2008-11-01
Abstract
'An essential force in the fight against online crime is that of law enforcement.' Martijn Grooten, Virus Bulletin.
Copyright © 2008 Virus Bulletin
The ‘Security in banking’ discussion forum held at the close of VB2008 last month had been planned for many months – the original idea taking shape at a time when banks seemed healthy businesses, taking care to look after their customers’ money. But come the first days of October many leading banks saw their stock prices plummet; some even faced bankruptcy.
To an outsider, the topic of online banking crime might have seemed trivial when compared to the billions the banks were losing every day. Of course, it isn’t. As many experts have pointed out, losses and gains on the stock markets have a lot to do with trust: do traders trust a bank to do well in the near future? A bank whose accounts are compromised by crooks in a faraway country may not seem very trustworthy. Moreover, the banking crisis has led to an increase in the number of online scams targeting banks. A report by MessageLabs shows that the number of phishing scams has more than doubled in the past month, and the FTC has seen fit to issue a warning to consumers (http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt089.shtm).
This doesn’t mean that banks haven’t been working hard to secure their systems, or that security vendors haven’t put in the effort to protect their customers. It doesn’t even mean that most users are still unaware of the dangers of online fraud: many phishing scams these days even contain warnings about the dangers of phishing in order to make them look more legitimate.
But the fight against online crime won’t be won solely by security products and user education; an essential third force in the fight against online crime is that of law enforcement. Unfortunately, prosecutions of cybercriminals are relatively rare and usually involve kids who broke into their school’s computers.
It came as a welcome change, therefore, to hear of the recent arrests, thanks to cross-border co-operation between police forces, of three individuals involved in phishing scams in Russia and Ukraine.
The investigation began in the Netherlands in March 2007, when online banking customers of ABN AMRO were targeted in a phishing scam. After complaints from many customers the bank called in the Dutch police, whose Team High Tech Crime (THTC) took on the investigation, leading to the arrest of 14 money mules late in 2007. Further probing led investigators to believe that the ringleaders of the scam were based in Russia and Ukraine, and the case files were translated and handed over to local police – the eventual outcome of which was the arrest of the three suspects last month.
Not only should the efforts of the various law enforcement agencies be applauded – the crossing of borders is notoriously tricky where law enforcement is concerned – but ABN AMRO should be commended for its openness; many banks choose to remain silent about such attacks, for fear of damage to their reputations.
ABN AMRO was just one of many Western European banks suspected to have been targeted by the same phishing gang, all of which will benefit from the arrests. This clearly shows the importance of co-operation in the fight against online fraud – as was also demonstrated recently by researchers at the University of Cambridge who estimated that the lack of data-sharing between ‘take-down companies’ – the companies hired by banks to take down phishing sites – costs the banking industry at least $350 million a year (see http://www.lightbluetouchpaper.org/2008/10/16/non-cooperation-in-the-fight-against-phishing/).
Co-operation does not end here though: end-users can contribute to the fight against cybercrime by reporting any online crime they have spotted. To help both home and business users in reporting cybercrime, VB has put together a collection of relevant links and resources and made them available at http://www.virusbtn.com/resources/cybercrime/index.
It is unlikely that online crime will ever disappear; indeed, in the foreseeable future it is likely to increase. At the same time, online banking is a convenient and generally secure way of managing bank accounts. But to prevent the large amounts of taxpayers’ money that have been pumped into banks recently from ending up in the hands of criminals, co-operation is the only way.
