NESTA Crime Online - University of Brighton Repository

More documents

Recommendations

Info

hours of an official vulnerability disclosure. The survey also revealed that in the first half of 2008 attacks targeting flaws in browser plug-ins are increasing markedly. 191 Also in the first half of 2008, around 78 per cent of web browser exploits targeted browser plug- in bugs. 192 Web browser plug-ins are additional pieces of software that add extra capabilities to a web browser, such as the ability to view movies and videos, and other types of web content. Cybercriminals use peer-to-peer (P2P) tools for identity theft. 193 Using P2P tools to share music, software and other digital content is similar to leaving the front door of a house wide open for a burglar to saunter in. A woman’s credit card details were found in disparate places such as Troy, Michigan, Tobago and Slovenia because her shared music folder was making her entire “My Documents” folder available to P2P audience for 24 hours a day. 194 Another key way cybercriminals effectively solicit data illegally is through spamming. The skills deployed vary in their sophistication. An example of a low skill used in spamming involves sending bulk unsolicited e-mails requesting personal details. One example is the notorious ‘Nigerian Letter’ scam (also called the ‘419 fraud’). 195 This involves e-mails from Nigeria in which the target is enticed to advance sums of money in the hope of realising a significantly larger gain, particularly through high returns from the unsuspecting victim’s ‘investment’. The skills for spamming, however, are becoming more sophisticated. Spammers are going back to basics. 196 Nine out of ten spam messages now contain little more than a 191 John Leyden, (2008), “Cybercrooks get faster, further, nastier,” The Register, 29 th July. 192 A plug-in consists of a piece of software that interacts with a web application to provide a very specific function "on demand." Applications support plug-ins for many reasons, for instance, to enable other developers to create new applications. 193 A peer-to-peer (P2P) computer network uses diverse connectivity between participants in a network. Such networks are useful for sharing content files containing audio, video, data or anything in digital format.. 194 Chris Preimerberger, (2006), “Cyber-criminals use P2P tools for Identity Theft, Security analyst Warns.” www.eweek.com/c/a/Security/Cybercriminals-Use-P2P-Tools-for-Identity-Theft-Security-Analyst-Warns/, accessed 18 th August 2008. 195 This is also referred to as the “Advance Fee Fraud”, named “419 Fraud” after the relevant section of the Nigerian Criminal Code. 196 John Leyden, (2008), “Cybercrooks get faster, further, nastier,” The Register, 29 th July. See also Guillaume Page 64
few simple words and a web link, which when clicked, downloads malicious code to steal data, according to a survey of major computer company’s security division. “Spamvertised sites” also are found in many spam e-mails which contain links to a website or websites, which offer products, ranging from adult entertainment to financial services to health products. The survey also claims that Russia continues to be the biggest single originator of spam (the starting point of 11 per cent of the world’s junk). Turkey is second (8 per cent) and the U.S. (7.1 per cent) third. 197 Slammed for spamming Facebook, the popular online social networking site, has won an $873 million judgment against a Canadian man, Guerbuez, who bombarded the popular site with sexually explicit spam messages. He fooled its users into providing him with their user names and passwords by using fake websites. After Guerbuez gained access to users’ personal profiles, and used computer programs to send out more than four million messages promoting a variety of products, including marijuana and adult toys during March and April 2008. The size of the judgment illustrates how seriously authorities regard spamming. Source: Michael Liedtke, (2008), “Facebook wins $873M judgment against sex, drugs spammer,” Silicon.com. 24 th November. Spammers are also recycling old techniques, such as voice phishing (or vishing). A convincing e-mail is sent to an unsuspecting victim, with all links leading to corresponding, legitimate target pages. But there is a bogus telephone number for recipients to call to reactivate their account, which had been supposedly placed on hold. When recipients call the number they are asked for their bankcard number and PIN, which opens their bank accounts to the fraudsters. 198 Lovet, 2006). Dirty Money on the Wires: The Business Models of Cyber Criminals. Virus Bulletin Conference, October 11-13, Montreal. 197 Survey conducted by IBM’s X-Force security division, referred to in John Leyden, (2008), “Cybercrooks get faster, further, nastier,” The Register, 29 th July. 198 Trend Micro (2008), “Cyber criminals reinvent methods for malicious attacks. Page 65
Page 1 and 2:
Research report: July 2009 Crime on
Page 3 and 4:
‘official’ statistics exist yet
Page 5 and 6:
Dynamic Capabilities The second com
Page 7 and 8:
economics (finance, micro-, macro-)
Page 9 and 10:
2.3 Cybercrime business models 73 2
Page 11 and 12:
we focus on financial cybercrime. O
Page 13 and 14: measure all other statistical outpu
Page 15 and 16: fraud. Their methodology is still b
Page 17 and 18: opportunity for online theft of cre
Page 19 and 20: However, the recent increase in fra
Page 21 and 22: penalties for those who make fraudu
Page 23 and 24: Source: Elaborated from CIFAS onlin
Page 25 and 26: The rise of online and telephone ba
Page 27 and 28: ecruitment marketplace for cybercri
Page 29 and 30: Figure 6: Origin and destination of
Page 31 and 32: corporate blackmail, spam attacks a
Page 33 and 34: Nigerian criminal gangs in North Am
Page 35 and 36: the fastest growing segments. Howev
Page 37 and 38: 2 Digital ecosystem Innovation stud
Page 39 and 40: A digital business ecosystem is one
Page 41 and 42: actors, which are increasingly dist
Page 43 and 44: Figure 8: The cybercrime value chai
Page 45 and 46: tool is used by security and networ
Page 47 and 48: writers do not necessarily know how
Page 49 and 50: conceal this. Third, the device con
Page 51 and 52: Fraud on fraudster The most recent
Page 53 and 54: and facilitated by an explosion in
Page 55 and 56: The Storm botnet case study: the su
Page 57 and 58: accelerating on a monthly basis. Wi
Page 59 and 60: improvement and the introduction of
Page 61 and 62: that employees are more concerned a
Page 63: origin or signature or a presence o
Page 67 and 68: web 2.0 sites (such as, social netw
Page 69 and 70: Source: John Leyden, “Trojan traw
Page 71 and 72: Cybercriminals find e-gold a conven
Page 73 and 74: ecosystem at various levels, creati
Page 75 and 76: expertise they need to perpetrate o
Page 77 and 78: are often offered for bulk purchase
Page 79 and 80: Crimeware-as-a-Service (CaaS): Para
Page 81 and 82: no dominant force. Unlike tradition
Page 83 and 84: is taken, priority is understandabl
Page 85 and 86: particularly good one, since consta
Page 87 and 88: outreach needs to be evaluated to e
Page 89 and 90: some of these firms may have adopte
Page 91 and 92: esilience must now surely be of con
Page 93 and 94: 7) Click fraud: also called pay-per
Page 95 and 96: 20) Pharming: is a scamming practic
Page 97: Acknowledgements Numerous people as
show all

NESTA Crime Online - University of Brighton Repository

Create successful ePaper yourself

Delete template?

Save as template?