Why is cyber so popular with today’s criminal?

Posted on : 30-01-2015 | By : richard.gale | In : Cyber Security

Tags: , , , ,

0

In a recent interview Manhattan District Attorney Cyrus Vance Jr stated that a third of the crimes his office investigates are now related to cyber crime and identity theft. Cyrus referred to it as a ‘Tsunami’ and it has forced significant changes in the way his department works.

Cybercrime in all its forms is accounting for 200 – 300 complaints per month and is rising fast. Cyber is one of the few areas of crime that is actually rising. Most other types of crime are decreasing and this pattern continues into the UK.

 

So why is cyber crime on the increase, what sorts of crime are occurring, who are the criminals and how do they operate?

 

Why do criminals carry out cybercrime?

Ease – The ability to carry out cybercrime is getting easier. There are plenty of tools available, some of the crimes are the simplest such as the scamming emails which purport to be from your bank or someone who has lost their wallet abroad do not need any special equipment. There is still a perception from some consumers that emails with the correct logos are official and should be taken seriously. More complex frauds using targeted malware and tools are more difficult to commit but are becoming widespread as the value of theft can be far greater. The ‘cost of entry’ to the Cyber market is getting lower and the tools becoming more prevalent.

Lower sentencing – Traditional crime, especially where violence or threat of violence is concerned is usually severely punished. Cybercrime generally comes under the banner of ‘white collar’ crime and the price criminals have to pay for this can be far lower in the form of lighter/suspended sentences or even just fines. This attracts criminals to the lower risk/reward ratio. Punishment of cybercrime may change as it matures but for the moment it is an easy option.

Higher Risk/Rewards – The average ‘take’ for a bank robbery in the U.S. is $1,200, the sentence for a violent crime can be life. Conversely the average loss for a cyber crime is $4,600 and the likelihood of any custodial sentence is low. In addition the chance of being caught is very low compared to a bank robbery.

Comfort – Traditional crime is weather dependent, burglary rates go down when it is cold and raining (partially due to the lack of open windows but also because burglars dislike going out in bad weather as much as the rest of us). A significant amount of cybercrime can be carried out from anywhere including the comfort of a criminal’s house.

 

What cybercrimes are popular? How are they carried out?

Hacking: This is a type of crime wherein a computer is broken into so that sensitive, confidential or personal information can be accessed by an unauthorised party. In hacking, the criminal uses a variety of software to enter a person’s computer and the person may not be aware that his computer is being accessed from a remote location.

Theft: This crime occurs when a third party steals credentials to access and reuse or sell unauthorised data. This can include reproducing copyrighted material such as music, movies, games and software. There are many peer sharing websites which encourage software piracy, these get shutdown on a regular basis but spring up again very quickly.

Cyber Stalking: This is a kind of online harassment wherein the victim is subjected to a barrage of online messages and emails. Typically, these stalkers fall into two groups. Ones who know their victims and instead of resorting to offline stalking, they use the Internet to stalk and the other where there is no previous connection to the victim except that they are in the public eye for some reason.

Identity Theft: This has become a major problem with people using the Internet for cash transactions and banking services. In this cybercrime, a criminal accesses data about a person’s bank account, credit or debit cards and other sensitive information to siphon money or to buy things online in the victim’s name. It can result in major financial losses for the victim and is an increasing overhead for financial services companies.

Malicious Software: These are Internet-based software or programs that are used to disrupt a network. The software is used to gain access to a system to steal sensitive information or data or causing damage to software present in the system. DDOS – denial of service and malicious encryption tools are often used for extortion purposes.

Child soliciting and Abuse: This is also a type of cyber crime wherein criminals solicit under age children through a variety of mechanisms for the purpose of child pornography. Government agencies are spending a lot of time targeting these types of crime and monitor chat rooms frequented by children to prevent this sort of child abuse.

 

Who are the cyber criminals?

Professor Marcus Rogers, Director of the Cyber Forensics & Security Program and Purdue University has produced a taxonomy of offenders;

Script kiddies: who are motivated by “immaturity, ego boosting, and thrill seeking.” Rogers says they tend to be “individuals with limited technical knowledge and abilities who run precompiled software to create mischief, without truly understanding what the software is accomplishing ‘under the hood.’ ”

Cyber-punks: who “have a clear disrespect for authority and its symbols and a disregard for societal norms.” According to Rogers, “they are driven by the need for recognition or notoriety from their peers and society,” and are “characterized by an underdeveloped sense of morality.”

Hacktivists: who, in Rogers’ estimation, might just be “petty criminals” trying to “justify their destructive behaviour, including defacing websites, by labelling [it] civil disobedience and ascribing political and moral correctness to it.”

Thieves: who are “primarily motivated by money and greed” and are “attracted to credit card numbers and bank accounts that can be used for immediate personal gain.”

Virus writers: who tend to be drawn to “the mental challenge and the academic exercise involved in the creation of the viruses.”

Professionals: who are often ex-intelligence operatives “involved in sophisticated swindles or corporate espionage.”

Cyber-terrorists: who are essentially warriors, often members of “the military or paramilitary of a nation state and are viewed as soldiers or freedom fighters in the new cyberspace battlefield.”

 

To conclude, cybercrime is a fast growing, multi-faceted problem with new participants entering the arena every day. It will be interesting to see how technology and other commercial organisations approach the problem and how society and government organisations attack the cyber hordes. We will be following this article with our thoughts on how it can be approached in the coming months.

Agile. Is it the new name for in-sourcing?

Posted on : 30-01-2015 | By : richard.gale | In : Innovation

Tags: , , , , , , , , , , , , , , ,

0

Business, IT, clothing are all similar in so much that they can lead and follow fashions & trends.

Looking at IT specifically there is a trend to commoditise and outsource as much as possible to concentrate on the core ‘business’ of growing a business. As we all know this has many advantages for the bottom line and keeps the board happy as there is a certainty of service & cost, headcount is down and the CIO has something to talk about in the exec meetings.

At the coalface the story is often a different one with users growing increasingly frustrated with the SLA driven service, business initiatives start to be strangled by a cumbersome change processes and support often rests in the hands of the dwindling number of IT staff with deep experience of the applications and organisation.

So a key question is –  How to tackle both the upward looking cost/headcount/service mentality whilst keeping the ability to support and change the business in a dynamic fulfilling way?

Agile is a hot topic in most IT and business departments, it emerged from several methodologies from the 1990’s with roots back to the ‘60s and has taken hold as a way of delivering change quickly to a rapidly changing business topology.

At its core Agile relies on:

  • Individuals & interaction – over process and tools
  • Customer communication & collaboration in the creation process – over agreeing scope/deliverables up front
  • Reactive to changing demands and environment – over a blinkered adherence to a plan

The basis of Agile though relies on a highly skilled, articulate, business & technology aware project team that is close to and includes the business. This in theory is not the opposite of an outsourced, commodity driven approach but in reality the outcome often is.

When we started working on projects in investment organisations in the early ‘90s most IT departments were small, focused on a specific part of the business and the team often sat next to the trader, accountant or fund manager. Projects were formal but the day to day interaction, prototyping, ideas and information gathering could be very informal with a mutual trust and respect between the participants. The development cycle was often lengthy but any proposed changes and enhancements could be story boarded and walked through on paper to ensure the end result would be close to the requirement.

In the front office programmers would sit next to the dealer and systems, changes and tweaks would be delivered almost real time to react to a change in trading conditions or new opportunities (it is true to say this is still the case in the more esoteric trading world where the split between trader and programmer is very blurry).  This world, although unstructured, is not that far away from Agile today.

Our thinking is that businesses & IT departments are increasingly using Agile not only for its approach to delivering projects but also, unconsciously perhaps,  as a method of bypassing the constraints of the outsourced IT model – the utilisation of experienced, skilled, articulate, geographically close resources who can think through and around business problems are starting to move otherwise stalled projects forward so enabling the business to develop & grow.

The danger is – of course – that as it becomes more fashionable – Agile will be in danger of becoming mainstream (some organisations have already built offshore Agile teams) and then ‘last years model’ or obsolete. We have no doubt that a new improved ‘next big thing’ will come along to supplant it.