"Risk is now chaotic and complex in a way that a small incident in one place can become a major incident in another place that you hadn't even thought of," said Nick Beale, research and development officer for intelligence services group Infrastructure Defense U.K. Ltd.
"What could start off as a simple intrusion into a corporate network could very quickly become a national security incident," Beale said Thursday, speaking here at InfowarCon 2000.
But the primary goal behind the nefarious activities still remains money, and even criminals who haven't transferred their expertise to the online world are taking advantage of the information highway. There have even been some cases of gangs in the London area stealing network servers at gunpoint, Beale said.
In the future, the theft market will increase and expand.
"Identity theft will be a big, big market," Beale said. "Video piracy will be the next big thing, especially with ADSL (asymmetric digital subscriber lines) coming down the line." Criminals will invest their own money in systems to beat any encryption legitimate industries will create, he added.
Because the criminals are adopting the technology so quickly, companies are faced with a new challenge -- preparing for the unknown. Technical intelligence loses most of its effectiveness when companies can't tell who or where the next threat will come from.
In order to prevent attacks, or at least better prepare for them, companies should start building profiles, or "digital silhouettes" of hackers. Hackers leave tracks just like traditional criminals. Besides monitoring newsgroups and IRC (Internet relay chat) channels frequented by hackers, a trail can be followed by comparing the code of a hacked Web page to a "line-up" of other hacked pages, Beale said.
"The worst thing that can happen to a hacker is for his real name to be revealed," Beale said. "If you trace (the hacker's) history in a newsgroup, sometimes you can find a point where he made somebody angry enough to post his real name."