Computer Crime Research Center

cybercrime/orgcybercrime.jpg

Weekend Read: Cyber crime goes global

Date: May 05, 2011
Source: Theprovince.com
By: ROBERT COLVILE

LONDON -- When, last Wednesday, Sony shut down its PlayStation Network without warning or explanation, there was much grumbling from players across the world who were suddenly denied access to their accounts. As the days dragged on, the irritation grew - curdling into full-grown, flabbergasted outrage when, on Tuesday night, the Japanese technology giant admitted to its 77 million users that every detail of their accounts, from passwords to addresses to credit card details, could be in the hands of criminals.

As PR disasters go, it is one for the ages. Sony, a firm that defines itself by being on the cutting-edge, has been exposed as having humiliatingly inadequate security procedures. Indeed, the news follows a succession of embarrassing breaches: in recent months, both Sony's Blu-Ray DVD system and its PlayStation 3 games console have been seriously compromised.

There were, it seems, unique circumstances. The network, claimed Alan Paller, an American cyber-security expert, may have been constructed in haste, to be ready for the associated console's launch. But the episode also illustrates the extent to which online data loss is an increasingly severe problem for corporations, governments and individuals alike.

There is, of course, an outside chance that the Sony hack was a freelance operation, perhaps carried out by fringe members of "Anonymous", the anarchic online collective that was involved in the earlier security breaches. But the affair has all the hallmarks of the criminal gangs who are turning computer hacking into one of the most profitable illegal enterprises on the planet.

For Sony is not alone. Every time we make a purchase, visit a website, carry out an online banking transaction, we are exposing ourselves to risk. Within recent days, we have discovered that every iPhone is leaving a trail of digital breadcrumbs, listing where they have been; that Oak Ridge National Laboratory, one of America's premier scientific institutions, has been penetrated by hackers for the second time in four years; and that, according to Sophos, a leading security vendor, Facebook's Apps service is "riddled with rogue applications and viral scams".

But the problem, claims Misha Glenny, who chronicled the rise of the global crime networks in his book McMafia, is far worse than most people realise. "If a company like Sony can be subverted," he says, "everyone else must be vulnerable." He cites one "white hat" hacker, employed to probe firms' defences, who found only one (a US pharmaceutical company) that was robust enough to fend off an attack. Even that fell within five minutes to a "phishing" attack, in which employees were asked to click on a link in a fraudulent email.

Part of the problem is that companies are only as secure as their least reliable employee: hence HM Revenue and Customs' loss of two discs containing the personal details of 25 million people, or the fact that Bradley Manning, the source of the WikiLeaks documents, could copy secret diplomatic cables on to a Lady Gaga CD. But the main issue is that such vast databases are an irresistible target. "We're moving away from the most opportunistic schemes, like credit-card fraud, into more organised operations," says Glenny. "Compared with traditional crimes, the risk of the ultimate mastermind being caught is very low, so it's very attractive."

Some of the schemes, which might involve five or six criminal contractors, are staggering in their sophistication. There is payroll fraud, where a company's accounting systems are hacked and fake employees inserted, with the money being parked in domestic accounts before being siphoned away overseas. The "mules" in this instance, says Glenny, will probably have responded to advertisements offering a way to make money from their computer at home, and will get to keep 10 per cent of the cash.

Then there are "pump and dump" schemes, in which stock markets are rigged to inflate shares artificially, or more traditional banking scams. The most sophisticated of these can not only take control of a customer's online bank account, but edit their statements so that suspicious transactions fail to appear: the thousands of pounds you think you have in your account - and are displayed on your online statement - will already have vanished.

There are ways to protect yourself: having different and regularly changing passwords, installing up-to-the-minute anti-virus software, ignoring suspicious emails. But ultimately, this is a global problem. As globalisation began to integrate developing nations into the world economy, so sophisticated cyber-crime clusters emerged in the Bric countries (Brazil, Russia, India and China), which had well-entrenched criminal cultures but also high levels of education and computer literacy. Since then, similar gangs have emerged across the globe - a process chronicled in Glenny's latest book, DarkMarket, to be published in September.

The cross-border nature of the problem only adds to the challenge facing investigators. Consider the case of Roger Mildenhall, an Australian living in South Africa. Nigerian criminals - using an American email account - obtained enough information on him to arrange the sale of one of his two houses in Australia without his knowledge, with the money being sent to China. In which country should they have been prosecuted? And will police forces really put themselves out to help colleagues overseas?

In the end, we are caught between a rock and a hard place. Toughening up our systems enough to thwart the criminals would not just be vastly expensive, but could render many day-to-day actions and transactions infuriatingly cumbersome and time-consuming. Yet the situation is rapidly getting out of hand.

Despite the suffering of PlayStation owners and many others, the best we can do is manage the problem - and at the moment, say the experts, we aren't even succeeding at that.



Read more: http://www.theprovince.com/news/Weekend+Read+Cyber+crime+goes+global/4698925/story.html#ixzz1LUz3cZyp


Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo