Organised crime targets ALL IT staff

Organised syndicates are targeting IT staff to carry out online crimes, according to the National High Tech Crime Unit (NHTCU).

While companies have been aware of the need to protect key management staff such as board members and IT directors, there has been less progress in protecting and monitoring IT and administrative staff.

And now these lower level staff are increasingly vulnerable to being subverted.

"Business has become host to organised crime parasites," said Detective Chief Superintendent Len Hynds, head of the NHTCU.

"There is infiltration. We haven't found a single case of this being through intimidation or other means; it's about making money."

Staff are typically targeted over a period of months in a social rather than work setting. Once recruited, IT staff are selling corporate secrets or allowing access to corporate systems for illegal use.

This can range from using the company's email servers to store illicit material or send out spam, to major breaches where funds or company secrets are stolen.

Since its inception the NHTCU has arrested over 100 people, ninety per cent of whom had an IT background.

It has found criminals are devoting significant resources to penetrating IT departments over long periods of time.

"We've had cases where an organised gang has put someone through an IT degree just to infiltrate a company," said David Porter, head of security and risk at security consultant Detica.

"Once in a job they had access to all kinds of sensitive information."

Hynds also called for more staff to deal with the increase in computer crime around the country, and praised the level of international co-operation the NHTCU was receiving from police forces around the world.

Recent successes for the unit include becoming a member of the south east Asian police information sharing network.

The NHTCU is also redesigning its website to become a single point of contact for businesses suffering from computer crime.