Straits Times - Feb 23, 2005 Racketeers and gangs prowling cyberspace By Chua Hian Hou NOWADAYS, protection racketeers don't need to stand in their victim's doorway, tapping their hands with baseball bats. They don't even have to be in the same country. Old-style crimes such as extortion and money-laundering have moved into the sophisticated world of cyberspace. Protection rackets now involve faceless individuals demanding payment from e-businesses to keep them safe from cyber attacks. Organised criminals are not only becoming aware that Internet technology is a tool, but they are also realising they can use the Internet to help them get away with their crimes. Mr Graham Cluley, spokesman for security software company Sophos Anti-Virus, said: 'Clever criminals can escape prosecution by extorting or committing fraud from a country without extradition treaties with the victim's country, or one with weak computer crime laws.' According to a report on cyber crime in Europe by infocommunications security company McAfee, organised crime gangs are now using Internet technologies such as bot-nets networks of computers that can be controlled remotely and carry out attacks swiftly and undetected. McAfee's regional marketing director for the Asia-Pacific, Mr Allan Bell, said: 'There is nothing to stop a Russian hacker from using a server based in China to attack an organisation in Australia.' The trend has already surfaced here. Last April,three Malaysian men were sentenced to jail terms here of between 33 and 38 months each for dishonestly receiving stolen property. They were believed to have been part of an organised crime syndicate targeting Citibank's American customers with a so-called 'phishing' scam, where users are duped by fake e-mail into releasing their online banking passwords. The syndicate's mastermind - whose identity and location are unknown - had transferred almost $1.5 million from United States accounts into the Malaysians' accounts here. According to experts, the days when computer viruses were created for fun by mischievous geeks are largely a thing of the past. 'Virtually all computer viruses today are designed to steal something - credit card numbers, turning your computer into a slave to spam other users - rather than just creating mischief like they used to in previous years,' Mr Cluley said. To counter this threat, security companies need to identify hackers' tactics and develop countermeasures earlier, said Mr Vanja Svajcer, Sophos' principal virus researcher. To this end, they have developed an armoury of tactics as sneaky as those of the hackers themselves. One is the use of 'honeypots', fake networks and databases set up by security companies to look like the e-mail accounts of normal Internet users, or tempting corporate targets like bank databases. Using these decoys, security researchers can monitor the methods hackers use to break into other systems and use this knowledge to develop countermeasures. Sophos virus researchers are also going undercover to websites and chat channels frequented by virus writers to check out the latest developments in the cyber underworld.