Internet thieves make big money stealing corporate info

— -- An innocuous posting appeared on a Houston-based technology company's internal website on a recent Friday afternoon.

A couple of workers saw it, and obeyed instructions to click on a Web link. The posting seemed trustworthy. It was on an employees-only message board. And the link referenced news about a favorite company charity.

By clicking on the link, the workers infected their PCs with a virus that shut down the company's antivirus defenses, says Don Jackson, director of Threat Intelligence at Atlanta-based SecureWorks, who investigated the break-in. As a rule, tech security firms help clients under non-disclosure agreements.

The virus swiftly located — and infected — some 300 other workstation PCs, silently copying the contents of each computer's MyDocuments folder. It transmitted the data across the Internet to a gang of thieves operating out of Turkey.

"It was kind of like high-tech dumpster diving," Jackson says. "You get in, grab all the stuff you think might be important and sort through it later."

That Sept. 19 caper underscores an alarming shift in the teeming world of Internet crime. In the past year, cybercriminals have begun to infiltrate corporate tech systems as never before. Knowing that some governments and companies will pay handsomely for industrial secrets, data thieves are harvesting as much corporate data as they can, in anticipation of rising demand.

Criminal groups are beginning to refine business models for turning data raided from corporate networks into cold, hard cash. "As they get better at finding ways to sell the information they steal, we can expect this type of attack to become more common — and harder to detect," says Marcus Sachs, director of the SANS Internet Storm Center.

Distinctive market

Industrial espionage is nothing new, of course. But what's taking shape in the Internet underground is as distinctive as it is worrisome, security experts say.

Elite cybergangs can no longer make great money stealing and selling personal identity data. Thousands of small-time, copycat data thieves have oversaturated the market, driving prices to commodity levels. Credit card account numbers that once fetched $100 or more, for instance, can be had for $10 or less, says Gunter Ollmann, chief security strategist at IBM ISS, IBM's tech security division.

Cybercriminals on the cutting edge are forging ahead. They're culling the ocean of stolen personal data for user names and passwords to access corporate systems. They've begun to target corporate employees who use free Web tools, such as instant messaging, Web-based e-mail and group chats on social-networking sites.