NESTA Crime Online - University of Brighton Repository

More documents

Recommendations

Info

anking fraud. Malware creators are rapidly developing and adapting malware to avoid the security prevention techniques from banks. Operation Pegasus, launched by Brazilian authorities, arrested 85 people in 2005 as part of a ring planting keyloggers (software that logs people’s keyboard activity) that helped the alleged criminals steal approximately US$33 million from bank accounts. 102 However by the end of 2005, Brazil still reportedly had the highest concentration of phishing-based keyloggers that target Brazilian financial institutions, using deception techniques written in Portuguese. Since then, the number of cyber attacks has continued to escalate in Brazil, according to the country's Computer Emergency Response Team (CERT), from 68,000 in 2005 to 222,528 in 2008. Moreover, from January to March 2009 the attacks have already reached 220,000 almost the total accumulated figure for 2008. The majority of the cyber attacks are fraud-related (80 per cent of the attacks), and are mostly originated locally (93 per cent originated in Brazil). 103 (E) Although cybercriminal activity remained low in India compared with other emerging economies, there has been a leap in cybercrime in recent years – reported cases of cases of spam, hacking and fraud have multiplied 50-fold from 2004 to 2007. 104 One recent report ranked India in 2008 as the fourteenth country in the world hosting phishing websites. 105 Additionally, the booming of call centres in India has generated a niche for cybercriminal activity in harvesting data (methods further explained in section 2.2.1 below). Cybercrime in India: harvesting data in call centres India is the world leader in business process outsourcing (BPO). The country’s top ten BPO firms hire up to 25,000 new employees per year, and financial services are one of chatrooms. Smith, T., (27 th October 2003), Brazil Becomes a Cybercrime Lab, New York Times, http://query.nytimes.com/gst/fullpage.html?res=9F02E3DA1131F934A15753C1A9659C8B63&sec=&spon=&pa gewanted=2, accessed 4 th December 2008. 102 Haines, L (2005) “Brazil cuffs 85 in online bank hack dragnet: Operation Pegasus”, The Register. 103 See www.cert.br/stats. 104 Indian Computer Emergency Response Team (CERT-In): Annual Report, 2007. 105 Symantec (2008): Report on India cybercrime. Page 34
the fastest growing segments. However, low salaries and fast turnover in the industry might provide an incentive to make extra money through cybercrime. Call centre cybercrime is becoming popular. A recent article in India Daily stated that for locals in Pune and Bangalore in India, the biggest incentive to work in a call centre is to be able to hack the bank accounts and illegally withdraw millions from bank customers. During the last five years, the number of reported cases has multiplied and undercover investigations have revealed the large flow of stolen personal data that is moved through call centres in financial services. Amid fears of losing international customers, local companies have tightened security measures. Although these cases have been labelled as isolated cases of fraud, certain investigations have suggested that there is evidence of some operations being carefully designed and very organised. Sources: Ahmed, Z. (2005) ‘Outsourcing exposes firms to fraud’, BBC News Online, 16 June; Gombar, V. (2006)’Indian call centres under threat’, Rediff India Abroad, 22 July; Patel, H. (2007) ‘Call center cyber crime increasing – many trying to hack into bank websites and illegally withdraw millions – one gets into police net’, India Daily, 17 November. Russia, China and Brazil are world leaders in cybercrime, with groups and individuals in India powering up to compete. Yet companies in Europe and the US are increasingly moving IT functions and software development tasks to India, Brazil, Russia and Eastern Europe in a bid to draw on their good IT skills and lower wages. This phenomena (offshore outsourcing), has raised new concerns about the security risks involved, where access to valuable financial information can provide an opportunity for different actors to enter the cybercrime business. It is no coincidence that these are also the BRIC 106 nations that are seen as the economic powerhouses of the future. 107 India, Russia and Brazil share a light regulatory 106 BRIC is the abbreviation used to describe the newly industrialised countries of Brazil, Russia, India and China. 107 National Intelligence Council, (November 2008), Global Trends 2025: A Transformed World, (Washington, DC), highlights the importance of the BRICs. Page 35
Page 1 and 2: Research report: July 2009 Crime on
Page 3 and 4: ‘official’ statistics exist yet
Page 5 and 6: Dynamic Capabilities The second com
Page 7 and 8: economics (finance, micro-, macro-)
Page 9 and 10: 2.3 Cybercrime business models 73 2
Page 11 and 12: we focus on financial cybercrime. O
Page 13 and 14: measure all other statistical outpu
Page 15 and 16: fraud. Their methodology is still b
Page 17 and 18: opportunity for online theft of cre
Page 19 and 20: However, the recent increase in fra
Page 21 and 22: penalties for those who make fraudu
Page 23 and 24: Source: Elaborated from CIFAS onlin
Page 25 and 26: The rise of online and telephone ba
Page 27 and 28: ecruitment marketplace for cybercri
Page 29 and 30: Figure 6: Origin and destination of
Page 31 and 32: corporate blackmail, spam attacks a
Page 33: Nigerian criminal gangs in North Am
Page 37 and 38: 2 Digital ecosystem Innovation stud
Page 39 and 40: A digital business ecosystem is one
Page 41 and 42: actors, which are increasingly dist
Page 43 and 44: Figure 8: The cybercrime value chai
Page 45 and 46: tool is used by security and networ
Page 47 and 48: writers do not necessarily know how
Page 49 and 50: conceal this. Third, the device con
Page 51 and 52: Fraud on fraudster The most recent
Page 53 and 54: and facilitated by an explosion in
Page 55 and 56: The Storm botnet case study: the su
Page 57 and 58: accelerating on a monthly basis. Wi
Page 59 and 60: improvement and the introduction of
Page 61 and 62: that employees are more concerned a
Page 63 and 64: origin or signature or a presence o
Page 65 and 66: few simple words and a web link, wh
Page 67 and 68: web 2.0 sites (such as, social netw
Page 69 and 70: Source: John Leyden, “Trojan traw
Page 71 and 72: Cybercriminals find e-gold a conven
Page 73 and 74: ecosystem at various levels, creati
Page 75 and 76: expertise they need to perpetrate o
Page 77 and 78: are often offered for bulk purchase
Page 79 and 80: Crimeware-as-a-Service (CaaS): Para
Page 81 and 82: no dominant force. Unlike tradition
Page 83 and 84: is taken, priority is understandabl
Page 85 and 86:
particularly good one, since consta
Page 87 and 88:
outreach needs to be evaluated to e
Page 89 and 90:
some of these firms may have adopte
Page 91 and 92:
esilience must now surely be of con
Page 93 and 94:
7) Click fraud: also called pay-per
Page 95 and 96:
20) Pharming: is a scamming practic
Page 97:
Acknowledgements Numerous people as
show all

NESTA Crime Online - University of Brighton Repository

Create successful ePaper yourself

Delete template?

Save as template?