Cyber crime crackdown

Date: February 02, 2004
Source: Computer Crime Research Center
By: James Thompson

... for a certain commission. If they agree to do so, their account is used as part of the scam to send on stolen funds to the fraudsters overseas. The NHTCU acknowledged that very few people have been successfully duped by these scams. But there has been numerous high-level meetings between it and the banking industry – both of which remain highly vigilant. Len Hynds, the NHTCU’s detective chief superintendent, says: “We know that many of these ‘funds transfer scams’ involve the proceeds of fraud, and consumers who participate in these schemes are likely to become embroiled in a police investigation. The message is – don’t allow yourself to be duped. Remember, if an unsolicited money-making offer looks too good to be true, then it probably is.” Adding a well known IT maxim, David Lennox, director of fraud and physical security at the British Bankers’ Association, says: “The threats in the online world are the same as in the offline world. While these types of fraud have always been with us, the internet is now being used as the preferred medium for attempting to carry them out.” In other areas, spammers – the scourge of internet users worldwide – are also becoming far cleverer in how they send junk emails. “The spamming community using technical sophisticated Trojan software to further propagate their spam,” says Lyons.

Confidentiality charter

In a bid to increase the reporting of corporate electronic crime, the NHTCU unveiled a charter detailing how it will treat information divulged to them by businesses in December 2002. The Confidentiality Charter sets out how companies can interact with the NHTCU in a secure and confidential manner when they wish to exchange information, report hi-tech crime or simply seek advice. The charter covers the investigation process in the event of an attack and states that all exchanges of information will be treated confidentially. The unit promises to protect the source of information in accordance with the law and its own tried and tested source handling process. The charter also stresses that all efforts will be made to limit disruption to a company’s day-to-day operations. Mirroring these concerns, two-thirds of those surveyed by NOP, said the single most important impact of a serious computer-enabled crime was on either the ability of the company to operate and function or do business with its customers. Furthermore, the NHTCU says it is also committed to minimising the risk to company’s reputation. “When appropriate, we will agree with the company concerned that information must remain confidential between us and what, if any, may be sanitised and disseminated for the benefit of industry in general.” While some large UK companies will no doubt be on the hit list of serious criminals, most businesses are more likely to suffer security threats such as computer viruses or self-propagating worms. And despite years of warnings about enterprise security, companies and users still make elementary mistakes. Lyons says some companies could be more careful such as with their recruitment of staff and by enforcing password changes. “If most companies adopted the British information security standard, 7799, for example; and looked after their personnel, physical, electronic and information security to that basic standard – then that would be an enormous step forward in the business protecting itself.” On a broader scale, the good news is that organisations like the NHTCU are slowly, but surely, increasing their knowledge of – and ability to tackle – high-tech crime on a daily basis. The bad news is that with the use of technologies such as broadband and third-generation mobile devices expected to explode over the next few years, present crime rates may just be the tip of a very large high-tech crime iceberg.

---

Add comment  Email to a Friend