You might know this kid. He's as young as 12 or 13, not all that popular in school. He spends a lot of time online. You figure he's playing World of Warcraft, constantly refining his MySpace pages, or maybe hanging out in Habbo, a virtual world popular with kids. But he may also be wreaking havoc on social networking sites, selling a veritable supermarket full of his own malware, and creating packages of phishing tools.

"These kids are obsessed with phishing," said Chris Boyd, director of malware research for Facetime Communications during a presentation at the RSA Conference, here in San Francisco. They don't see phishing as a problem, Boyd says, because they typically start out stealing large numbers of MySpace pages, then move on to stealing a few PayPal accounts—but for a lot more money.

Today's young hackers consider themselves stars of the cyberworld, not aware or not caring that what they're doing is illegal. "For these kids, it's a game, a hacker version of American Idol," Boyd said. "But the TV show they're really on is America's Most Wanted."

Ira Winkler looks like a guy with a lot on his mind. And rightly so. After all, he helped orchestrate a hack of a power company, at the request of the company itself, which wanted to test its defenses. It took Winkler, who is president of the Internet Security Advisors Group, and his team just a day to break in. If he'd wanted to, he could potentially have turned out the lights on the power company's customers—or worse, since this company ran a nuclear reactor.

Obviously, the company's defenses did not hold up well. What was most striking was how easy it was for Winkler and his team to break in. One step in accomplishing the task involved tricking employees into clicking on an e-mail that downloaded malicious code onto their work computers.

"There is a major storm brewing that is receiving insufficient attention from the government," Winkler said.

I'm attending the RSA Conference in San Francisco—billed as the "world's largest security conference and expo"—where security software maker Symantec today revealed a few of the latest online threats, and U.S. Department of Homeland Security Secretary Michael Chertoff offered a few insights into what the federal government is doing to protect U.S. cyberspace.

The biggest threat to your personal data, according to Symantec, comes from the loss of laptops, hard drives, and USB drives, which accounted for 57 percent of the data loss outlined in the company's latest Internet Security Threat Report, released today. In addition, 70 percent of the malicious code unleashed in the last six months of 2007 was meant to steal confidential information. Finally, the creation of malicious software is now outpacing the creation of "good" programs, said Steve Trilling, vice president of Symantec Research Labs.

All this stolen information ends up in an underground marketplace that works just like a legitimate economy, Trilling said. Stolen eBay accounts go for about $8, e-mail passwords for $30, credit cards for as little as 40 cents, and bank accounts for up to $1,000 or so, depending on how much money is in the account. Interestingly, the virtual world is one of the most lucrative. A stolen World of Warcraft account can be worth 100 times more than a credit card.