Companies that are victims of cybercrime are reluctant to come forward out of fear the publicity will hurt their reputations, scare away customers and hurt profits. Sometimes they don't report the crimes to the FBI at all. In other cases they wait so long that it is tough to track down evidence.

For every break-in like the highly publicized attacks against TJX Co and Heartland Payment, where hacker rings stole millions of credit card numbers, there are many more that never make the news.

"Of the thousands of cases that we've investigated, the public knows about a handful," said Shawn Henry, assistant director for the Federal Bureau of Investigation's Cyber Division. "There are million-dollar cases that nobody knows about." "Keeping your head in the sand on filing a report means that the bad guys are out there hitting the next guy, and the next guy after that," Henry said.

He said the cybercrime problem has gotten bigger over the past three years because hackers have changed their attack methods as companies have tightened up security.

Some groups consist of a core of just about a dozen people -- including strategists, hackers and programmers -- who can get started with a budget of a few thousand dollars to set themselves up with computers and broadband access.

When they are ready to launch an attack, they might hire hundreds more people who help them launder the money. Known as "money mules," these people are often found through "work-at-home" schemes, where they are hired to cash checks for a few thousand dollars, keep a percentage and send the rest back to the core group.

Source: http://www.reuters.com/article/ousivMolt/idUSTRE5AN4YH20091124?pageNumber=2&virtualBrandChannel=11604