Being aware of your online threats: Part 1 - cybercriminals
Updated: Apr 11, 2019
In my first blog, we talked about how you already have some great skills you have learned from the physical world, in terms of how you manage your physical risk on a daily basis. We looked at how we use these skills, that help us to stay aware of the threats around us, including building a view on the criminals that might be physically operating in our country, city and even and our suburb. This knowledge is gained through experience, via our families, our networks (such as schools, clubs and neighbours) and also via information provided by the media, the government and the police.
You might worry a lot or a little about the threat of physical crime such as theft, depending on where you live, your circumstances, your ability to recover financially, whether you have insurance and also on your general perception of the physical risks around you. As also discussed in my first blog, you probably already know what you would do if the worst does happen and how you will recover - you have a plan.
So, how do you start to gain the equivalent knowledge about the criminals operating in the online world?
Firstly, don't be too hard on yourself if you know nothing about them right now, other than that they might sit at computers, wear balaclavas and black leather gloves (which by the way is not an entirely accurate representation, but this is not your fault! these are the images that we have been fed with the headlines).
Remember, the internet has only be around for a few decades and in contrast humans have been managing our physical risk and the criminals that operate in the physical world, for many thousands of years.
So to get you started, I thought the best way to help would be to summarise the 5 ways in which cybercriminals are similar to physical criminals and the 5 ways in which they differ. My hope is that this will leave you feeling more sure about what you might face online - I don't know about you, but I prefer to know more about any threats I might face, so that I can prepare myself .
Before we jump into these similarities and differences, let's clarify a few definitions.
According to the Oxford English Dictionary:
a 'criminal' is a person who has committed a crime and
a 'cyber criminal' is a person who engages in criminal activity by means of computers or the Internet.
a 'computer hacker' is
1. An enthusiastic and skilful computer programmer or user.
2 A person who attempts to gain unauthorized access, especially remotely, to a computer system or network
You may have only heard 'hackers' referred to in the context of 2 but not all hackers are bad (1) and we will shine a light on the term 'hackers' in more detail in a later blog post as this warrants a seperate session.
You may also hear or read in the media, references to the following:
Nation state attacks which refers more to how a country or group of people might utilise the online world to gain advantage over or defend themselves against another country or group of people (think of it like the online version of physical spying)
Hacktivism often politically motivated, this is form of online protesting and can also involve significant cyber crime - the physical equivalent example would be animal rights protesters breaking into an abattoir for example.
We also unfortunately, just like the physical world, have bullies and pedophiles operating online
These terms will be unpacked in future blog posts and are not covered below because they warrant a more detailed explanation behind this activity. For this session our focus will be on general cybercrime.
So with that, let's look at what physical and cyber criminals have in common - you already know a lot about physical criminals so this will be a breeze.....
Similarity 1: They are looking to make money
This might seem like stating the obvious but in general, both groups of criminals are looking to make money from their crimes - it seems over simplified but it is important to clarify this point.
2. They don't always fit stereotypes
Like physical criminals, cyber criminals they don't always fit a particular stereotype. Men and women can commit cybercrime and they can come from any country or background.
In the physical world we have examples like fraudster Frank Abagnale Jr. (depicted in the 2002 movie 'Catch me if you can' starring Leonard DiCaprio) who managed to steal a lot of money and fool so many people, even posing as a pilot and a doctor in the physical world in his day - he got away with it for a long time and was someone who didn't fit the criminal stereotype.
In the cyber world, here are some recent cybercriminals who also don't fit the stereotype (they are not wearing hoodies, balaclavas or black leather gloves for a start!);
This is Alex Bessell - a 21 year old male from the UK who was jailed in 2017 after he made more than £50,000 in proceeds from selling both his and other people's malware (bad software that 'infects' a computer) products via his online store, enabling users to spread viruses, conduct attacks and steal data.
This is Jordan Evan Bloom - a 27 year old man from Canada was charged in 2017 with trafficking in identity information, unauthorised use of computer, mischief to data and possession of property obtained by crime.
And we don't have an image for her but Inna Yatsenko - is a 32 year old female marriage agency executive from the Ukraine who together with her co-convicted Gayk Grishkyan (24) received a 5 year suspended jail sentence in 2018, after they disrupted hundreds of websites, including those belonging to a number of international firms and demanded ransoms be paid in order to cease the disruption.
3. They can be big multinationals or small medium enterprises
Like physical crime, the cyber crime 'economy' includes large ‘multinational’ operations (the cyber equivalent of global drug cartels) that can make profits of over $1 billion right through to smaller operations where profits of $30,000-$50,000 are the norm according to some independent research released by Bromium in 2018. They also, like physical criminals, have a networks of trusted partners, associates, resellers, and vendors who they work with.
4. They constantly innovate
Just like criminals in the physical world, cyber criminals must constantly innovate to 'outwit' the controls put in place to thwart them - in the physical world, motor vehicles now come with immobilisers fitted as standard to reduce theft and and in response, criminals have 'innovated' to find a way around this technology (covered later in this article).
In the world of cyber security, recent innovations mean you no longer need specialist skills to commit cybercrime as outlined by this article from the Australian Strategic Policy Institute's which confirms ;
Tools which were previously accessible only to governments or high-level hackers are increasingly becoming available in off-the-shelf, relatively easy to use formats, meaning that hackers don’t need to be as skilled to operate them and therefore can’t charge as much for their services.
This has lowered the barriers to entry for cybercrime, unfortunately making it much more accessible.
5. They are opportunists
You might also hear of 'cyber attacks' being described as 'sophisticated'. In actual fact, many of the techniques used by cybercriminals are not particularly 'sophisticated'
and whilst more complex hacking does happen (often in relation to 'Nation State Attacks' which we will look at in a future blog) more often than not, cyber-criminals hitting the headlines are not doing anything particularly 'sophisticated' and are more likely opportunists – like all criminals.
Now that we've looked at the similarities, let's see how cybercriminals are different;
Difference 1: Their relationship with victims
Cybercriminals don't need to be physically close to their victims and one of the patterns that has emerged from some early research (cited in the article above) into cybercriminals, is that it is the separation they have physically from their victims that helps them to justify their criminal acts.
It is easy for them to perceive that no harm has been done because the victim isn't right in front of them.
In my opinion, this links to a broader issue we have with society in terms of the things people are willing to say and do online v's how they behave face to face in the physical world and I think it would be good to see some more research in this space (if you know of some already, I would love to hear about it so I can add the link in here!).
Difference 2: The area in which they can operate
If you have every watched true crime shows or some of the fictional shows on TV about criminals, you will probably know that they often have a 'turf' which is the area in which they tend to commit their crimes. They may be limited to their area or turf via physical geography, by 'turf' agreements (or wars) with other gangs or perhaps they are constrained in an area by a very effective law enforcement campaign or physical resources, including team members, time and money.
Unlike physical criminals, cyber criminals generally have no limits in terms of the geographic reach of their crimes - they can potentially reach victims in any country. To put this into context, here is a snapshot of what the online 'turf' opportunity might look like:
There are around 4 billion Internet users which is around 50% of the world's population in 2018
The world's population is growing each year, as is the number of internet users which increases the opportunity for cyber criminals
There is also a lot of data out there that can be used by criminals to make money. as of May 2018, 90% of the data created in the world had been created in the 2 years prior. This is expected to continue to grow.
I am not suggesting that every human online today and in the future will become victims, nor is all of this data that is being created of value to cyber criminals, but it gives you a sense of the scale of the opportunity for cyber criminals.
In addition, linked to point 1 above - not needing to be physically near to victims may also make it easier for cybercriminals to scale to reach more victims - quite a lot of effort goes into physically stealing a car and selling it on whereas online you could hit thousands of potential targets in a day.
Cybercriminals are also less constrained by resources - which leads nicely on to point 3....
Difference 3: Their use of 'marketplaces'
The internet version of a physical market, mainstream online marketplaces are used by many of us today - some examples being ebay or Amazon. These marketplaces have helped us as consumers, to have more choice and often better pricing for goods and for small businesses, they have helped to reduce their overheads of having physical stores as well as enabling them to reach more customers.
For Cybercriminals, they have their own special marketplaces which are hidden in a part of the internet called the 'Darkweb' - this is a part of the internet that you need special tools to access and it is place where cybercriminals can easily and anonymously buy and sell services.
(Note: If you are curious to learn more about the Dark Web there is a fantastic #TedTalk by Jamie Bartlett you might want to check out).
Within these marketplaces, cybercriminals also utilise business models and offer things like warranties for their work, customer services help desks, ratings for their work and even service agreements between malicious software providers and their hacker customers - something you wouldn't expect to get from regular physical criminals!
However, it's worth noting that Dutch researchers from Delft University of Technology published these findings based on their analysis of 6 years of transactions from 8 anonymous online marketplaces (located in the dark web) that cover the major part of these services. They found that the volume of this trade is very limited, compared to the volume, for example, of the drugs trade on these markets.
According to this article in the Financial Times in 2018, cybercriminals have also recently begun to use mainstream platforms outside of the dark web to advertise their services - the cyber equivalent of posting an advert in the local free ads newspaper, again, something you wouldn't see a physical criminal doing!
Difference 4: Chance of getting caught
Statistics show it is still quite hard to convict cyber criminals, and unlike criminals in the physical world, online criminals can commit their crimes from overseas and hide overseas, with international corporation required to stop them.
According to this article, with no FBI equivalent to catch cyber criminals;
What we have is a patchwork of alliances, cooperation agreements, political maneuvers and back-channel negotiations - which may or may not be effective.
Whilst there are certainly some good examples cited in the article of where international co-operation has helped to take down cyber criminals, for example a Kosovo cyber terrorist who helped ISIS, was sentenced to 20 years in prison after being extradited from Malaysia, there are still some challenges in the pursuit of cyber criminals including;
Countries that don't co-operate
Processes around cybercrime that are less mature than those of physical crime. for example in the legal system as outlined in This article from the US which points out that;
Our legal system, refined over centuries, was forged in the physical world for physical crimes. Internet crime is not even three decades old.
The varying definitions of what constitutes a cyber crime
Attribution - being able to determine who committed the crime and from where.
Obtaining good quality evidence
Jurisdiction of the crime
The fact that very few cyber crimes are reported.
(Note: If you live in Australia, cybercrimes can be reported to the Australian Cybercrime Online Reporting Network ACORN. We will cover 'where to get help' in more detail in a later blog),
Difference 5: Job conditions
Cyber criminals are more likely to be better paid and according to this article earn 10-15% more than their physical criminal counterparts. Recent studies estimate that earning potential for cyber criminals can be up to $2m per year (USD) with mid-level cyber criminals making up to $900,000 and entry-level cyber criminals making about $42,000.
And you might have heard the quote;
"cybercrime is now worth more than the global drugs trade"
I ran a quick fact check on this and confirmed it's validity - in terms of the ability to profit from cybercrime, in comparison to a traditional 'physical crime' like drug trafficking;
Bromium research released in 2017, has conservative estimates of cybercriminal revenues worldwide of at least $1.5 trillion – equal to the GDP of Russia.
By comparison, this article from 2017 cited some research that estimated the global market in drug trafficking is valued at between $426 billion and $652 billion (USD)
But.... the lines are blurring....
Whilst there are some clear similarities and differences outlined in this blog, there is also an increasing blurring of lines emerging between physical and cybercrime:
Criminals use the internet for previously 'physical only' crimes like trafficking drugs
Proof point: analysis of the Darknet (as part of the global drug report 2018) shows that traditional physical crimes such as drug trafficking make up the majority of transactions online in these markets compared to cyber crimes e.g. 62% of listings on the major darknet markets related to drugs (77% of which are in relation to illicit drugs) and the remaining 38% are made up of the 'other' of which Fraud and counterfeit make up (44%) and hacking and malware (5%).
Some criminals may commit both physical crime and cyber crime
Proof Point: with relatively low prices to hire a cyber crime services as outlined previously, traditional physical criminals are now able to utilise the online channels to commit crime, even if they don't have the knowledge themselves to perform the work. Researcher Mike McGuire from the University of Surrey found that when analysing data on how cybercriminals spend the proceeds of their crime 20 percent used at least some of their revenues to reinvest in further criminal activities – for example, buying equipment or more crimeware, as well as channeling revenues to the production of illegal drugs, human trafficking, and terrorism.
The 2017 Bromium research referenced earlier also confirmed that profits from cyber crime have been found to fund broader physical crimes such as human trafficking, drug production and terrorism.
Some criminals are thwarting physical security technology controls using online markets
This article from security company Trend Micro outlines how these 2 worlds are coming together with advertisements online, peddling vehicle 'toolkits' to potential customers that allow someone to bypass the immobiliser of a car using, a special type of special software (called firmware) brought online for $450.
Putting this all into perspective
So, with these similarities and differences between physical and cyber crime in mind, I wanted to leave you with some facts that will hopefully help you put this into perspective, using actual statistics of cyber v's physical crime using an example here in Australia.
In Australia in the year 2017;
1/3 Australian adults fell victim to Cybercrime (around 6m people)
The number of Australians that fell victim to theft, unlawful entry or theft of a motor vehicle that same year combined was less than 1m people (738,105)
My goal is not for you be scared by these facts, however it is totally understandable that if this is all new to you, you may have found learning about this threat you were not necessary aware of quite confronting.
What you can do next
Remember those fantastic foundational skills we spoke about in my first blog that you already use to manage your risk in the physical world? the one where you constantly keep yourself informed of the criminals operating in your area, so that you are better informed about the threats you face?
Well, the good news is you can do to the same in your online world!
If you are in Australia, you can subscribe to a free alert service provided by the government which will help you stay up to date on the online criminals affecting Australians and what you can do about them - visit Stay Smart Online here to sign up.
If you are a business, you may consider signing up to become a member of AusCert who provides timely threat and vulnerability alerts for businesses. Prices start from $1,630 per year for 1-200 network users. More details can be found here.
(Note: If you are reading this from outside Australia, I will be compiling a list of similar services in other countries and post them in the resources section once confirmed).
Lastly, if you are still worried or if you have a specific question, please don't hesitate to contact me via the form on this site and I will help if I can or if not, I will put you in touch with the right people!