NESTA Crime Online - University of Brighton Repository

More documents

Recommendations

Info

Get Safe Online 15 estimates the number of victims from Internet-related fraud, and the extent of prevention and use of the Internet by businesses and the public. Data on reported victims on ID theft is provided by CIFAS, 16 the UK’s Fraud Prevention Service. CIFAS figures of reported cases on ID theft and impersonation are often cited in UK publications. Additionally, Experian, 17 a global information services company, collects data on the ID fraud victims seeking their services since 2003 and publishes annually a Victims of Fraud Dossier. The self-reporting British Crime Survey 18 and the Offending, Crime and Justice Survey, 19 cover fraud and technology offences and the Identity Fraud Steering Committee (IFSC) 20 was also set up by the UK Home Office in 2003 to identify and implement measures to counter identity fraud. Financial losses from cybercriminal activities are reported by APACS (Association for Payment Clearing Services), the UK payments industry association. 21 APACS is the industry voice on a wide range of topics and the UK industry representative in Europe. Among other functions, APACS forecasts payment trends, conducts market research, carries out lobbying activities and collates industry statistics. APACS data on the financial costs of credit card, cheque and online banking fraud are widely cited and generally considered as an official reference that currently bears the standard. However, during our interviews, several concerns were raised that the Association may be underestimating cybercrime. 22 The IFSC has regularly estimated the cost of identity 15 Get Safe Online is a campaign to raise awareness on Internet security for UK individuals and businesses. It a joint initiative between HM Government, the Serious Organised Crime Agency (SOCA), HSBC, Microsoft, Cable & Wireless, PayPal and Symantec, that started in 2004. See http://www.getsafeonline.org. 16 See www.cifas.org.uk/. CIFAS has 270 members spread across many sectors that share information about identified frauds. 17 See www.experian.com. 18 See www.homeoffice.gov.uk/rds/bcs1.html. 19 See www.homeoffice.gov.uk/rds/offending_survey.html. 20 See www.identity-theft.org.uk/. 21 See www.apacs.org.uk/. APACS has 31 members, principally global and high street banks, building societies and credit card issuers. 22 APACS amalgamates the figures received from its 31 members and no figures for individual banks are published. Some interviewees raised the possibility that these figures may be underestimations as it is Page 14
fraud. Their methodology is still being developed, but differs from that adopted by the UK Cabinet Office. 23 Information on data losses and security breaches is generally reported in the news and IT security online journals, although some organisations are also dedicated to the collection of this type of data. For instance, the DataLoss database 24 documents reported data loss incidents worldwide. In the UK, the Department for Business, Enterprise & Regulatory Reform (BERR, now the Department for Business, Innovation and Skills) 25 also conducts a regular survey of Information Security Breaches. Other independent initiatives offer regular updates, trends and general information on specific types of cybercrime techniques, such as: the Anti-Phishing Working Group, 26 focused on activities that direct people to fraudulent websites through phishing, pharming and e-mail spoofing; or the Spamhaus Group, 27 which tracks and publishes information about Internet spammers as well as about spam gangs and services. Despite the abundance of cybercrime-related figures, the lack of consensus on measures and methodologies remains a matter for public and professional concern. 28 Different organisations have their own means for collecting data. Sometimes these come directly from reports and complaints made by individuals and firms. In other cases, global and national figures are statistically suspect extrapolations from observations extracted from honeypots, 29 or relatively small populations. 30 It is important to recognise these perceived to be in the banking industry’s interest to deflate cybercrime fraud figures so as to allay customer fears. 23 See www.identity-theft.org.uk/cms/assets/Cost_of_Identity_Fraud_to_the_UK_Economy_2006-07.pdf. 24 See http://datalossdb.org/. 25 See www.berr.gov.uk/. 26 See www.antiphishing.org. 27 See www.spamhaus.org. 28 Wall, D. (2007), Cybercrime: The Transformation of Crime in the Information Age, Polity Press, UK; Fafinski, S and Minassian, N (2008), “UK Cybercrime Report”, GARLIK. 29 A honeypot is a computer or a network of machines set up to look like a poorly protected system but which records every attempt to compromise it. Although they are useful to identify the way intruders operate, the activity recorded in honeypots often misrepresents the overall incidence of a certain type of attack since most sophisticated malware is designed to avoid repetitive exposure to honeypots. 30 For instance, Symantec reported in 2008 a figure of £3.35 billion as the scale of credit card fraud by multiplying the average amount of fraud perpetrated on credit card fraud by the millions of credit card details Page 15
Page 1 and 2: Research report: July 2009 Crime on
Page 3 and 4: ‘official’ statistics exist yet
Page 5 and 6: Dynamic Capabilities The second com
Page 7 and 8: economics (finance, micro-, macro-)
Page 9 and 10: 2.3 Cybercrime business models 73 2
Page 11 and 12: we focus on financial cybercrime. O
Page 13: measure all other statistical outpu
Page 17 and 18: opportunity for online theft of cre
Page 19 and 20: However, the recent increase in fra
Page 21 and 22: penalties for those who make fraudu
Page 23 and 24: Source: Elaborated from CIFAS onlin
Page 25 and 26: The rise of online and telephone ba
Page 27 and 28: ecruitment marketplace for cybercri
Page 29 and 30: Figure 6: Origin and destination of
Page 31 and 32: corporate blackmail, spam attacks a
Page 33 and 34: Nigerian criminal gangs in North Am
Page 35 and 36: the fastest growing segments. Howev
Page 37 and 38: 2 Digital ecosystem Innovation stud
Page 39 and 40: A digital business ecosystem is one
Page 41 and 42: actors, which are increasingly dist
Page 43 and 44: Figure 8: The cybercrime value chai
Page 45 and 46: tool is used by security and networ
Page 47 and 48: writers do not necessarily know how
Page 49 and 50: conceal this. Third, the device con
Page 51 and 52: Fraud on fraudster The most recent
Page 53 and 54: and facilitated by an explosion in
Page 55 and 56: The Storm botnet case study: the su
Page 57 and 58: accelerating on a monthly basis. Wi
Page 59 and 60: improvement and the introduction of
Page 61 and 62: that employees are more concerned a
Page 63 and 64: origin or signature or a presence o
Page 65 and 66:
few simple words and a web link, wh
Page 67 and 68:
web 2.0 sites (such as, social netw
Page 69 and 70:
Source: John Leyden, “Trojan traw
Page 71 and 72:
Cybercriminals find e-gold a conven
Page 73 and 74:
ecosystem at various levels, creati
Page 75 and 76:
expertise they need to perpetrate o
Page 77 and 78:
are often offered for bulk purchase
Page 79 and 80:
Crimeware-as-a-Service (CaaS): Para
Page 81 and 82:
no dominant force. Unlike tradition
Page 83 and 84:
is taken, priority is understandabl
Page 85 and 86:
particularly good one, since consta
Page 87 and 88:
outreach needs to be evaluated to e
Page 89 and 90:
some of these firms may have adopte
Page 91 and 92:
esilience must now surely be of con
Page 93 and 94:
7) Click fraud: also called pay-per
Page 95 and 96:
20) Pharming: is a scamming practic
Page 97:
Acknowledgements Numerous people as
show all

NESTA Crime Online - University of Brighton Repository

Create successful ePaper yourself

Delete template?

Save as template?