TMCnet News
Crime of the Times [Information Today](Information Today Via Acquire Media NewsEdge) Every year has its standout themes. For 2011, a big one was cybercrime and hacking. The Sony PlayStation Network cybercrime and the News Corp. voice mail hacks are just two incidents that have made global headline news. Overall, the scale of cybercrime, let alone its almost identical twin hacking, is quite remarkable. For example, German Federal Police reported that there were 59,839 cybercrimes in Germany in 2010, up 20% from 50,254 in 2009. Reportedly, the police credited this increase in part to the greater use of banking online, which offers more opportunities for online fraud. In the U.K., a recent report from the Cabinet Office and IT security firm BAE Systems Detica claimed that cybercrime actually takes a £27-billion (about $38.12 billion U.S.) bite out of the U.K. economy every year, with £21 billion (about $29.67 billion U.S.) of it borne by business. Victims of Cybercrime In the U.S., the Internet Crime Complaint Center (IC3), backed by the FBI and the Bureau of Justice Assistance, reported that it received 303,809 complaints in 2010. It reported that it receives and processes about 25,000 complaints a month, the most common of which relate to nondelivery of goods and payments, identity theft, and various frauds. A 2010 report by computer security company Norton claimed that 65% of people worldwide thought they had been the victims of cybercrime. How much faith should we put in such figures? Well, they're probably the result of honest endeavors, but it's likely that the extent of cybercrime and hacking is underestimated. Professor Andrew Blyth, head of the information research group at the University of Glamorgan, says U.K. figures are tough to measure in terms of accuracy. "For example, companies that have suffered from cybercrime are very reluctant to come forward," says Blyth. "And how do you measure the loss of intellectual property? I reckon the true cybercrime figure is much, much higher. We really don't understand how to measure these things anyway" He estimates that cybercrime could be five, 10, or 20 times higher than official figures suggest. 'The cybercrime situation in Germany cannot be assessed accurately based only on official statistics," says Tatiana Tropina, cybercrime researcher at the Max Planck Institute for Foreign and International Criminal Law in Freiburg, Germany. "The vast majority of crimes still remain unreported, particularly those related to computer sabotage and data manipulation," she says. "Crimes are often not even recognized by a victim who cannot therefore detect them; companies prefer not to report incidents due to reputational issues, and relevant cybercrime phenomena such as phishing are not represented properly in the police statistics. Phishing will likely continue to grow." Blyth believes corporate security will improve, and this will drive cybercriminals to use social media instead to build profiles of potential victims. With targeted emails, victims will be more likely to open the bogus files. This is happening now, he says, with emails that look as though they're from friends and colleagues. "The days of 20 million emails from Nigeria are over," he says. Stealing User IDs Tropina concurs and expects cybercriminals/hackers to focus more on attacking end users or consumers, because the end user is the weakest link in the chain. "More sophisticated social engineering techniques will be developed to get around cybersecurity," she says, "and the trend of acquiring not just some user data but the whole user identity will grow." This may be good news for corporations because more of the cyber issues move from big business to individuals. However, the move to cloud computing may make it easier for cybercriminals to attack enterprises. "The cloud will make life a lot easier for cybercriminals as forensics in the cloud are so much harder to apply as systems are not engineered with so much security in mind," says Blyth. "They're engineered for distribution, reliability, and scalability, and arguably not security or forensics. It will take three to five years for forensic solutions for the cloud to arrive." Another source of income for cybercriminals and hackers is the selling of the tools of their trades. Tropina says they will further develop their "underground economy where more criminal-to-criminal schemes of trading tools to commit cybercrime will be adopted." Stewart A. Baker, a partner at the international law firm of Steptoe & Johnson, LLP, who also worked on cyber issues at the U.S. Department of Homeland Security, sees a brisk market in criminal tools online already. "I think the market for such tools will continue to grow," he says. "Another trend I fear is already developing: nation states protecting cybercriminals who in exchange moonlight as government agents, stealing secrets or causing sabotage." Tools of the Trade The sale of tools indicates that cybercrime has moved a long way from the image of a hacker who is only interested in the challenge of cracking a system and in causing some mischief. A report earlier this year from Panda Security provided details of what cybercriminals charge their peers for the tools of the trade: $2.90 for single credit card details; $80 for credit cards; and $80-$l,500 for online payment platforms. It's a long way from the pioneering hacking days exemplified by the Chaos Computer Club, which was cofounded by Wau Holland in 1981. Its members liked nothing better than to reveal glitches in official systems in Germany. Indeed, they're still at it. Last year, they cracked a bank's security codes through a nationwide Videotext network called Bildschirmtext just to show they could do it. The other archetypical hacker, aka the obsessive young male loner, is also still at work. A case in point is 19-year-old Ryan Cleary, who was arrested in June in Wickford, Essex, on suspicion of hacking into police systems from his bedroom. Reports indicate that Cleary, who allegedly suffers from a personality disorder, hadn't left his home from Christmas 2010 until his arrest. Likewise, another U.K. hacker, Gary McKinnon, is trying to avoid deportation to the U.S. for allegedly hacking into Pentagon systems. Peter Warren, chairman of the Cyber Security Research Institute and joint author oí Cyber Alert: How the World Is Under Attack From a New Form of Crime, says, "It has now become a classic legal defence (in hacking cases) to say that your client is an obsessive." But Warren adds that much of the hacking that now goes on is done by criminals. "However, there has been a resurgence of the libertarian, politically correct, anti-capitalist left of the internet which has been shown by the activities of Julian Assange, of Wikileaks, and LulzSec [LuIz Security, a splinter group from the hacker collective Anonymous]," he says. The technical competency of these cybercriminals pales in comparison to their ability to exploit the technological incompetence of big business and the military sectors, which they have known about for years, says Warren. Such hackers are the visible tip of the cybercrime iceberg. Most are unknown and under the radar. Since the fear of being caught is a strong deterrent, the culture of anonymity and identity fraud that pervades the online world would have to change. Baker says that better technology needs to be developed and adopted to make it more difficult for a person to remain anonymous. "Until we do that, we won't catch and punish cybercriminals in numbers that deter others," he says. Well, they're probably the result of honest endeavors, but it's likely that the extent of cybercrime and hacking is underestimated. Another source of income for cybercriminals and hackers is the selling of the tools of their trades. Links to the Source Ryan Cleary www.guardian.co.uk/technology/2011/ jun/25/hacker-ryan-cleary-diagnosed-autism Gary McKinnon www.dailymail.co.uk/news/article-1390961/ PresidentObama-refuses-halt-Gary-McKinnons-extradition.html Panda Security http://press.pandasecurity.com/news/ pandalabs-uncovers-alarming-statistics-on-cyber-crime-black-market Sony hack www.soe.com/securityupdate/pressrelease.vm Sony PlayStation Network hack www.bbc.co.uk/news/technology-13206004 IC3 cybercrime statistics www.ic3.gov/media/annualreport/2010_IC3Report.pdf Cabinet Office cybercrime figures www.cabinetoffice.gov.uk/sites/default/files/ resources/THE-COST-OF-CYBER-CRIME-SUMMARY-FINALpdf McAfee cybercrime report www.mcafee.com/us/resources/ reports/ rp-good-decade-for-cybercrime.pdf Report on German cybercrime figures www.forbes.com/feeds/ap/2011/06/30/ business-eu-germany-cybercrime_8542922.html Chaos Computer Club www.ccc.de Chaos Computer Club 2010 hack www.offiziere.ch/trust-us/habil/035_financialtimes.html Norton cybercrime report http://us.norton.com/theme.jsp?themeid=cybercrime_report Cyber Security Research Institute www.csri.info John Charlton writes about technology, law, and education for several publications. He spent 20 years working in the GG press in the U.K. covering technology, financial, and business matters. Send your comments about this column to [email protected]. (c) 2011 Information Today, Inc. |