Silicon Valley FBI agent Shena Crowe operates on the front line of computer fraud, and is aware of a definite shift in motivation behind internet crime.

Gone are the days of the glory-seeking hacker. A new generation of criminals has emerged – criminals who are highly organised, professional and driven solely by financial gain.

‘My personal theory is that computer crime is what white collar crime was before the Enron scandal,’ says Crowe, referring to the accounting fraud in 2001 that resulted in the US energy company’s collapse and the prosecution of its directors.

‘I don’t think it has had its day, awareness is increasing but there has not been an event large enough that makes people stand back and realise: this is bad.’

Until Crowe’s defining event takes place, there remains a constant and persistent onslaught of cyber attacks – with very few successful prosecutions.

There has yet to be a sentencing of anyone charged with masterminding a botnet, the latest and most virulent cyber threat, says Crowe.

‘The lack of reporting of cyber crime is one of the biggest challenges we face in law enforcement, and in effect we are pulling threads on a spider web and seeing what moves,’ she says.

Yet from these small leads Crowe has discovered some large-scale profit-driven data thefts in the past year and a half.

‘The attacks are generally insider directed, carefully targeted and the methods are mostly combined,’ she says.

‘The insider direction is certainly becoming a major component in the crime we are seeing, and the data is then sold.’

Personal data which provides criminals with access to individuals’ bank accounts is the main motivation for the theft, according to Crowe.

The insiders are working as part of organised crime gangs whom she says present the most challenging development in internet fraud.

‘You really have to have a case large enough so that law enforcement will charge and prosecute,’ says Crowe.

‘We have to gather enough evidence to show intent, to show the damages, and exactly how much the criminal has made.’

According to Crowe, to warrant a prosecution there has to be a $50,000 (£26,800) minimum in losses. That can be an accumulated loss between several victims, or in an international case, it must be about four times that figure.

So if it seems that law enforcement is fighting a losing battle, how would Crowe seek to address the problem?

‘There will always be the human factor, and I have the theory that most people will make a mistake at some point. So criminals can be caught even if it seems impossible,’ she says.

As if finding and prosecuting the criminals is not enough, Crowe also faces the challenge of waiting to get a search warrant for the type of crime that is committed at a much faster pace that traditional crime.

‘We need to adapt our sense of timeframe in the justice department to adapt to the pace of computer crime,’ says Crowe.

It is not just the speed of the crime that is different – the types of attack are also changing.

‘The new attack vectors are on mobile devices; I guess you could think of it as the next frontier,’ says Crowe.

‘I think it is supported in the criminal reporting that we will see more mobile device threats, although it is still pretty new and I have not seen any taken to prosecution yet.’

Mobile threats are not the only new challenges faced by Crowe’s law enforcement team.

Instant messaging (IM) is emerging as a popular fraud method, as online communities such as MySpace grow in popularity and people start to post more personal information.

‘I think the biggest realised threat is from bots, but the biggest future threats will be from a combination of IM and mobile data transfer,’ says Crowe.

If such technologies present the media through which future fraud is likely to occur, then Phil Cracknell, president of the Information Systems Security Association (ISSA) UK and director of technology assurance and advisory at Deloitte & Touche, believes identity fraud is the most pertinent threat.

‘As more business transactions are conducted online then there will be more scope for fraud and crime on the internet,’ he says.

Although Cracknell acknowledges many types of threats exist on the internet, he says ‘cardholder not present’ fraud is moving onto the internet.

Since the introduction of chip and PIN, criminals who would previously have had to sign for stolen goods are moving onto the internet to circumnavigate the standard. ‘The extra security of chip and PIN as we were sold it does not exist on the internet,’ says Cracknell.

Forcing credit card fraud online means merchants are liable, and not the card issuers.