All FreePint Articles | Article Categories |
Cybercrime - not so high tech after all?
Monday, 2nd April 2012
Tim Buckley Owen
With news that Visa and Mastercard accounts may have been compromised and further alarm bells ringing about cybercrime, information professionals look to see where the risks are and what they can do about them. However, it seems that it's the low end of the technical spectrum where the biggest dangers lie and not with young, technically literate criminals.
News that Visa and MasterCard accounts may have been compromised couldn’t have come at a more opportune time for the European Commission, which has just announced that it is to set up its own cybercrime centre. But where do the risks of cybercrime actually lie, and what can information professionals do about it?
It was security blogger Brian Krebs who first raised the alarm about a breach at a United States based credit card processor. Sources in the financial sector were calling it “massive”, he said, possibly involving more than 10 million compromised card numbers.
As the story spread, it may have scotched any suggestion that proposals to create a European Cybercrime Centre were just another example of overreaching Euro-bureaucracy. To be established at Europol’s headquarters in The Hague from next January, the Centre will fuse information from open sources, private industry, police and academia – serving as a knowledge base for EU members’ police forces as well as assisting cybercrime investigators, prosecutors, judges and the private sector.
Social media will naturally be a key focus of its activities, but the announcement strangely failed to mention email – even though, contrary to what one might expect, this medium remains the more popular. A recent international survey from the polling organisation Ipsos reveals that, although social media may be catching up fast, 85% of people use the internet for emails, compared with only 62% for social networking.
So emails remain a potential risk – even if only of costly time-wasting, as the latest VBSpam report from Virus Bulletin shows. Speaking to the Register newsletter, VB’s Martijn Grooten reports that the recent decline in spam appears to have been accompanied by a reduction in the effectiveness of enterprise spam filters – some of which are ironically letting more spam through.
Further cybercrime misconceptions have been challenged by research from the John Grieve Centre for Policing and Security at London Metropolitan University. Commissioned by BAE Systems Detica, it found that most cybercrime is not committed by young, technically literate individuals but by older traditional criminals, who have profited from the deskilling brought about by the greater availability of “crimeware”, and who meld their cyber activities with traditional extortion, protection rackets and violence.
What’s true for the perpetrators may also be true for the potential victims. Commenting on the Visa and Mastercard breaches, Gartner’s Avivah Litan blogs that it may simply have been a case of taking over an insufficiently protected administrative account by answering its knowledge-based authentication questions correctly.
Much cybercrime seems to be middle- to low-tech stuff, then, it seems. If so, fighting it matters as much for the corporate information professional – gatekeeper to much of an enterprise’s incoming data – as it does to the techies.
By Tim Buckley Owen
Tim is an information skills trainer and writer on the information industry with over 40 years' experience in the profession. His career has encompassed information management, writing, editing, training, government policy advice and corporate media & marketing.
Besides writing for FreePint, Tim runs courses for training providers and private clients on enquiry handling, abstracting & summarising, information packaging & presentation and information management. The sixth edition of his classic handbook Successful Enquiry Answering Every Time is published by Facet Publishing. You can find details of Tim's training services at www.buckleyowen.com.
Tim can also be reached at firstname.lastname@example.org
More articles by Tim Buckley Owen »