Desktop version

Home arrow Engineering arrow The dark side of technology


Technology, the New Frontier for Crime and Terror

How to succeed in crime with minimal risk

The downsides of being a professional criminal is that the profits may not be large, evasion of the law is variable (unless you are very successful), and there may be dangers both when committing offences and also conflicts with other local criminals. An intelligent potential criminal will therefore diligently study science, technology, and computer software. This will offer a safe and profitable career path. Technology offers a dream opportunity as, first, the crime can be committed on people or businesses in a foreign country, and second, with a wise choice of country, there will be minimal chance of being extradited. This is matched by virtually no personal danger from the victims, and via the Internet the entire world is the target. Depending on the level of computer skill and intelligence, a whole range of options suddenly become available. Not surprisingly, the actual result has been a phenomenally rapid growth rate of cyber and associated electronic crime.

Most of us, the trusting general public, will be aware of computer scams that may start with a phone call or email claiming to be the bank, tax office, or a software company. Whichever route is used, one aim is to gain access to our computer; once there, it is possible to read the contents. The available data provide passwords to bank accounts and credit cards. With less technical skill, the cybercriminal can attack with a wide range of scams where goods are on offer, which appear to be from reputable companies, but instead our payment details result in a bank transfer to a foreign country, and our money disappears.

My examples are just the obvious methods, but in fact these scams are only the tip of the iceberg. In terms of overall hard cash, cybercrime is extremely significant. For example, in the USA, the total money lost by such routes was estimated to be around $1 billion in 2013. This estimate is increasing; it had doubled by 2015. Of more concern is that the scale and sophistication of the methods for such crimes continue to increase. So caution and better security are essential. Once money is lost, the chances of any recovery are small.

At a personal level, we are likely to be aware of our own bank transactions. But for small sums, which, for example, purport to be a standing order for some charity or insurance premium, we may believe we have just forgotten that we set it up. For the criminal, such small sums are not very tempting, so larger numbers per theft are preferred, or a multiplicity of smaller scams. However, most of us are likely to rapidly note the loss of a few thousand pounds. This is a slight dilemma for the criminals, as it may mean individuals are less likely to be worthwhile targets for major criminal organizations—not least as we will complain, and this rapidly triggers criminal investigations.

The intelligent criminal therefore wants both large sums and a system that is lax in spotting errors. Hence the ideal target may well involve complex multinational organizations or even banks where there are many foreign transfers taking place. A classic example emerged in early 2015 when the security company Kaspersky investigated losses from cash machines. The initial problem appeared to be that some ATM sites had been remotely directed to release money at a selected time, without the need for any banking card. It then rapidly emerged that this was just part of a much wider and more extensive cybercrime network, which had been running for several years at perhaps $1 billion per year.

Rather than merely hacking into the system, one method was to use video images with cameras within banks. These revealed details of bank processing methods and procedures. Duplication of the activities then moved money between banks; for example, by the SWIFT transfer route. In some cases, the source account total had been accessed and briefly altered to read, say, 20,000 instead of 2,000. A transfer of 18,000 meant the owner of the account was unaware of any change in the balance, which had only appeared to increase during a temporary hiccup of a few milliseconds. Equally, the SWIFT mechanism was fooled, as the source appeared to have had sufficient funds for the transfer. Once the foreign ‘account’ had accumulated sufficient funds, it was closed—after the money had been removed.

The psychological skill was never to target the same bank for too large a sum, so as to avoid detection and criminal investigation. Total losses to a single bank were kept typically below ?10 million over one or two years. Ten million is a very large number for most of us, but it is tiny in terms of an annual bank turnover; indeed, the loss is probably no more than the annual salary of the directors.

There are many banks, so there are many potential targets. Kaspersky’s first estimates were that prior to 2015, several hundred banks from across at least 25 countries had been robbed (or are being robbed). The total sum so far is measured in terms of billions of dollars. In 2016 a variant of the method removed around $81 million from the Bangladesh central bank, in part by blocking the printing details of the transfer. A parallel effort to remove $951 million from the Bangladesh account in the Federal reserve bank of New York only failed because the transfer details had a spelling error.

The other critical feature for such international criminals is that, over the past few years, the number of the new multi-millionaire criminal fraternity who have been successfully prosecuted and funds regained is around zero.

These commercial losses are not to be confused with stock market and bank losses caused by automated trading, which estimates trends and futures. These are equally the result of technological and software ‘progress’ where the computer predictive models are flawed, and are designed to be independent of human vigilance and control. To investors, the losses can be substantial and, except in legal terms, may also seem to be totally criminal, lax, and incompetent on the part of the fund managers.

Should banks consider a return to electric typewriters and handwritten ledgers?

Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >

Related topics