Share this
Mister Wong
Digg
Del.icio.us
Slashdot
Furl
Yahoo
Technorati
Newsvine
Googlize this
Blinklist
Facebook
Wikio
Hear this text
Print
E-mail
Tags
The crime scene of the 21st centuryAvailable data is limited, but show that in an international context South Africa has a serious cyber-crime problem. According to the most recent figures from the South African Anti-Fraud Command Centre, South Africa was, after America and Britain, the country experiencing the greatest volume of phishing attempts.
The FBI’s Internet Crime Complaint Centre (IC3) put the country sixth on its list of countries with the greatest numbers of individual cyber-crime complainants.
According to a TimesLive-report of March 2011, South Africa lost more than R1 billion in the past three years to cyber-crime.
Information Security Group (ISG) of Africa founder and chairman, Craig Rosewarne, said the R1 billion was a conservative estimate, based on figures in the public domain.
Because no law or regulation currently forced companies to report cyber-crimes, the true scope of the situation in South Africa was uncertain, he said.
(sub head) International scene
“The internet is the crime scene of the 21st century,” stated the Wall Street Journal in 2010.
Earlier in 2011, one British study estimated that cyber-crime costs the United Kingdom more than 27 billion pounds a year.
According to a report in The Guardian last week British police know of hundreds of hacking forums, on which thousands of stolen UK credit card details are available for sale for as little as 1.50 pounds.
Whitehall officials said that there was a "noticeable spike" in the use of such forums on Friday and Saturday nights, possibly because people returning home from an evening out might have their guard down and were surfing sites they would otherwise ignore.
The Guardian reported that Nick Webber (19) was jailed for five years this year for masterminding a multi-million-pound "cyber supermarket" where criminals could order stolen credit card details or learn how to make illegal drugs – and even bombs.
Webber, of Hampshire, ran GhostMarket.net, which at its peak had more than 8 000 users. He was caught out by a 'compromised' credit card.
In 2005, an audacious hi-tech scam to plunder 220 million pounds from a London-based Japanese bank was foiled at the 11th hour. The Israeli gang was reported to have hidden spy software on the bank's computers to steal passwords to accounts.
The bank accounts of Steven Spielberg, George Lucas and Oprah Winfrey were targeted by an internet scam artist based in New York in 2002. Abraham Abdallah, a restaurant dishwasher, was caught trying to transfer 10 million dollars into his account.
Symantec, the world’s largest supplier of computers security software, recorded nearly three billion malware attacks in 2010 according to its April 2011internet security threat report.
According to the report, the ability to research targets online has enabled hackers to create powerful social engineering attacks that easily fool even sophisticated users.
The Sophos Security Threat Report of 2009 claimed that 23 500 infected websites are discovered every day. That is one every 3.6 seconds.
There are 15 new bogus anti-virus vendor websites discovered every day.
Nir Kshetri said in an article in Third World Quarterly, that according to some estimates, the global cyber-crime industry has been generating one trillion US dollars annually in recent years.
Developing world-based criminals are playing important roles in the global cyber crime value chain. There are also reports that traditional organised-crime groups in developing countries have been involved.
For instance, Chinese gangs, Colombian cartels and Russian and Malaysian organiseds-crime groups have reportedly diverted their efforts from traditional activities to cyber-crime and expanded globally.
Janet Williams, who takes the lead on cyber-crime at the Association of Chief Police Officers in the United Kingdom, said people seemed to think that being technophobic was quaint and slightly comical.
She warned the British public to snap out of its complacency about cyber-crime or risk becoming victims of increasingly sophisticated criminal networks operating online.
“I don't think there is sufficient appreciation of the risks. What worries me is that people still think of cyber-crime and cyber-attacks as being a little bit like maths. If you go to a dinner party, someone might say that they don't really get maths and everyone laughs and titters. Not being able to understand it is the equivalent of not being able to read. One might imagine that what was happening around us would be a call to action, but what one saw was the opposite. There is a sense of lethargy, of feet dragging and bureaucratic red tape," Rosewarne said.
Global action
Global internet security organisations plan to establish an international cyber police force and introduce digital passports to stop cyber-crimes, according to chief information officers who gathered at a recent summit in Cape Town.
Eugene Kaspersky, chief executive and co-founder of Kapersky Lab, told Business Report on 12 May that cyber-crimes were costing global economies at least R674 billion a year.
Several new threats had emerged and the level of sophistication in the attacks was rising. “The cybercriminals are getting more professional and have new types of technologies,” Kaspersky said.
He said it would take between five and 20 years before the internet security organisations implemented digital passport security or a cyber-police force.
He added it was important for businesses to seek protection on cloud networks because it was the only measure at present able to prevent various forms of cyber-crime. (Source: Business Report, 12 May 2011).
The British security minister Baroness Neville-Jones told The Telegraph that the answer to effectively combating cyber-crime lay in private firms and governments working together to disrupt criminal networks rather than prosecution.
"I don't myself believe that the successful combating of this kind of crime is going to lie primarily through prosecutions. "I think it's going to be through much better defenceses and disruption - screwing up their network.
"It doesn't have to be an offensive capability, but it's perfectly possible as we know, just as an intruder can screw up a company's network, the reverse can happen,” she said.
"There are both private criminals, there are organized networks, and there are also, very clearly, state players,” she said.
The American government stated in its cyber security public awareness act this year that the damage caused by malicious activity in cyber space is enormous and unrelenting.
“Every year, cyber-attacks inflict vast damage on our nation’s consumers, businesses and government agencies.
“This constant cyber assault has resulted in the theft of millions of Americans’ identities, exfiltration of billions of dollars of intellectual property and loss of countless of American jobs,” the US government said.
South African policy
South Africa drafted a national cyber security policy in February 2010.
According to this draft, the country does not have a co-ordinated approach to dealing with cyber security.
The development of interventions to address cyber-crime requires a partnership between government and civil society, it says. “Unless these spheres of society work together, South Africa’s efforts to ensure a secured cyber-space will be severely compromised.”
Cooperation and coordination between public sector, private sector and civil society will be fostered at strategic and operational level by the National Advisory Council and the National Computer Security Incident Response Team (CSIRT).
Prof Basie von Solms, research professor in cyber security at the academy for information technology and program-engineering of the University of Johannesburg, told Leadership Bulletin the international telecommunications union (ITU) is currently working on a toolkit to help establish a culture of cyber security.
The final product is not available yet. But some draft ideas include that a cyber-security plan for government-operated systems should be implemented.
A security awareness program for users of systems and networks must also be implemented.
The development of a culture of security in business enterprises must be encouraged, said Professor von Solms.
“We must also promote a comprehensive national awareness programme so that all participants – business, the general public workforce and the general population – secure their own parts of cyber space,” he said.
At the cippguide.org, we take a look at privacy issues worldwide. We also help prepare candidates for the CIPP certification exams. To learn more about the SANS security risks, check our blog at:
https://***.cippguide.org/2011/05/31/sans-top-security-risks/