| According to the Internet Crime Complaint Center (IC3), | | | | emerging technologies that are driving the information |
| cyber crime was up in 2008, and if the first few | | | | security industry to evolve and adapt-and how these |
| months of 2009 is anything to go by, this trend is not | | | | forces provide an opportunity for "inventive |
| only continuing, it is accelerating. | | | | collaboration" to effectively restructure the information |
| As the country slides into recession, early indicators for | | | | infrastructure. |
| 2009-February to March 2009-shows an additional | | | | "To combat the cybercriminals requires far more |
| 50% increase in reported Internet fraud complaints. | | | | purposeful collaboration on the part of the industry and |
| "These numbers are shocking, but given that the vast | | | | a strong security ecosystem built around a common |
| majority of incidents go unreported, the threat of | | | | development process focused on risk," said Coviello. |
| identification theft is actually much more serious than | | | | "Today's security technologies are applied as |
| even these figures would lead us to believe," says | | | | independent applications cluttering the information |
| Justin Yurek, President of ID Watchdog, Inc. Common | | | | landscape and leaving perilous gaps of risk." |
| wisdom says that only one cyber crime in seven-or | | | | Coviello cited three major forces driving the information |
| about fifteen percent-is actually reported. | | | | security industry to evolve and adapt, including:o the |
| Internet fraud includes everything from bogus sales on | | | | challenge posed by the criminal threat;o the demand |
| auction sites such as eBay and classified sites like | | | | upon enterprises and governments to achieve |
| craigslist.com, to smaller scale version of the Ponzi | | | | unprecedented levels of productivity to restore value |
| scheme perpetrated by disgraced New York financier | | | | to the faltering economy; ando the opportunity to |
| Bernard Madoff. | | | | rethink the approach to security based upon emerging |
| As an example, a scam recently surfaced via e-mails | | | | technologies and trends such as virtualization, cloud |
| that masquerade as originating from the FBI and other | | | | computing and social networking. |
| federal agencies seeking the recipient's bank account | | | | According to Coviello, "We must embrace a common |
| information in order to "help with illegal wire transfer | | | | development process that allows us to create a more |
| investigations." Sweet. | | | | secure infrastructure today. Then with an eye on the |
| The Recession Impact | | | | future we can ensure that the new technical |
| Many observers put the continued surge in cyber | | | | infrastructure is designed around that process, rather |
| crime down to the recession, and for several reasons. | | | | than forcing a process around a collection of |
| As reported by the TechArena Forum , McAfee for | | | | technologies. |
| one, in their annual McAfee Virtual Criminology | | | | "We must develop a stronger and healthier |
| Report-which examines emerging global cyber security | | | | ecosystem than the fraudsters and ensure the fluid |
| trends, with input from leading academics, criminal | | | | and frictionless exchange of information on which our |
| lawyers, law enforcement authorities and security | | | | global economy depends. It's not about changing the |
| experts across the world-identified the following | | | | game; it's about winning the game," said Coviello. |
| challenges: | | | | Educating the Individual |
| The Cyber Credit Crunch - The cyber criminal is now | | | | However, it does not matter of safe our hardware |
| trying to cash in on consumer anxiety to profit from | | | | and software becomes, if the individual citizen, |
| old-fashioned "get rich quick" scams. | | | | desperate for money-and reaching for digital straws, |
| Meaning, that there are now people who voluntarily | | | | as it were-believes that perhaps this Nigerian Prince |
| sign up to add malicious code to their websites, lured | | | | really does exist and really does want to spit his $2 |
| by the promise of easy money. At the same time, | | | | Million 50/50 if only he were to help him. |
| desperate job seekers are being recruited as "money | | | | And by the same token, scouring the Internet for the |
| mules" to launder cybercriminal gains under the guise | | | | best deal, and finding some that are (in fact) too good |
| of "international sales representatives" or "shipping | | | | to be true, he may pounce on them, not only losing his |
| managers." | | | | money in the process, but also his credit card number |
| In addition, with the economic downturn driving more | | | | and other private information. |
| people to the web to seek the best deals, | | | | The same holds true for many "work-at-home" |
| opportunities for cybercriminals to attack are on the | | | | opportunities that only require a small $300 payment |
| rise as people are more easily drawn in. | | | | for the material you will need to make "thousands a |
| Governments are distracted - As governments grow | | | | week from your kitchen." You've seen them. Well, as |
| more and more preoccupied with the economic | | | | often as not, you will not even receive the material, |
| downturn, their fight against cyber crime slides down | | | | and by the time you've wised up, your card has been |
| their agenda, inviting more and more audacious | | | | charged, your money gone. |
| individuals onto the cyber crime field. | | | | The time to wise up is now. |
| The Cybercop Shortage - It is a known fact that police | | | | Internet Commerce Made Safe |
| forces on the cyber crime front line often lack the | | | | As we all know, at least during some of our more |
| specialist skills required to effectively fight these | | | | rational moments-the "too good to be true" deal is |
| criminals. | | | | often precisely that. But that is not to say that there |
| Furthermore, the lack of dedicated and ongoing training, | | | | are no good deals out there. In fact, the Internet is |
| sufficient remuneration, or even a clear career path, is | | | | probably the marketplace that to a large extent will pull |
| causing cyber crime specialists to be lured into the | | | | the economy out of its slump, precisely because it is |
| more lucrative private sector or even into underground | | | | replete with good deals and true opportunities. |
| economies. | | | | But how to tell the good from the bad? |
| Criminality Concealed - Eastern Europe, Russia and | | | | According to the IC3, the best way to guard against |
| China have become key safe havens for | | | | Internet facilitated scams is to stay informed. Keeping |
| cybercriminals while Brazil has become one of the | | | | informed of the latest scams on the Internet may |
| fastest growing scapegoat countries for cybercrime. | | | | enable Internet users to recognize and report these |
| Traffic is often re-routed (and often via Brazil) as a | | | | scams instead of losing money or their identity |
| decoy causing considerable misdirection in the origin of | | | | information in one of them. To learn about the latest |
| attacks. | | | | scams, they recommend periodically checking the IC3, |
| Information Silo - While law enforcement is bound to | | | | FBI, and the FTC websites for the latest updates. |
| physical national boundaries, cybercriminals are free to | | | | Additionally, the IC3 and its partners have launched a |
| cooperate across borders. | | | | public website, " which briefs the consumer about |
| Law enforcement communication between countries | | | | various consumer alerts, tips, and fraud trends. Pay it a |
| remains inconsistent and limited. Local issues and | | | | visit. Make it a habit. |
| priorities take precedence over global efforts and | | | | Also, when it comes to online auctions, and the |
| international laws are being implemented with regional | | | | potential of non-delivery of goods that you've paid for, |
| variations that impede the ability to negotiate jurisdiction | | | | the IC3 makes these specific recommendations:o |
| and extradition between countries. | | | | Make sure you are purchasing merchandise from a |
| This is an environment that plays right into the hands of | | | | reputable source. As with auction fraud, check the |
| the cyber criminal, much to the frustration of cyber | | | | reputation of the seller whenever possible, including the |
| police. | | | | Better Business Bureau.o Try to obtain a physical |
| Microsoft's Take | | | | address rather than merely a post office box and a |
| As reported by RedOrbit Microsoft shares McAfee's | | | | phone number. Also, call the seller to see if the number |
| view that the global recession could prove to be a | | | | is correct and working.o Send them an e-mail to see if |
| starting point for an influx of more cyber criminals | | | | they have an active e-mail address. Be cautious of |
| seeking to use their computer skills to earn extra | | | | sellers who use free e-mail services where a credit |
| money. | | | | card was not required to open the account.o |
| "Today these (cyber) attacks are no longer about | | | | Investigate other websites regarding this person |
| vandalism, they are about cash," says Roger Halbheer, | | | | company. Do not judge a person/company by their |
| Microsoft's chief security advisor for Europe, the | | | | fancy website; thoroughly check the person/company |
| Middle East and Africa. | | | | out.o Be cautious when responding to special offers |
| "Cyber crime has gone from cool to cash. And this will | | | | (especially through unsolicited e-mail).o Be cautious |
| definitely grow in the future," he told AFP (Agence | | | | when dealing with individuals/companies from outside |
| France-Presse) during a recent international | | | | your own country. Remember the laws of different |
| conference on terrorism and cyber security in Spain. | | | | countries might pose issues if a problem arises with |
| "At the moment we are still at the cool side. But I'm | | | | your transaction.o Inquire about returns and warranties |
| expecting it to move to the cash side." | | | | on all items.o The safest way to purchase items via |
| He then went on to add that it is, "one of the things | | | | the Internet is by credit card because you can often |
| that scare me about the economic downturn because | | | | dispute the charges if something is wrong. Also, |
| I expect cyber crime to grow." | | | | consider utilizing an escrow or alternate payment |
| Also, the current economic crisis is causing a large | | | | service after conducting thorough research on the |
| number of layoffs, many of them from tech firms, | | | | escrow service.o Make sure the website is secure |
| meaning that more and more computer experts will | | | | when you electronically send your credit card numbers. |
| have a lot of time on their hands, but no money. | | | | Bona Fide vs. Fraudulent Online Escrow Companies |
| Tempting. | | | | If you have found a good online deal and are now |
| Fixing any and all security issues in software, does not | | | | ready to purchase, it would serve you very well to |
| solve the problem for, "Unfortunately the bad guys | | | | take IC3's recommendation and engage an online |
| don't give up and go away. Instead they increasingly | | | | escrow service. |
| focus on crimes of deception that prey on human | | | | The problem is that while there are several bona fide |
| vulnerabilities rather than software vulnerabilities." | | | | online escrow sites, they are nowhere near as many |
| A Law Enforcement Perspective | | | | as there are fraudulent ones. |
| Lt. Rocky Costa, who until recently headed up the | | | | So, how can you be sure that the escrow company |
| Southern California High Technology Task Force | | | | you're considering using is in fact what it says it is? |
| agrees. "In fact, law enforcement has always seen a | | | | You must research it. First, do a WHOIS search on the |
| rise in all sorts of theft crimes when the economy | | | | domain. This will show you how long the site has been |
| goes south. The crooks look to fraud as the best way | | | | up, where it is being hosted, how many times the site |
| to separate folks from their money. People are most | | | | has been taken down. These are clues. If it smells |
| vulnerable when money is tight and they are looking to | | | | fishy at all to you, go elsewhere. |
| save their homes, savings, retirements, and often, their | | | | Then Google the name of the escrow company to |
| families. | | | | see what gives. This will lead you to forums and other |
| "They become easy prey to the con-artist who has | | | | articles. Study them well. |
| no sense of right and wrong, but knows how to | | | | Then, when you have found a site that appears |
| capitalize on human weaknesses. You see the con | | | | legitimate, travel the extra mile and take one of several |
| artist makes a living studying people and their | | | | additional steps:o Firstly, while fraudulent sites can buy |
| behaviors. They know their success rate will increase | | | | the necessary certificate to make it a secure site, they |
| as the economy tumbles and/or the recession climbs. | | | | seldom do;o Secondly, you can check at to see if the |
| Since a vast number of folks use technology daily, it is | | | | site you have decided on is listed as a fraudulent site |
| only natural to expect technology to be another | | | | by them; they also maintain a list of bona fide sites;o |
| weakness and another method for exploitation. | | | | Thirdly, you can call the site's customer service |
| "Historically, the number of street robberies goes up, | | | | department to make sure they are based in the United |
| along with shoplifting, and burglaries as the money | | | | States. If you have any doubts about that, ask them to |
| becomes scarcer. Although we have not yet seen | | | | call you back, and check the caller ID-if it is an |
| these increases at the lab, we fully expect them. | | | | international call, beware. Also, if the site does not have |
| However, with the current economy, even government | | | | a customer service department, again, beware;o Once |
| must begin to cut back. When they do, technology | | | | you know that you're talking to a U.S. based service |
| based crimes slide down the priority list in favor of | | | | department, ask any questions you can think of to |
| these more visible types of theft. | | | | ensure they are legitimate, such as which bank are |
| "People need to stay vigilant in the face is despair, | | | | they using for their escrow accounts, and who is their |
| holding onto their values and good judgment will be the | | | | main contact at that bank (whom you can then call to |
| only way they will be able to fully protect what they | | | | verify that this online escrow company does in deed |
| have left, until we all see around the corner." | | | | have an escrow account there);o If the answer is a |
| A Call to Action | | | | well-known American bank, and if the customer |
| According to the RSA Press Release of Tuesday, | | | | service rep can supply contact information at the bank, |
| April 21, 2009: | | | | you are 99% there. Then, if you want to reach 100%, |
| During the opening keynote at RSA Conference 2009 | | | | make that final call to the bank to rule out any vestige |
| Art Coviello, President of RSA, The Security Division | | | | of doubt. |
| of EMC, cautioned that the global cyber-threat | | | | Now you have found an online escrow company you |
| continues to escalate and online fraudsters are more | | | | can trust; register with them and enjoy your purchase. |
| organized, collaborative and effective than ever. He | | | | Here's to good and safe Internet deals. |
| addressed major forces such as the economy and | | | | |