Cyber crime and you
Cyber crime is big business and with the growth of social networking, smartphones, spam and scams most people are easy pickings for ruthless cyber criminals, writes John Kennedy
IN 1965 a Canadian sociologist/futurist called Alvin Toffler wrote an article for US arts magazine Horizon called ‘The Future as a Way of Life’.
The article spawned a book published in 1970 called Future Shock where Toffler described a certain psychological state of individuals and entire societies dealing with the accelerated rate of technological and social change.
With smartphones, social networks and digital media changing lives, are people actually prepared to protect themselves or, because most of us are probably in a state of ‘future shock’, are we really just lambs to the slaughter?
Think about this: in recent weeks Facebook, which has 600 million users worldwide, was hit by five successive waves of spam attacks; people receive emails from phishers pretending to be from their local bank asking them to confirm their bank details; Irish homes are being rung daily from India by hackers who tell them they have a problem with their computer and then get them to download a virus, which opens them up to all kinds of attacks.
Last week the FBI and Microsoft shut down hosting providers across the US behind the Rustock botnet that is believed to drive 50pc of the spam that clogs up 60pc of our email inboxes.
Put simply, the accelerated rate of change means that ordinary people are easy pickings for sophisticated cyber thieves. One of the places that is being hit again and again by spam is Facebook, which counts 1.6 million Irish users.
Security firm ESET’s Urban Schrott says Facebook has become a multibillion-dollar hunting ground for cyber criminals.
He said anti-virus packages can protect against downloading malware but cannot protect users’ Facebook walls and urged users to “think before you click” on “shocking mustsee” videos or messages that appear on their walls.
A spokesman for Facebook explains: “We agree that education and awareness is the key to combating online security threats and that this issue is something we need to tackle together as an industry.
For our part, we have launched numerous education initiatives and continue to invest heavily in developing complex and innovative systems to protect the people who use Facebook.
“We encourage people, whether they’re on Facebook or somewhere else on the web, to think twice before clicking on things – do you really think your best friend is going to give you a free iPad for filling out a survey?’’
In 2008, Facebook was awarded $873m in damages against Canadian Adam Guerbuez and his company Atlantis Blue Capital, who was accused of sending spam messages to its members.
“Online security is a bit like an arms race, with cyber criminals and their targets constantly battling to stay ahead. At Facebook, we take the security and safety of the people who use our site incredibly seriously, and invest constantly in our security processes.
“Facebook faces a security challenge that few, if any, other companies, or even governments, have faced – protecting more than 500 million people on a service that is under constant attack. The fact that less than 1pc of Facebook users have ever encountered a security issue on the site is a significant achievement,” the spokesman says.
The internet is where the money is and hackers know this, says Trend Micro cyber crime expert David Perry. Organised crime gangs, he says, realise 99pc of money in the world today is electronic.
“Organised crime gangs are becoming giant global organisations. I would not be too surprised to find quite a few cyber criminals living among you in Ireland,” said Perry, who is the global director of education for Trend Micro, the Japanese internet content security firm that employs 100 people in Cork.
Perry attended the first eCrime Researchers event at UCD last week for cyber crime researchers, the Gardaí, other law enforcement agencies and academia. He explains that cyber warfare among states is a real threat but in the overall scheme of things today accounts for a smaller part of the bulk of cyber crime activity.
“What people need to realise is the vast bulk of cyber crime is not visible and leaves no trace. Most cyber crime happens under your nose, it doesn’t crash your system but it is there to pick your pocket. “Cyber thieves want your password for your bank account and credit cards.
“There was a famous bank robber in the States, Willy ‘The Actor’ Sutton, who was asked why did he rob banks. He replied: ‘That’s where the money is.' Today, the internet is where the money is.
“I am 57 and still think of money as notes and coins, but the reality is I can’t remember when I was last standing in a bank, because everything is electronic. Less than 1pc of all the money in the world is physical notes and coins. All the money in the world today is really just numbers on computers. That’s why the bankers are going there and that’s where the money is.”
Perry said more stringent means need to be identified to protect ordinary people from activities ranging from phishing to outright hacking. In the US, for example, banks still only use single-factor authentication – password and bank account number – creating a cyber thief’s paradise.
“People are lambs to the slaughter and obligingly treat a lot of what they do see as legitimate. In Japan, people are targeted by phishing both on email and even by fax. In Ireland, I know you’ve had people being rung up by bogus computer repair companies who end up installing viruses on computers and try to extort cash.
“This, in my opinion, abuses the trust my industry has earned over the years. We’ve got a world where in order to access your bank account you’ve got to prove who you are. But how come the bank doesn’t have to prove who they are?
“People who are cyberrobbed become victims and it is very hard to get that money back, mostly never. And in addition it ends up hurting their credit ratings. One of the issues Perry has with the internet and the rise of social media is when you look at social media sites like Facebook, who is the customer?
“I’m there but I’m not paying for anything, and yet the site is attracting advertising in the range of billions of dollars. My fear is advertisers are milking you for your personal data that can be sold for market research.
“You are not the customer, you are the product,” he warns. Referring to Toffler’s Future Shock, Perry doesn’t believe mankind is emotionally prepared for the rate of change that is occurring.
“Most of us don’t realise how computerised, how automated and how searchable everything is and how that affects us. The world has moved to a new city called the internet and most of us are not used to it yet.
“Some day we will embrace that culture and have better instincts for dealing with it, but right now we’re just lambs to the slaughter,” he says.