Police admit cybercrime is 'deeply worrying' as Essex teen is charged

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Visa, Mastercard, Paypal, Google, the CIA, the US Senate, the National Health Service, Sony, Lockheed Martin, Citibank and Epsilon. The list of organisations hacked over the past few months is as long as it is shocking.

Cyber security experts and analysts say rapid changes in how hackers launch attacks and group themselves together have led to an unprecedented wave of successful assaults.

Britain's top police officer said yesterday that cybercrime had become a major menace. Sir Paul Stephenson said it had become "extraordinarily significant and deeply worrying".

Ryan Cleary, a 19-year-old from Essex, was charged yesterday with hacking the website of the UK's Serious Organised Crime Agency.

He is also accused of attacks on websites of the British Phonographic Industry and the International Federation of the Phonographic Industry.

He is alleged to be a member of the hacking group LulzSec. Experts say the emergence of "hactivist" collectives like LulzSec and Anonymous has led to chaotic unpredictability in the hacking scene whilst criminal groups – intent on stealing data for financial profit – have displayed increasingly finessed hacking techniques which are much harder to detect.

"The way people hack is changing," Mark Waghorne, the KPMG information security director said "Hackers are playing the long game, taking time over infiltrating an organisation's systems."

Attacks on Sony and Lockheed Martin have fuelled concern among analysts. The Sony attack, when some 77 million account users were stolen in April from its PlayStation Network, was the largest data theft in history

Last month, the US defence company Lockheed Martin said that it had been hit by a "significant and tenacious" attack.

The attackers broke into Lockheed servers by carrying out an even more audacious attack on security company RSA which made secure log-on keys for Lockheed employees.

Analysts blame criminal or industrial espionage networks rather than politically minded hactivist collectives such as Anonymous and LulzSec.

But the surge in popularity of such networks has led to a worrying explosion in disruption attacks against a vast array of targets.

In the past two months, LulzSec has been accused of attacking Fox TV, the CIA and the website of Britain's Serious Organised Crime Agency.

It has also hacked into a number of websites and published thousands of user details online.

Sophos cyber security expert Graham Cluley said: "Hacking groups are deliberately using social networks to publicise what they do and ask for help from members of the public."

The anarchic nature of groups such as Anonymous and LulzSec has, however, caused widespread disagreements and tit-for-tat attacks among rival hacking networks. Anonymous and LulzSec last week announced a joint venture to turn on government and banks. "Top priority is to steal and leak any classified government information, including e-mail spools and documentation," they said in an online statement. Previously the two groups had been rivals. In the past few days, LulzSec has suffered hack attacks. A group which calls itself the "Web Ninjas" claims to have unmasked the identity of some of LulzSec's key leaders and broken into a number of their chat rooms. A second well-known hacking group, Team Poison, has also declared cyberwar on LulzSec and claims to have broken into a website of one of the hacking group's leaders.

LulzSec has taken vengeance on two former supporters which it accuses of "snitching" on it to the FBI by publishing personal details including addresses.

Graham Cluley, of Sophos, says that the infighting among groups may eventually lead to the arrest and the capture of the culprits as the rival hackers dig up dirt on each other.

"There's a huge amount of bravado, rivalry and boasting within these groups," Mr Cluley said.

Year of the hack: 2011's victims so far

Sony

The Japanese tech giant has been hit by a double whammy of hacks this year. The first in April, was the largest single data breach in internet history where hackers77 million users' details from the PlayStation Network. Suspicion has fallen on criminal hacking groups, rather than hactivist collectives. A month later LulzSec hit Sony Pictures, carrying off a further one million user details.

CIA

Last week LulzSec boasted that it had taken down the public homepage of the CIA. The method it used – a distributed denial of service (DDoS) attack – is relatively simple technique that doesn't actually involve any hacking. Instead a network of computers bombard a site with information requests until it shuts down. These temporary disruption attacks have formed the basis of much of LulzSec's work.

Google

The search giant went public earlier this month with a claim that Chinese hackers had tried to steal the passwords of hundreds of Gmail account holders, including those of senior US government officials. China said the claims were "unacceptable". Most security analysts believe Russia and China have the most sophisticated hacking networks, with Chinese hackers previously implicated in Google hacks.

Citibank

Earlier this month, Citibank admitted that 200,000 of its credit card customers in North America had their names, account numbers and email addresses stolen after the site was hacked. Suspicion has again fallen on criminal networks. The bank assured its customers that the hackers did not manage to gain access to any social security numbers, birth dates, card expiration dates or card security codes.