Categories
Business security

ISPA Parliamentary Advisory Forum on e-crime

The average punter knows very little about e-crime. I can’t say I’m an expert myself but I had an eye-opening afternoon yesterday at the ISPA Parliamentary Advisory Forum on the subject. Attended by both MPs and industry stakeholders the meeting was standing room only which perhaps underlines the level of interest in the subject.

We use anti virus software in the belief that it stops nasty people putting nasty things on our PCs that will destroy our files. In the early days of e-crime this is what it was all about. Nerds sat in their bedrooms writing viruses with no real objective other than showing the world how big and powerful they were.

From around 2003 all this changed and e-crime became big business and the sad teenagers in bedrooms have turned into professional software writers working for organized gangs.

Now the crooks don’t want to break your computer. In fact they don’t even want you to know they are there. The malware that they deposit on your PC just sits there quietly logging your every keystroke. When you make purchases online your credit card information is logged and fed back to the gangs. The Conficker A virus even made your network run more efficiently so that it could better perform its job.

Until last year, when they were stopped, there were websites such as “darkmarket.com” (Google it for more info) where criminals talked to criminals, swapped trade secrets and engaged in crooked business such as the sale of stolen bank account information.

This criminal activity is organized primarily from the former Soviet Union, China and Brazil. The crooks know how to work the system. They never steal information from their own country. That way if a local police force is asked to assist with an international crime there is less incentive.

The police in Sao Paulo, for example have to deal with a high murder rate on the streets. How do you prioritise credit card fraud overseas in that case when you have limited resources to address problems on your own doorstep.

An Ukranian gang was said to stop the process of infecting a PC if it’s IP address was found to be Ukranian specifically to avoid the attentions of the local rozzers.

So what is being done in the UK to try and combat e-crime? It ain’t easy. Detective Superintendent Charlie McMurdie, who incidentally looked as if she was straight out of an action cop movie, runs the 30 strong e-crime unit at the Metropolitan Police and was speaking at the meeting.

With a team of only 30 people the police have to concentrate on big crimes. If someone rips off £50 from your credit card or bank account they aren’t interested. You are supposed to report it to the banks who then submit a collated picture to the police. In reality much of this type of crime goes unreported so nobody really knows how much of it is going on.

Where the police do get involved is with serial crimes. In other words whilst if someone pinches £50 from your e-wallet they aren’t interested, if someone does it to a thousand people then they are and this has happened in the UK.

Unfortunately, for someone who gets caught the penalties for this type of crime are often very low, community service for example, so the disincentive isn’t there. What’s more e-crime is often zero touch. In other words if someone steals TV programming and sells it to a Russian online TV Channel then the only thing affected is a potential reduction to the revenue stream of the rights holder. The man on the street is unharmed. This makes it less interesting to the police and is why the likes of BSkyB employ former policemen, effectively as revenue protection officers.

It isn’t fair to say that nothing is being done in the UK to prevent e-crime but the whole subject area is a difficult one and merits not only more effort but also improved levels of international co-operation due to the cross border nature of the game. I am afraid this is going to be an uphill struggle.