CRIMINAL AND STATE SPONSORED HACKERS are starting to collaborate to create ways to steal data, according to RSA executive chairman Arthur Coviello.
During a conference at RSA Europe 2012 on Tuesday, Coviello claimed that the company has already seen evidence that criminals are not only learning from attacks like Flame and Gauss, but are working with the state sponsors behind such attacks.
"Criminals are starting to cooperate with nation states," said Coviello. "We're seeing criminals adopting the [Advanced Persistant Threat (APT)] techniques of the nation state."
The collaboration stems from the emergence of common goals between criminals and state hacker teams.
This is reportedly due to the vast amounts of data being stolen by criminals during cyber raids that cannot be sold using their traditional moneymaking practices.
"The criminals themselves have a big data problem," said Coviello.
This means that the criminals now have a motive to share their resources with state actors, who might find the data useful, leading to a tit for tat relationship between the two types of hacker.
"The nation states are now starting to sell their sophisticated APT attacks to the criminals," warned Coviello. "These are the kinds of chilling things that are starting to go on."
Coviello's comments follow on from similar warnings from F-Secure security analyst Sean Sullivan, who prophesied earlier in September it would only be a matter of time before cyber criminals began learning from advanced threats like Flame.
The RSA executive chairman claimed that the situation is being made worse by the fact that most business are struggling to recruit security experts.
"We face a severe skills shortage," said Coviello.
"That skill shortage is real and we see that time and time again. Most companies are not that mature when it comes to security as they don't have the skill set required."
Prior to the press conference Coviello had called for education reforms within the security industry, claiming that a number of conflicting privacy laws are hampering companies' abilities to protect their data. µ