The internet has presented governments, businesses and families the world over with a major opportunity for global reach and instantaneous communication. According to the Australian Bureau of Statistics…
86% of households in Australia now have access to the internet.
We use it not only for social networking activities, but also for news-gathering, banking and shopping. The internet has become central to the way we live. But while it offers limitless convenience and accessibility, it also presents great opportunities for those who wish to engage in criminal behaviour.
The range of ‘cyber-enabled’ crimes is myriad—from white-collar crime, such as fraudulent financial transactions, identity theft, and the theft of electronic information for commercial gain, to drug-trafficking, aberrant voyeuristic activities, harassment, stalking or other threatening behaviours. And while these have always been classified as criminal activities, they’re now so much easier with a computer.
A cybercriminal can inflict massive commercial damage using the internet. In fact, it’s now easier and safer for a criminal to disrupt a business by destroying its database through malware, than by throwing a Molotov cocktail through its front window.
We refer to this as ‘cyber-dependent’ crime. It was acutely felt across the world in May 2015, when Cryptowall 3.0 ransomware began attacking businesses. Using an exploit kit capable of attacking software vulnerabilities, Cryptowall 3.0 searched for files on the victims’ computers, encrypted these documents, deleted the originals, then alerted the victims that they needed to pay thousands of dollars in ransom money in order to get their files back. It has been estimated that these attacks infected hundreds of thousands of computers across the world, and caused close to US$325 million in damages.
Another modern manifestation of cyber-dependent crime is the work of
THE ‘HACKTIVIST,’ SOMEONE WHO PROTESTS AGAINST AN ORGANISATION’S ACTIONS OR POLICIES.
Perhaps the most memorable is the 2010 Anonymous hacktivist attack on Mastercard, Visa and Paypal in retribution for their ceasing to transact donations to the WikiLeaks group. Anonymous distributed denial-of- service attacks which bombarded the trio’s websites with requests until they were unable to cope and collapsed. Damage from this cyber-crime was in the millions (for PayPal alone, damage was estimated at US$5.5 million).
Possibly the greatest concern to governments, however, is the ability of cybercriminals across the globe to use the internet for purposes of espionage and terrorism.
The borderless nature of the internet, and hence cybercrime, means that Australians can be targeted from anywhere in the world, making law enforcement not only challenging, but, in some instances, almost impossible. Indeed, according to the Australian Cyber Security Centre (ACSC), a government agency opened in 2014 to counter the threat of cybercrime, the number of cyber-attacks in this country continues to rise, the types are proliferating, and the level of sophistication grows.
And it’s all too easy; today criminals can commit cybercrime without the need for high-level technical skills. In fact, the internet can assist, with ‘do-it-yourself’ malware kits, for example, available in online forums.
Fraudulent scams, too, need not be sophisticated. They can be set up using a hacking tool (readily available online) and a little imagination. This is of no little consequence: in 2015 it was estimated that Australians lost $75,000 each day to romance scams (Australian Competition and Consumer Commission). Such scams see lonely hearts swept up in false relationships, with the unsuspecting victims sending money to support the ‘unfortunate’ situation of their fraudulent ‘partner’.
Businesses, too, are vulnerable, and there is concern that they may not even realise their vulnerability. Earlier in 2016, the latest PwC Global Economic Crime Survey was released. It revealed that over a quarter of respondents said that they had been affected by cybercrime. Ominously, a further 18% were not sure whether they had been affected by cybercrime or not.
SO, WHAT IS TO BE DONE?
Surveillance by government agencies can be an effective crime deterrent at some level. But, in the short term, criminal justice responses are usually a case of ‘too little, too late’—assuming that they can detect the behaviour at all. It is rarely the case that they can thwart it ahead of time.
No, the prophylactic key is quite simple: the education of those who are most vulnerable, and the deployment of crime prevention tools more generally. There has been some success with victims of fraud and deception, particularly those people who have sent money overseas in the expectation of winning a heart or claiming a prize (neither of which ever existed).
Consider, for example, Project Sunbird, a joint initiative of the Western Australian Police and the Western Australian Department of Commerce. Officers employed by the Project use financial intelligence to contact people who are sending money to five West African countries. In 2015, Project Sunbird boasted a 26% drop in romance and investment fraud in Western Australia. Indeed, upon receipt of a warning letter, 72% of people stopped sending money immediately. Another half stopped upon receipt of a second letter.
There has also been significant success with raising the awareness of Australian businesses to their vulnerability, and the installation of crime prevention mechanisms. According to the ACSC’s 2015 Cybersecurity Survey, only 3% of respondents reported not having an IT security area, up from 16% in 2013.
Pleasingly, 77% of respondents have cyber security incident response plans in place, and 37% regularly review it. 100% of respondents reported using anti-virus software, and all but one respondent reported using network-based firewalls.
On 1 March this year Industry Minister Christopher Pyne foreshadowed the establishment of a new $30 million Cyber Security Growth Centre, possibly in Adelaide or Melbourne. Its stated aim is to promote the commercialisation of cyber security services in concert with universities and the private sector. There has also been a commensurate amount of literature on the phenomenon that is readily available for policy-makers keen to find the appropriate computer-scientific and social solutions.
We can safely conclude that individuals, businesses and governments alike are finally taking cybercrime and cyber security seriously, and putting appropriate resources into education and other prevention measures.
The federal government has now released its Cyber Security Strategy, with a commitment of $230 million over four years to improve our knowledge of threats, to help companies to protect themselves, and to work with other nations to root out the cybercriminals from their safe havens. When this strategy is in place, we will be in a better position to gauge the preparedness of the nation generally to withstand cybercrime and to thwart the activities of the insidious masterminds of its various incarnations.