How some ex-employees turn to cybercrime

How some ex-employees turn to cybercrime

By Alejandro Martínez-Cabrera, Chronicle Staff Writer - Thursday, April 8, 2010 –When a slumping economy and historically high unemployment rates dropped the ax on the country's workforce and left the survivors wondering if - or when - they'd be next, law enforcers and security experts braced themselves for what they considered would be an almost inevitable rise in data breaches and high-tech crimes. And they were right.

National unemployment rates peaked in October at 10.1 percent and remained at 9.7 percent during the first two months of the year. Local law enforcers say the inability to find gainful employment has been a recurrent motivation behind new cases of identity theft and software piracy that drop on their desks almost daily.

"We're constantly coming across people who typically we wouldn't see and wouldn't engage in this criminal behavior if the economy was better. They see it as a way out," said Detective Sgt. Ken Taylor of the Silicon Valley high-tech crimes task force Rapid Enforcement Allied Computer Team.

In one recent case under investigation, Taylor said, an unemployed San Mateo woman in her 20s was detained with a large number of re-encoded credit cards in her possession. She said she was using them to buy food.

And a Fremont man who had been recently laid off was arrested in February for selling pirated copies of a $2,500 Adobe design program for $150 on Craigslist. Task force members could look at cases of workers-turned-software-pirates all day every day, Taylor said.

According to cyber-security researchers, corporations across all industries have been dealing with a steadily growing number of internal data breaches since the financial meltdown.

A Verizon data loss report noted that individuals with insider knowledge of organizations accounted for 20 percent of all breaches last year, and that number has been increasing as economic malaises drag on, said Chris Novak, managing principal of Verizon Business' Global Investigative Response Team.

Even though external attacks made up the bulk of the breaches, the report found that each internal incident compromised on average 100,000 individual pieces of sensitive information - at least 60,000 pieces more than external hacks.

Researchers say that anyone from top-level executives and IT personnel to low-level support employees can have access to data that can be sold illegally. A 2009 survey of almost 1,000 laid-off individuals found that 59 percent admitted keeping company data after leaving the business, according to the Ponemon Institute, a privacy research center.

In fact, data breach originators are "moving from being just the administrators and super-type users to your everyday users," Novak said.

"When data breaches are caused by administrators or super users, it's a big deal and the organization loses a great deal of information," he said. "When they come from average users, they're smaller pinpricks but can drag on longer and cost the company more in the long run."

Stolen data can range from employees' health care records or clients' credit card numbers to merger and acquisition plans, confidential agreements or valuable source code, said Rick Kam, president and co-founder of data breach prevention firm ID Experts.

Thieves can easily sell the information to cyber-criminal rings or use it as a bargaining chip to get a job with their former employer's competitors. According to the Ponemon Institute study, 67 percent of respondents said they would use "their former company's confidential, sensitive or proprietary information to leverage a new job."

"The issue of identity theft is all about opportunity," Kam said. "And our first instinct is to protect ourselves."

In one case handled by Kam's company six months ago, a disgruntled man went as far as trying to extort his former employer, a large health care provider, by threatening to release thousands of sensitive patient records that would have triggered an avalanche of lawsuits.

Those who remain employed but fear being the next to go can also grow alienated or resentful toward their companies and may be tempted to steal corporate data, said Kevin Rowney, director of breach response at Symantec.

"It's a common trend in economic history. Rising stress creates the circumstances that motivate people to go into financial fraud," Rowney said. "Employees in this economy feel it's every man for himself."

E-mail Alejandro Martínez-Cabrera at amartinez-cabrera@sfchronicle.com. This article appeared on page D - 1 of the SanFranciscoChronicle