NESTA Crime Online - University of Brighton Repository
NESTA Crime Online - University of Brighton Repository
NESTA Crime Online - University of Brighton Repository
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
fraud. Their methodology is still being developed, but differs from that adopted by the<br />
UK Cabinet Office. 23<br />
Information on data losses and security breaches is generally reported in the news<br />
and IT security online journals, although some organisations are also dedicated to the<br />
collection <strong>of</strong> this type <strong>of</strong> data. For instance, the DataLoss database 24 documents reported<br />
data loss incidents worldwide. In the UK, the Department for Business, Enterprise &<br />
Regulatory Reform (BERR, now the Department for Business, Innovation and Skills) 25<br />
also conducts a regular survey <strong>of</strong> Information Security Breaches.<br />
Other independent initiatives <strong>of</strong>fer regular updates, trends and general information on<br />
specific types <strong>of</strong> cybercrime techniques, such as: the Anti-Phishing Working Group, 26<br />
focused on activities that direct people to fraudulent websites through phishing,<br />
pharming and e-mail spo<strong>of</strong>ing; or the Spamhaus Group, 27 which tracks and publishes<br />
information about Internet spammers as well as about spam gangs and services.<br />
Despite the abundance <strong>of</strong> cybercrime-related figures, the lack <strong>of</strong> consensus on measures<br />
and methodologies remains a matter for public and pr<strong>of</strong>essional concern. 28 Different<br />
organisations have their own means for collecting data. Sometimes these come directly<br />
from reports and complaints made by individuals and firms. In other cases, global and<br />
national figures are statistically suspect extrapolations from observations extracted from<br />
honeypots, 29 or relatively small populations. 30 It is important to recognise these<br />
perceived to be in the banking industry’s interest to deflate cybercrime fraud figures so as to allay customer<br />
fears.<br />
23 See www.identity-theft.org.uk/cms/assets/Cost_<strong>of</strong>_Identity_Fraud_to_the_UK_Economy_2006-07.pdf.<br />
24 See http://datalossdb.org/.<br />
25 See www.berr.gov.uk/.<br />
26 See www.antiphishing.org.<br />
27 See www.spamhaus.org.<br />
28 Wall, D. (2007), Cybercrime: The Transformation <strong>of</strong> <strong>Crime</strong> in the Information Age, Polity Press, UK; Fafinski,<br />
S and Minassian, N (2008), “UK Cybercrime Report”, GARLIK.<br />
29 A honeypot is a computer or a network <strong>of</strong> machines set up to look like a poorly protected system but which<br />
records every attempt to compromise it. Although they are useful to identify the way intruders operate, the<br />
activity recorded in honeypots <strong>of</strong>ten misrepresents the overall incidence <strong>of</strong> a certain type <strong>of</strong> attack since most<br />
sophisticated malware is designed to avoid repetitive exposure to honeypots.<br />
30 For instance, Symantec reported in 2008 a figure <strong>of</strong> £3.35 billion as the scale <strong>of</strong> credit card fraud by<br />
multiplying the average amount <strong>of</strong> fraud perpetrated on credit card fraud by the millions <strong>of</strong> credit card details<br />
Page 15