There has been a lot of hype in the news recently about unemployed IT workers turning to cybercrime to make ends meet. Some forecasts 1 claim that the guys running your mail server might “use their skills to steal credit card data using phishing attacks.” Of course, there are no hard facts to back up this claim. I find it hard to believe that an otherwise honest person would turn to something as extreme as stealing credit card numbers to help pay his bills. The truth is that there has been the opportunity for making large sums of money through cyber crime for years. If someone with the necessary skills and lack of morals was going to go into the phishing business, they would have probably already done so.
Perhaps the economic downturn does help cyber criminals become more successful, simply because there are more desperate people out there to be scammed. Suddenly, a chance to “win $50 from Bank of America” might be just too tempting to resist. After all, “it’s a ripe economy to take advantage of people,” 2 according to a McAfee cybercrime strategist. (Nice job title.)
On the other hand, I’ve also seen claims 3 that corporations are performing more internal investigations into employee fraud and misuse of resources. I believe this type of criminal behavior is much more likely to rise, since people generally feel less guilty about taking advantage of their employers, as opposed to outright stealing from a stranger. It’s a bit like how taking home a box of pens from work might not be a big deal, whereas doing the same from a Staples store is much more obviously theft.
There is also one more reason why laid off or unemployed computer geeks might turn to criminal means: it’s the only job they can get. It’s obviously a tough job market, even considering that IT jobs are better off than most other fields. If you’ve got hacking skills and need to make some money, I suppose it’s possible that you might be tempted to work for a criminal organization. Once again, I don’t believe that usually-honest people will start joining the mob out of desperation; we’re just not that bad off yet. But I did come across at least one example 4 of an unethical corporation hiring hackers to help them exceed the limits on rain forest logging. It’s hard to know if this is an unusual case, or if it’s becoming more rampant.
The bottom line is that companies (and government agencies) need to be even more vigilant against the insider threat. It’s always been there, and it always will. The best we can do is try to mitigate it. Personally, I’m not too worried about IT workers turning to cybercrime – the crooked ones are already there.