Cybercrime
Cybercrime
“If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know there’s a key hidden somewhere, they won’t stop until they find it."
Tim Cook, CEO Apple Inc.
This page is under contruction: the intention is to provide some background material on cybercrime and links to important recent reports which outline the scale of the problem and general trends. For the moment the page is being used as a holding area for potentially useful material, some of it taken from elsewhere on the website.
Page Content
1 General
a) Definition
'Cybercrime' can be defined as the use of computer systems to commit a criminal offense (usually over the internet). Cybercrime includes such activities as: identity theft, revenge porn, illegal access of data, committing fraud or payroll theft, spreading malware / computer viruses, or locking down personal, business or government computer systems and demanding a ransome.
b) Historical
“
We’re all going to have to change how we think about data protection."
Elizabeth Denham, UK Information Commissioner
The images below are from Information is Beautiful: they show only data breaches involving more than 30,000 records. The first diagram indicates the size of breach; the second is colour-coded by data sensitivity (darker = more serious). You can see from the second image how the number of hacks and the severity of the breaches has grown since 2014 (the earliest records shown).
Tiggest security breach shown in 2020 involved Facebook
and some 420 million
records. This followed an attack on Marriott Hotels
(in 2019) where 383 million records were compromised.
There was a major hack
in July 2020 involving the Twitter
accounts of dozens of high profile individuals, including Barak Obama, Elon Musk and Bill Gates. This appears to have been a co-ordinated attack targeting Twitter's employees with access to internal systems and tools. Nothing is sacrosanct for hardened cybercriminals, who have shut down hospitals
and healthcare service computer systems and demanded ransomes...
This BBC
video
notes that "Experts have been warning for years that it's not a matter of if, but when, hackers will kill somebody. German police are conducting the first ever homicide investigation in which hackers could be to blame. It comes as the head of the EU's cyber-security agency tells the BBC that countries should consider making company bosses liable for deaths..."
2 Reports
a) Crime Survey for England & Wales
The UK Office for National Statistics
(ONS) releases a Crime Survey for England & Wales
(CSEW) each year. In the survey
for the year ending in March 2018, the ONS
estimates that around 4.5 million cybercrimes were committed. Of these, around 3.24 million were fraud offences, and 1.23 million related to computer misuse (encompassing child pornography & hacking).[1] In 2017 around 17 million UK residents — one quarter of the population — were victims of cybercrime, with around £130 billion stolen.
In the year ending March 2020, CSEW-estimated computer misuse offences "did not change from the previous year, remaining at around 900,000 offences." 26,215 offences were referred to the National Fraud Intelligence Bureau
by Action Fraud
(the public-facing national fraud and cybercrime reporting centre) in the same period, an increase of 23% from the year ending March 2019. This increase "was driven by large increases in the two highest-volume computer misuse types reported to Action Fraud. 'Hacking – Social media and email' saw a 55% increase from 8,340 to 12,894 offences and computer viruses/malware saw a 61% increase from 4,177 to 6,745 offences."
b) FBI Internet Crime Report
Internet-enabled crimes and scams show no signs of letting up, according to data released by the FBI’s Internet Crime Complaint Center
(IC3) in its 2019 Internet Crime Report
[Feb 2020]. The last calendar year saw both the highest number of complaints and the highest dollar losses reported since the center was established (in 2000). One area of concern was Business Email Compromise (BEC), where a company’s human resources or payroll department receives an email appearing to be from an employee requesting to update their direct deposit information for the current pay period. The change instead routes an employee’s paycheck to a criminal. [See Voice Phishing
below]
The report notes that each complaint is reviewed by an IC3 analyst who categorizes it according to the most appropriate crime type(s).
The presence of the UK at the top of the list (by some considerable margin) should be a major cause for concern.
c) INTERPOL Report
“Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19.”
Jürgen Stock [INTERPOL
Secretary General]
A new INTERPOL assessment
of the impact of COVID-19 on cybercrime [Aug 2020] has shown a significant target shift from individuals and small businesses to major corporations, governments and critical infrastructure. With organizations and businesses rapidly deploying remote systems and networks to support staff working from home.
Criminals are also taking advantage of increased security vulnerabilities to steal data, generate profits and cause disruption. In one four-month period (Jan to Apr 2020) some 907,000 spam messages, 737 incidents related to malware and 48,000 malicious URLs – all related to COVID-19 – were detected by one of INTERPOL’s private sector partners.
3 Techniques
Fraud can include scams (email, crowdfunding, etc.), fake 'likes' on social media, fake celebrity endorsements, and offering fake goods, services and qualifications... Here are some notes on some of the techniques used:
a) Email Fraud / Scams
Email fraud is lucrative business. It can take the form of:
- spoofing
— pretending to be someone else;
- phishing
— making it look like an email is coming from an existing company or one’s bank, and asking the victim to confirm or provide sensitive information, log in to their account, create a new password, or some similar request;[2]
- bogus offers
— typically, popular items or services at knock-down prices or financial rewards (as here example); sometimes the fraudster will be looking to obtain the victim's credit card details;
- requests for help from ‘a friend’ in trouble abroad, usually requesting money be transferred because they’ve ‘been robbed’, ‘had their luggage stolen’; and
- dating scams, where smooth-talking fraudsters work to build online relationships, and after some time, ask for money because they have hit an ‘unexpected problem’.
Many cases of fraud go unreported because people feel too ashamed or embarrassed to report them.
b) Crowdfunding Scams
When it comes to crowdfunding, Gofraudme
notes that: "a few themes seem to be popular with would-be profiteers: catastrophic medical issues (cancer is extra popular with fraudsters); personal disaster such as unemployment, pending homelessness, or other economic distress; veterinary bills; death of a family member or friend...
What sets fraudulent fundraisers apart from legitimate ones is — wait for it — usually nothing. You really have no way of knowing which fundraisers are legit and which are cooked up by modern day robbers using technology rather than guns... Remember that just about anyone can come up with just about any sob story, slap together a fundraiser, post it online, and BOOM money starts pouring in from Aunt Betty and even internet strangers across the world gripped by the mini-novel..."
c) Voice Phishing
In 2019 Security firm Symantec
said it had seen three cases
of seemingly deepfaked audio of different chief executives used to trick senior financial controllers into transferring cash. This is known as voice phishing or 'vishing' — a kind of audio deepfake. Another case
is reported
to have involved the CEO of an unnamed UK-based energy company, who thought he was talking on the phone with his boss, who’d asked him to urgently transfer €220,000 to a Hungarian supplier...
Is there anything wrong with this page?
If you would like to comment on the content, style, or the choice or use of material on this page, please use the contact form. Thank you!
Notes
1 The survey states that, though this number is huge, it represents a 31% decrease in cybercrime over 2017 (thought to be due to fewer computer viruses and better anti-virus technology). For the latest year in which figures were available (ending June, 2017), there was a big difference in the kinds of frauds committed under the heading of cybercrimes. Bank and credit card fraud made up around 75% of all offences, with consumer or retail fraud (taking out loans, signing mobile phone contracts, purchasing things in someone else’s name) made up around 22% of the total number of crimes. Under the heading of computer misuse, around 67% of cybercrimes were related to malware or viruses whilst 33% were related to unauthorised access of personal information.
2
HM Revenue & Customs has provided examples
of phishing emails and bogus contacts.
