NESTA Crime Online - University of Brighton Repository

More documents

Recommendations

Info

Internationally, a recent report from the Anti-Phishing Working Group indicates that the amount of password-stealing crimeware multiplied almost fourfold from 2007 to 2008 – from 2,660 in June 2007 to 9,529 in June 2008. 74 The financial sector is the most targeted by phishing attacks, followed by auctions and payment services sites. However, the Anti-Phishing Working Group also reported a fast growth of targeted attacks directed to social networking sites such as MySpace and Facebook in addition to tax agencies. Figure 5: Password stealing malicious websites 2007/2008 Source: Anti-Phishing Working Group (2008) The possibilities offered by social networking websites are increasingly a source of major concern. Facebook and MySpace have become phenomenally popular worldwide 75 making them attractive places for cybercriminals because: (1) they allow the spread of malware, spam and scams on a massive scale, (2) they are gradually becoming a 74 Anti-Phishing Working Group (2008): “APWG Phishing Activity Trends Report”, Q2 2008. 75 Facebook was identified in 2008 as the largest social network in UK with 45 per cent market share, followed by Bebo and MySpace, while MySpace remained ahead in the USA with 72 per cent market share. Cahill, J, (2008). New Release, Experian.com. See http://press.experian.com/documents/showdoc.cfm. Page 26
ecruitment marketplace for cybercriminals and (3) they contain vast amounts of personal information that can be used for identity theft. 76 MySpace or Cybercrookspace? Cybercrooks are increasingly using MySpace and Facebook to recruit people, network, spread malware, and steal personal information. Cybercriminals are exploiting the popularity of social networking sites to steal identities or craft more personalised fraud attempts. Facebook, which has exploded in popularity in the UK in recent months, allows people to post detailed, personal information about themselves from their date of birth to the schools they attended – precisely the information that banks ask for as security questions. Someone’s mother’s maiden name, or place of birth, is now so easily available to become almost redundant. Tim Pie, at HSBC, said: “There will come a time when that sort of identification will become a thing of the past.” In August 2008 Kaspersky Lab discovered two worms that had been specifically designed to target MySpace and Facebook. Also, a federal judge has ordered a Canadian man to pay Facebook $873 million for blasting members of the social networking site with spam. Sources: Dan Kaplan, (2008), articles in http://www.scmagazineus.com/.; Harry Wallop, Consumer Affairs Correspondent (4 th July 2007), Fears over Facebook identity fraud, The Telegraph. 76 Facebook adopted open innovation in 2007 by releasing Facebook Platform for application developers. Since then, thousands of third-party applications on Facebook have become available, which allows the developers to access information from those Facebook users that install these applications. Tightening security to protect the privacy and personal information from Facebook users would contradict the principles of open innovation, based on sharing information. Page 27
Page 1 and 2: Research report: July 2009 Crime on
Page 3 and 4: ‘official’ statistics exist yet
Page 5 and 6: Dynamic Capabilities The second com
Page 7 and 8: economics (finance, micro-, macro-)
Page 9 and 10: 2.3 Cybercrime business models 73 2
Page 11 and 12: we focus on financial cybercrime. O
Page 13 and 14: measure all other statistical outpu
Page 15 and 16: fraud. Their methodology is still b
Page 17 and 18: opportunity for online theft of cre
Page 19 and 20: However, the recent increase in fra
Page 21 and 22: penalties for those who make fraudu
Page 23 and 24: Source: Elaborated from CIFAS onlin
Page 25: The rise of online and telephone ba
Page 29 and 30: Figure 6: Origin and destination of
Page 31 and 32: corporate blackmail, spam attacks a
Page 33 and 34: Nigerian criminal gangs in North Am
Page 35 and 36: the fastest growing segments. Howev
Page 37 and 38: 2 Digital ecosystem Innovation stud
Page 39 and 40: A digital business ecosystem is one
Page 41 and 42: actors, which are increasingly dist
Page 43 and 44: Figure 8: The cybercrime value chai
Page 45 and 46: tool is used by security and networ
Page 47 and 48: writers do not necessarily know how
Page 49 and 50: conceal this. Third, the device con
Page 51 and 52: Fraud on fraudster The most recent
Page 53 and 54: and facilitated by an explosion in
Page 55 and 56: The Storm botnet case study: the su
Page 57 and 58: accelerating on a monthly basis. Wi
Page 59 and 60: improvement and the introduction of
Page 61 and 62: that employees are more concerned a
Page 63 and 64: origin or signature or a presence o
Page 65 and 66: few simple words and a web link, wh
Page 67 and 68: web 2.0 sites (such as, social netw
Page 69 and 70: Source: John Leyden, “Trojan traw
Page 71 and 72: Cybercriminals find e-gold a conven
Page 73 and 74: ecosystem at various levels, creati
Page 75 and 76: expertise they need to perpetrate o
Page 77 and 78:
are often offered for bulk purchase
Page 79 and 80:
Crimeware-as-a-Service (CaaS): Para
Page 81 and 82:
no dominant force. Unlike tradition
Page 83 and 84:
is taken, priority is understandabl
Page 85 and 86:
particularly good one, since consta
Page 87 and 88:
outreach needs to be evaluated to e
Page 89 and 90:
some of these firms may have adopte
Page 91 and 92:
esilience must now surely be of con
Page 93 and 94:
7) Click fraud: also called pay-per
Page 95 and 96:
20) Pharming: is a scamming practic
Page 97:
Acknowledgements Numerous people as
show all

NESTA Crime Online - University of Brighton Repository

Create successful ePaper yourself

Delete template?

Save as template?