Is UK losing fight against internet crime?

The UK must do more to stop online fraud or risk losing the fight against e-crime says former anti fraud and e-crime consultant Tero Pollanen 

There's nothing to suggest that internet safety has nose-dived in the 18 months between the two reports, but it may be that the Home Affairs Committee heard more worrying evidence about the response of the authorities to e-crime.

Perhaps the Home Affairs MPs also hoped that their vivid use of language ("war" and "black hole") would prompt ministers into action.

The message has certainly been sent - though more analysis and less hyperbole might yield better results.

Publishing its first report on the subject, the cross-party committee said e-crime took various forms, did not recognise national borders and could be committed "at almost any time or in any place".

'Off the hook'
It called for a dedicated cyber-espionage team to respond to attacks, many of which are believed to be backed by foreign governments because they are so sophisticated.

Offences range from attacks on computer networks and the use of viruses to steal data to the use of cyberspace to facilitate traditional crimes such as forgery, sabotage, drug smuggling and people trafficking.

The committee said it was worried by the evidence it had heard during its inquiry about the UK's e-crime fighting capability.

It said it had been told by Adrian Leppard, deputy assistant commissioner at the City of London Police, that up to a quarter of the UK's 800 specialist internet crime officers could be lost due to budget cuts.

This was despite evidence the UK was a prime target for many of the 1,300 criminal gangs specialising in fraud.

A quarter of the gangs, many of which are based in eastern Europe and Russia, use the internet as their principal means of deception.

The MPs said police cutbacks came on top of proposed 10% cuts to the budget of the Child Exploitation and Online Protection Centre (Ceop).

"At a time when fraud and e-crime is going up, the capability of the country to address it is going down," the report concluded.

"Ministers have acknowledged the increasing threat of e-crime but it is clear that sufficient funding and resources have not been allocated to the law enforcement responsible for tackling it."

As well as calling for a cyber-espionage team, the report's recommendations include:

- Requiring banks to report all e-fraud, however small, to the police
- Obliging web firms to explain data security tools to new users
- Prosecutors to review sentencing guidance for e-crimes
- Increased funding for European e-crime co-operation
- Mandatory code of conduct for removal of indecent material
- New body to report on and remove online terrorist content
- Keith Vaz, the Labour MP who chairs the committee, said the UK's response to e-crime was too "fractured".

Keith Vaz, MP: "This is a more serious threat than a nuclear attack"
He added: "It's much easier and more lucrative to steal on the internet than it is to go out and rob a bank.

"These are real e-wars. At the moment we are not winning the e-wars."

Mr Vaz said the gangs committing e-crimes were "predominantly" from eastern Europe, including European Union countries such as Romania.

The UK's eavesdropping centre GCHQ suggested earlier this year that 80% of cyber-attacks could be prevented by better management of information online.

The Police Federation of England and Wales said the MPs' report was further evidence that recent figures showing a 10% fall in recorded crime last year were "misleading".

Javed Khan, chief executive of the charity Victim Support, called the findings "worrying", adding: "E-criminals cannot be allowed to get ahead of our police and their partners."

The government announced increased funding for cyber-security in 2010, while a single National Cybercrime Unit will be formed later this year as part of the new National Crime Agency.

Deputy Chief Constable Peter Goodman, who speaks for the Association of Chief Police officers on e-crime, said the new unit would bring a "real step change in our response to e-crime".

A Home Office spokesman said: "Crime is at record low levels and this government is taking action to tackle the cyber-threat, investing more than £850m through the national cyber-security programme to develop and maintain cutting-edge capabilities."

He said the new cybercrime unit would "target the most serious offenders and provide enhanced intelligence for Ceop so they can protect even more children from harm".

"But we know we need to keep pace with criminals as they target the web and so we continue to consider ways to ensure the police and security services have access to communications data," the spokesman added.

Tero Pollanen is a former Financial Crime Consultant who has in the past worked with major financial institutions and banks.

Source BBC http://www.bbc.co.uk/news/uk-politics-23495121

Hello from Tero Pollanen

Hi All,

2013 been very busy for me. I will now have again more time to write about online fraud so soon more to come.

Kind Regards,
Tero Pollanen
http://teropollanenonline.com/

The Coming “Quiet” War

Cybercrime knows no borders. There are thousands of attacks globally every day and cyber crime costs the UK £27 billion yearly. Tero Pollanen, international expert on cyber crime and security warns that this growing threat on the UK including global networks is a serious threat to economic security. “The magnitude of this threat cannot be overstated.”

With the increasing level of sophistication of attacks from both enemy states and criminal organizations, cyber security is one of the greatest challenges of today. The alarm has been sounded by the government and it has been “quietly” suggested that the UK should in fact declare war on states and criminals that are targeting the country by employing “aggressive retaliatory strikes” hoping to destroy their operatives.

The latest attacks are now focusing on business targets.  This, of course could include core infrastructure grids which, if compromised, would bring the country to its knees. Time after time Tero has reiterated that complacency is the biggest enemy within a company. Often they do not begin to realize that they have been compromised until sensitive information falls into other hands and/or their entire network is under the control of criminals. The bottom line is that companies are not taking this threat seriously.

The government has offered new guidance in it’s “10 Steps to Cyber Security.” But again complacency raises its ugly head as a recent survey has determined that nearly 9 out of 10 UK businesses were confident that they were already adequately protected. It has been said that such confidence is a grave mistake.

Ref.: http://www.telegraph.co.uk/news/uknews/law-and-order/9522969/Hackers-could-be-running-company-computers-GCHQ-chief-warns.html

Is Your Data Secure?

New information revealed under the Freedom of Information Act shows alarming statistics concerning data breaches in the UK. According to the Information Commissioner’sOffice, data breaches have increased by a factor of ten in the last five years. The good news, however, is that organizations are reporting many more breaches than before.

Tero Pollanen, international fraud prevention specialist has stated time after time the importance of both awareness and stepped up government participation are the keys to turning the tide against cyber crimes. The word is getting out as the ICO’s numbers demonstrate that awareness of the legal requirements on companies to secure information and large fines on companies that “lose” information is precipitating positive change. The telecom sector has actually seen a decrease in the number of information breaches in the past five years.

The ICO provides a wealth of information and guidance across the UK. It should be noted the both health service and government sectors are expected to report serious breaches which involve large volumes of personal data and/or sensitive materials. Again, Tero Pollanen reminds us both to be aware and encourages additional sectors to work with the ICO in reducing the number of data breaches.

Ref.: http://www.bbc.co.uk/news/technology-19424197

No More Fish For The Phishers

Phishing, the art of deception is about to become a bit less successful according to some of the world’s largest banking institutions.  One morning before leaving for work you quickly scan your email and spot a quick note from your trusted bank that you have been with for years.  The typical scam pitch might go like “it’s that time of year again, dear member, to update and verify some information on your account…”  You are directed to your bank’s website, provide the vitals, and you are happily on your way to the office. Later in the day, with a shopping cart full of groceries you are horrified that your account cannot cover the charges.  The reality is that you are broke.  And, that website was NOT your trusted bank’s site at all.

“This cybercrime, known as Phishing, has cost industry an estimated $2.5 billion last year alone,” states Tero Pollanen, a well known fraud prevention specialist, “it is time to rethink security strategy.”  The latest school of thought is in the utilization of new exclusive internet addresses with unique domain endings such as dot-citi, dot-barclays or dot-bofa. The banking institutions are hoping that this will increase customer awareness that they actually are dealing with their bank rather than a scam website attempting to steal personal information.

According to Icann, the organization that more or less governs the internet, these new extensions could begin to appear in 2013. In addition to security concerns they would also aid in brand promotion.  But by far the greatest need for this change would be the possible security benefits over what they cannot obtain with a dot-com presence.

Fraud will still exist with careless customers and it is the weakest link in the chain of security.  But at least the institution can create a domain that ends in their bank name which will help to generate more trust in the institution. 

The key here of course is communication between the institution and its customers that when a web address ends in a particular dot-brand, it can be trusted. 

Ref.:  http://online.wsj.com/article/SB10000872396390444508504577593243972975650.html

Tag Team: Father & Son Scam

“Just when we thought we had seen it all, says Tero Pollanen, a well known fraud specialist, we see yet another major institution fall victim.” With all the chatter about the major world banks, now it’s Western Union and a money transferring scam involving a father and son team.  Here we have 2 people, illegal immigrants facing deportation from the UK. The father was bankrupt several years ago and yet became an agent for a Western Union transferring company after “various checks had been carried out”. Apparently these checks were not quite thorough.

The business they set up offered unsustainable transfer rates and was marketed to their own people in India and Pakistan. “..the money transfer service had quickly gone wrong because they were offering such good exchange rates that they made no profit.” 

More than 20 customers over a three month period were defrauded as they used this service which offered “excellent rates on transactions.” The judge that eventually tried the case “described their offenses against their own Asian community as ‘despicable’”. Both men knew they were facing deportation to Pakistan; the elder being fearful of returning there because he received better health services in the UK. Apparently despite his status, he had been receiving free medication.

It seems there is no limit to the depth to which people will sink in these most desperate times. Everyone must be vigilant.

Ref.: http://www.dailymail.co.uk/news/article-2187830/Western-Union-money-transfer-scam-Illegal-immigrant-father-son-defrauded-50-000.html?ITO=1490

And The Beat Goes On…

“You never know whom, from where, or what will occur but there is a war going on out there,” says Tero Pollanen, a well-known cyber crime and fraud prevention specialist. The scam of the day comes to you from Bhubaneswar, India where we read of a graduate engineer being arrested for hacking a victim’s credit card and going on a spending spree over the last several months. Over a three month period, he defrauded the victim of nearly £1100

on internet adult sites alone, in addition to purchasing a cell phone and other assorted electronics.

An ongoing investigation is in progress to see it the arrested was simply acting independently or if he is part of an organized crime group. It is sad that here we witness a bright mind whom we would expect to trust and aid in the prevention of such affairs, rather falls into temptation and thus violates our trust.

Ref.: http://www.ndtv.com/article/cities/engineer-held-for-credit-card-fraud-251903