ON a stealthy tour of a bustling market in China last autumn, Lou Reigel, assistant director of the FBI's Cyber Division, reportedly witnessed a crime in progress. Surrounded by knock-off versions of US merchandise, Mr Reigel cast his eyes on a high-end golf bag identical to his own - but at a fraction of the cost. Then a salesman plied him with a popular US brand of jeans, also on the cheap.

That anecdote is one of a few listed on the FBI website. 'Mr Reigel didn't bite, of course,' the FBI says. 'But the threat to US businesses - an estimated US$50 billion a year in lost revenues - is clear.'

The business in fake merchandise is worth an estimated US$100-120 billion a year in lost revenues, especially for American, European and Japanese makers of branded consumer and fashion brands. However, by some estimates, that's just a fraction of the lost revenues due to cyber-crime, or crime committed on the Internet.

'Cyber crime is expanding, and computer intrusions, particularly from Asian and Eastern European countries, are going to continue to grow and get more complicated,' says Mr Reigel. 'Hackers are getting more sophisticated. It's a business and they've become organised in their efforts. In Innocent Images, we have about 2,500 federal cases ongoing every single month. That number continues to grow. We just changed the priority for Innocent Images - it used to be our No 3 priority - to No 2, behind computer intrusions.'

The Innocent Images National Initiative is a component of the FBI's Cyber Crimes Program that seeks to combat the proliferation of child pornography and child sexual exploitation facilitated via the Internet. Computer intrusions is still the No 1 criminal activity both in the US and outside, in the dark underworlds of cyber-crime. It hurts small businesses more than large ones.

As retail business increasingly embraces the world of e-commerce, cyber-crime follows. In 2000, e-commerce accounted for just one per cent of all retail sales in the US. Today, it accounts for 2.4 per cent of all sales, and is growing rapidly, says Steven Martinez, assistant deputy director of the FBI's Cyber Division. If one adds revenues generated by non-retail Internet businesses, such as media and entertainment, and utilities and services,e-commerce is set to dominate all commercial activity, especially in the developed world, soon.

'Small business forms a vital link in the overall security of the Internet,' Mr Martinez testified on March 16 before the House Committee on Small Business Regulatory Reform and Oversight Subcommittee. 'Small business accounts for a significant portion of the retail business occurring on the Internet. Many online businesses and e-retailers are small businesses. Many small businesses are customers of online businesses. Other small businesses support the IT and Internet operations of large businesses and governments. The integrity of connected small-business systems has an impact on the security of the Internet as a whole.'

The threat: While past attacks were designed to destroy data, today's attacks are increasingly designed to silently steal data for profit without doing noticeable damage that would alert a user to its presence. According to Symantec Corp, malicious code threats that could reveal confidential information rose from 74 per cent of the top 50 malicious code samples in first half of 2005 to 80 per cent in second half of 2005.

'cyber-crime represents today's greatest threat to consumers' digital lifestyle and to online businesses in general,' says Arthur Wong, vice-president of Symantec's Security Response and Managed Security Services.

'There's a growing trend of attackers using bot' networks, targeted attacks on web applications and web browsers, and modular malicious code. Based on this and data from previous reporting periods, we expect to see more diverse and sophisticated threats used for cyber-crime as well as an increase in the theft of confidential, financial and personal information for financial gain.' Bot' infection A 'bot' is a computer program, and is also called robots, spiders, or crawlers.

These automated programs are used by search engines to crawl the web and index websites. A malicious 'bot' on the other hand seeks to either harm a vulnerable computer, or capture information such as passwords that could be sent back to the cyber-criminal.

'China experienced the largest increase of bot-infected computers, with 37 per cent growth - 24 percentage points above the average increase - putting China behind only the US in this category,' Symantec says. 'The increase is likely related to China's rapid growth in broadband Internet connections. China also saw the largest overall increase in originating attacks. Such attacks increased by 153 per cent in H2 over H1 2005, up 72 percentage points above the average increase. Bots may be an increasing source of this activity.'

The worst attack is a 'phishing' threat, or one which attempts to deceive users into revealing confidential information. These phishing attacks rose in last six months of 2005 and focused on smaller, regional targets. In just second half of last year, 7.92 million daily phishing attempts were identified, up from 5.70 million attempts per day in fist half of last year.

'We expect to see an increase in the number of phishing messages and malicious code distributed through instant messaging services in the future,' Mr Wong says. 'Symantec documented 1,895 new software vulnerabilities, the largest total recorded since 1998. Of these, 97 per cent were considered moderately or highly severe, and 79 per cent were considered easy to exploit.'

Is there a solution in sight? The FBI says that the best way to combat the growing threat of cyber-crime is to form a partnership with businesses and industries - especially small businesses - that rely on the Internet. 'The education of small business about the scope and nature of cyber threats is an important first step in protecting those businesses,' the FBI adds. 'The focus is on two initiatives that seek to build a partnership with business: the National Cyber-Forensics and Training Alliance (NCFTA) and InfraGard.'

Under the NCFTA, law enforcement works alongside with businesses to address cyber-threats. The FBI says it has been able to identify and prosecute some of the most serious cyber-criminals, including those who distribute computer viruses, operate large networks of compromised computers (or botnets), and perpetrate fraud schemes such as phishing scams.

InfraGard is an alliance between the FBI and the public and seeks to prevent attacks against critical infrastructure such as banks, hospitals, telecom systems and the Internet. InfraGard has more than 14,800 private sector members spread across 84 local chapters throughout the US.

Cyber-complaints

'As an example on how we address cyber-complaints, the NCFTA was recently contacted by a small bank in New Jersey,' Mr Martinez told the Subcommittee hearing. 'The bank was the victim of a phishing attack. In this type of attack, the criminal creates a fake website that is identical to the real bank site and uses the fake site to steal credit card and other identity information from the bank's customers. With the victim bank's help, the NCFTA traced the attack and identified what measures they could take to mitigate its effects. The bank sent cease and desist' letters to the ISPs hosting the fake sites to have the sites shut down.'

In Singapore, the government and business already work closely. There are also strong laws to protect against phishing attacks. However, there's little the law can do if the attack is carried out from outside Singapore. There are about 120,000 small businesses in Singapore. Many of them seek to sell their wares online, and unless they take adequate protection - both in deploying strong anti-intrusion technology and having the right policies in place - they might be at risk.

As for China, Mr Reigel's brush with the underbelly during his week-long trip led to a better understanding from his Chinese counterparts on the issue of counterfeit and fraud. 'I think I was successful in opening the door at least an inch or two, where we will begin to exchange information and work cases,' he says.

'They understand how critical the intellectual property rights program is to the FBI and to America, so they understand that this is not something that is going to go away and they need to get on board with it.'

The author is vice-president (Asia-Pacific), with Access Markets International (AMI) Partners Inc.

Is this article useful to you?