyber-Crime Running Rampant

As cyber-crime climbs, enforcement descends-and unprepared companies pay the price.

When Donna Getgen opened a letter from her credit union in March, the message within was anything but routine. Getgen was informed that she had been the victim of a cyber-theft.

Getgens account number, the letter read, was stolen from a database at BJs Wholesale Club Inc., where she shopped from time to time.

Stunned, Getgen, a business operations specialist for a high-tech company from Owings, Md., would later learn that she was one of tens of thousands of victims of one of the largest cyber-thefts in recent history.

The BJs security breach, which occurred over seven months from late 2003 to early this year and compromised thousands of debit and credit cards, was just the latest example of the kind of large-scale cyber-crime being perpetrated with greater frequency than ever in the United States and around the world.

/zimages/2/28571.gifClick here to read more about the security breach, in which more than 40,000 card numbers are thought to have been compromised.

Ironically, as the number and scope of cyber-crimes proliferate, local, state and federal authorities are scrambling for resources to combat the threat. In many cases, the authorities are directing resources away from cyber-crime cases.

"Most Americans would be surprised to know that thousands of credit card numbers are sold online every day, and very little is done to stop it," said Jim Melnick, director of threat intelligence at iDefense Inc., in Reston, Va., and a former Defense Intelligence Agency officer.

"The dirty little secret is that theres all this other stuff going on that nobody is stopping. Im not sure theres an understanding inside Washington of how pervasive cyber-crime is."

/zimages/2/28571.gifFor insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

Increasingly sophisticated schemes—from outright break-ins to so-called phishing scams—are among the biggest problems facing financial institutions today.

The number of phishing attacks alone has grown by 1,200 percent in the past year, according to MessageLabs Inc., in New York. Phishing is the practice of sending fraudulent e-mail purporting to come from a bank, credit-card issuer or other trusted source to solicit account numbers, Social Security numbers and other sensitive data.

/zimages/2/28571.gifClick here to read more about how phishing attacks are increasing in sophistication.

A comprehensive study of the problem released last month by analysts at Gartner Inc., of Stamford, Conn., shows that more than 57 million Americans have received at least one phishing e-mail. The financial losses suffered by banks and credit card issuers that ultimately pay for these frauds amounted to $1.2 billion last year, the study said.

Despite the mounting research, bank officials contacted for this story said they, along with credit card issuers, are doing most of the education and prevention regarding cyber-crime without much help from law enforcement or government regulators.

"The biggest risk right now for us is the loss of reputation," said Michael Roberts, senior vice president and CIO of the Bank of Alameda, in California. "We get a lot of people who have had their account numbers or Social Security numbers stolen and come to us for help. We cant have that.

"Identity theft is escalating, and its moving offline. We see people coming in here with stolen numbers trying to open accounts. Its happening."

Next Page: In a recent FBI survey, 90 percent of the companies said theyd had a computer security breach.