The leader of a global cybercrime syndicate offered his associates a Ferrari for the hacker who came up with the best scam, according to a senior European security source.
The gift – made on a professionally produced video hidden in a dark recess of the internet – formed the basis of a bizarre "employee of the month" competition for the organised crime gang. On the tape, a presenter is pictured in a car showroom alongside a Porsche, a Ferrari and glamorous female assistants who offer the prize for the most successful hacker.
Troels Oerting, the head of the European Cybercrime Centre (EC3), said this was a sign of the lengths that organised crime will go to recruit and retain young technological talent.
The scheme – operated from an unspecified eastern European destination – highlights the huge rewards on offer for relative risk-free criminal operations that can net the masterminds millions of pounds from countries that operate as safe havens – far beyond the reach of European security officials.
The video is the subject of a current investigation. "A kingpin will offer a Porsche or a Ferrari to sub-groups who earn the most money," said Mr Oerting who added that the video was shot from a "car showroom, with a couple of blondes and a guy saying: those who make most money can get this car".
EC3 – the focal point of the EU's fight against cybercrime – said that the agency was seeing 85 per cent of cybercrime activity from Russian-speaking territories, where law enforcement has traditionally found it difficult to prosecute cyber criminals targeting Western countries.
Mr Oerting warned that Europe faced a two-tier system of justice where the rich could afford to protect themselves and take the cyber fight to organised hackers, while the poor faced spiralling bank charges and rampant identity theft because of their inability to pay for online protection. He said that the vast cost of card fraud meant that companies were unlikely to continue shouldering the cost in the long term.
"We have 28 different legislations but we have one new crime phenomenon," he said. "If you're rich you live in a nice place with a fence around it with CCTV, but if you're poor…. On the internet, some will be able to protect, some will not."
One of the biggest alleged players in international cybercrime, Dmitry Golubov, was released from prison in Kiev in 2008 after the intervention of two Ukrainian politicians. He was accused by the US authorities of being a key player in CarderPlanet, one of the first and most sophisticated credit card fraud sites in the world, and subsequently set up his own political party. He denied any wrongdoing. At its height, CarderPlanet had 6,000 members, headed by a godfather. A US court last year jailed Roman Vega, one of the senior dons, for 18 years after he was arrested when he travelled to Cyprus.
"They are very, very good at locating themselves in jurisdictions that are difficult for us. If we can pursue them to arrest, we will have to prosecute by handing over the case," said Mr Oerting. "Even if they will do it, it's a very cumbersome and slow process. You can wait until they leave the country, then get them. That's a comparatively small volume. The police ability stops at the border. We are also seeing signs of movement to African countries when the broadband is getting bigger. We will probably see more from places we don't want to engage with."
Mr Oerting said that criminal gangs were actively recruiting young programmers from universities and were talent-spotting online to identify creative programmers.
He cited the case of a worldwide gang which paid about $500 for five debit cards with a fixed withdrawal limit, then hacked into computers to convert them to credit cards with no upper withdrawal limit.
They then cloned the cards and during a few hours of intensive activity at card machines across the world, including Britain, managed to steal about $45m.
Mr Oerting said that Europe would have to face a new way of fighting cybercrime given the sharp increase in fraud that was costing Britain billions of pounds every year.
"In real cybercrime, [we're going after] the people who develop and distribute the malware. We are trying to find them and identify them. It's like cutting the snake's head off. But there are a lot of heads, and they grow back very quickly," he said.
"Organised crime has not just embraced this but integrated cybercrime into its business."