Wardriving cop warns of hackers in waiting

Online crooks are trawling the identities of children and teens through social networks, lying in a wait for a pay day when their victims turn 18 and get a credit card, a leading police cybercrime expert told a parliamentary hearing this afternoon.

Queensland Police Detective Superintendent Brian Hay told the House of Representatives standing committee on cybercrime today that although there was no evidence that online con artists were dealing in child pornography, it was his view that they were harvesting children's profiles in preparation for committing fraud against them.

"We haven't seen them [children] in the loss category yet because they don't have a lot to lose," Hay said.

"We know that crooks are out there harvesting identity data in social networks ... to build profiles of people."

"[Children] think they have nothing to lose [by updating their social media profiles] but they're surrendering their identity and that can come back to hurt them down the track."

Superintendent Hay has for several years warned of the dangers of online crime, even going as far as recommending the Queensland Police undertake 'wardriving' missions on behalf of the State's residents in the past.

Hay told the committee that online, black-market bazaars traded in credit card numbers for as little as 8 cents each in lots of 100 or $7 a card for its full details.

"Sufficient card data and identification data to change the billing address of a card, that could be $70-$80 each but given that average loss is $3000 that's a very small investment."

When asked why Australians still fell prey to Nigerian scammers, Hay pointed the finger at how they were schooled.

"We've all grown up in an environment where we learnt by reading textbooks so we're conditioned to believe what we read," he said.

"When we meet someone personally we make a determination about whether they're credible and whether we believe them? But when we go online without realising it we've disarmed ourselves of our protective leanings."

Australians needed a more realistic appreciation of the "dark side of the internet" and to take responsibility for their use of it, he said.

That could include industry working with a national anti-fraud investigation agency to black ball suspicious internet addresses. Hay said an internet dating company was daily turning down about 2500 profiles or 14 percent of those posted to its 23 romance sites because they came from blacklisted or suspicious IP addresses.

"If we had a centralised national database that people could validate known IP addresses of fraudsters and started building up this information resource where people could test the waters - maybe red-light, green-light is this a known fraudulent IP I'm dealing with?" Hay told the committee.

"It could fit in something such as national consumer fraud organisation in this country but that detail would be up to far greater minds than mine."