22 October 2016Last updated

Features | People

The widening web of deceit

The internet has bred a new class of criminals and a multibillion-dollar industry in cybercrime, says Nick Harding

By Nick Harding
8 Jan 2016 | 12:00 am
  • Source:Shutterstock Image 1 of 2
  • One of the biggest facets of cybercrime is stealing personal information from millions of unsuspecting people.

    Source:Alamy Image 2 of 2

The internet, some argue, is humankind’s greatest achievement. It connects the world, accelerates learning and development and promotes democracy and equality. It gives a voice to the erstwhile silent, it oils the wheels of global commerce and makes it very easy to order pizza. It is all things to all people – a never-ending source of cute pet videos or a tool to tell the world what you are thinking about right now. And it is largely unregulated, which makes it a magnet for criminals drawn to the ever-expanding amount of money and information that flow through it.

E-commerce is the fastest-growing business sector in the UAE. A recent report by PayPal estimated that in the Middle East alone, the industry was worth $15 billion (about Dh55 billion) in 2015, driven by a spurt in online shopping and increased smartphone usage. The UAE is the market leader in the region. In 2012, the total e-commerce market in the GCC was estimated to be $3 billion- $3.5 billion, with the UAE contributing 50-60 per cent. Currently, the e-commerce market here is estimated at $2.5 billion. By 2018, that will grow to around $10 billion.

And in all its guises, cybercrime is keeping pace with the growth.

In 2012, security firm Norton said the global cost of cybercrime was worth around $110 billion a year. It believed more than 556 million people were affected, stating: ‘Every second, 18 adults become a victim of cybercrime, resulting in more than 1.5 million victims each day on a global level.’

In 2014, internet security company McAfee updated the figures, claiming worldwide losses stemming from cybercrime to be 
$410 billion a year.

Cybercrime includes millions of people having their personal information stolen. Between 2013 and 2014, 54 million in Turkey, more than 40 million in the US, 20 million in Korea, 16 million in Germany, and over 20 million in China had their details stolen. One estimate puts the total at more than 800 million individual records in 2013.

It also warned that ‘cybercrime is evolving at an astounding pace, following the same dynamic as the inevitable penetration of computer technology and communication into all walks of life. Whilst society is inventing and evolving, at the same time, criminals are deploying a remarkable adaptability in order to derive the greatest benefit from it.’ Put simply, online criminal activity is keeping pace with technology, exploiting it as it develops.

In fact, criminals utilise hundreds of inventive ways to target victims. Phishing or spoofing is perhaps the most common. Criminals create a fake copy of a popular site, lure users on it and ask for login data and other sensitive information. These credentials can then be used to steal money from users’ accounts and create fake IDs, or be sold to other criminals. Blackmail, extortion, bet-rigging and piracy are other common cybercrimes.

The number of people reporting cybercrimes in Dubai almost doubled year-on-year between 2011 and 2013, according to Dubai Police. There were 1,419 incidents reported in 2013 and 588 in 2011. The most common crimes were fraud, blackmail and extortion.

In an interview with Gulf News a couple of years ago, a senior police officer said that victims often had some weakness or character flaw that criminals use to exploit them. Lack of social intelligence, being greedy, not being content and having an emotional void or financial troubles are some weaknesses that criminals target, he said.

Globally, phishing attacks grew from 19.9 million in 2012 to 37.3 million in 2013, an increase of 87 per cent. The most commonly targeted territories were Russia, the US, India, Vietnam and the UK.

Various academics have analysed the cost of internet cons. In 2007, 280,000-560,000 people fell victim to fake websites, earning the criminals $320 million. Even well-publicised cons that have been used for years can prove lucrative. The Advanced Fee ruse, whereby unsolicited emails are sent to recipients requesting small amounts of money to pay fictitious costs so that a larger fortune can be released, is estimated to net criminals over $1 billion.

So far, cybercriminals appear to be winning. Because of the global nature of the internet, law enforcement can get bogged down by jurisdictional bureaucracy. Cybercriminals are hard to trace, and such flaws have made them increasingly brazen. Many advertise their services online. They use encryption programmes and proxy servers to shield their locations and identities.

Criminals from different nations have their own specialisations. The Advanced Fee method is commonly used by Nigerians, while Brazil is called the spiritual home of banking malware. Russia and China are also known to be thriving cybercrime hubs. Authorities in Nigeria and other African countries have been slow to crack down on scammers and hackers.

A couple of years ago, investigators uncovered a Russian crime ring suspected of obtaining access to a record 1.2 billion username and password combinations. Crime syndicates use some of the most technologically advanced tools as trained computer engineers opt for lucrative underground work to make a quick buck.

Brazil has an emerging cybercrime economy. Cybercriminals there and across South America are increasingly learning from their counterparts in Eastern Europe via underground forums and buying their tools to mount attacks. Eastern European hackers provide IT support for customers buying their malware.

In Vietnam, where the IT industry has expanded at a rapid rate over the past decade, a hacker allegedly masterminded the theft of up to 200 million personal records in the US and Europe, including Social Security numbers, credit-card data 
and bank account information.

An investigation by Trend Micro, a global leader in internet content security software, into Russian cybercrime websites found price lists of criminal internet services. Crooks were hiring out networks of virus-infected computers – or botnets – for as little as $2 an hour. Botnets can be directed to launch attacks on web services, bombarding them with requests until they crash. Botnet attacks can be used to take down the websites of competitors and criminals can use an attack as a way of blackmailing a business that relies on its website. The list also included prices for the hire of anonymous servers, Trojans, which could be used to spy on people, and spamming services.

Rik Ferguson, Trend Micro’s director of security research and communications, told Wired that the cybercrime market in Russia is ‘very much a well-established market. There are people offering niche services, and every niche is catered for.’

Recent crime trends include the increased use of ransomware – malware that infects a computer and locks its hard drive. A message is sent to the computer user advising that local law enforcement has detected something such as child pornography or pirated software on their PC, and if they want to unlock it they have to send money to a certain bank account.

Meanwhile, mobile phones offer a whole new area of opportunity.

In a study of more than 13,000 adults across 24 countries by security firm Symantec, 45 per cent said they sleep with their smartphone or tablet within arm’s reach. However, only 17 per cent have security software on their phones and 54 per cent are not aware that security solutions for mobiles even exist. As a result, 25 per cent of those surveyed said they had been a victim of mobile cybercrime within the past 12 months.

Thankfully, the UAE is well ahead when it comes to cybersecurity. One of the Telecommunications Regulatory Authority cybersecurity team’s strategic goals is to prepare a globally sustainable, secure and competitive digital environment in the country. Agencies across the nation are also aware of the importance of maintaining secure systems.

Last year, Abu Dhabi hosted the fifth international cybercrime conference, where experts and law enforcement officials called for greater cooperation and information sharing between governments, businesses and agencies to tackle the issue.

Officials from the Ministry of Justice called for more stringent laws to tackle cybercrimes.

But while governments and businesses work together to defend against online criminal enterprises, there are simple measures individuals can take to avoid being compromised. ‘To stay safe on the internet, never open attachments and files that are sent from unknown origins,’ says Vitaly Kamluk of security firm Kaspersky Lab.

‘Also try to avoid using removable storage media. Certain viruses have modules, which allow them to propagate through USB drives. There are plenty of online file-sharing services that can be used instead.’

By Nick Harding

By Nick Harding