In light of the Covid-19 pandemic, an alert was recently issued between the United States Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency, as well as the United Kingdom’s National Cyber Security Center concerning the growth of COVID-19 related themes behind various malicious cyber criminals. According to the Cyber Security and Infrastructure Agency, cyber criminals have been found to be impersonating entrusted entities while playing upon others’ anxieties and fears, as they use coronavirus- themed phishing messages entitled as 2020 Coronavirus updates, Coronavirus outbreak in your city (Emergency), new and confirmed cases in your city. These cyber – attacks represent a form of human hacking identified as social engineering, whereby a suspect employs his/her social skills in manipulating a potential victim through the use of trickery and deceit. Europol is of the belief that COVID-19 social engineering attacks will continue to only increase as Europol’s Executive Director Catherine De Bolle related how criminals have wasted no time to seize upon this opportunity in using the current crisis to their advantage.
Raj Samani, chief scientist and McAfee Fellow at the cybersecurity firm McAfee recently stated at the ACFE Fraud Conference in Europe that, “The face of cybercrime is no longer the person with the hoodie; it’s anyone with a browser.” That said, this article aims to dispel some of the stereotypes many of us have of cyber-criminals, and to also gain a little better understanding of what makes the mind of today’s cyber-criminal tick, particularly cyber-fraud criminals who are motivate by profit. Too often, when we think of the average cybercriminal, we conjure up images of an introvert juvenile computer genius with a high IQ who sit behind his computer in his basement, while never seeing the light of day, but creating calamity throughout the internet. The current year is 2020, and that image is very far from reality, as it defines a very small population of cyber offenders.
Defining Cyber-Crime through a Pandemic Lens
The word pandemic has been used in the first paragraph of this article. It is also used in the title of this article. Entry one of two in the Merriam Webster dictionary defines pandemic as, “occurring over a wide geographic area and affecting an exceptionally high proportion of the population.” Isn’t that after all what cyber-crime has become or is, particularly in relation to transnational organized crime activity? In their war against cyber-crime, terrorism, and international organized crime, Europol reports one international investigation that concerns the transfer of over 6.5 million euros by one company to another in an effort to purchase alcohol gels and masks. The products however were never received. In yet another case, the Czech Republic suffered a cyberattack against the Brno University Hospital. This shut down the hospital’s entire IT network, thereby disrupting hospital serves to include surgical procedures (Europol, 2020).
A Research Profile of the Transnational Cyber-Criminal
In a 2019 study derived from data extracted from US Department of Justice press releases between January 2009 and December 2017, a sample of 225 cyber offenders of foreign countries were examined in 123 cases involving 414 cyber related crimes. What was found through the research was enlightening, in so far as understanding the underlying profile of the transnational cyber-criminal. More than that, what was interesting was the discovery of a group element that cyber-criminals engage in as members of international organized crime networks.
The population sample of offenders from this study were examined across several variables such as age, country of residence, and types of offenses. The average age of the offenders was found to be 34.79. Gender wise, males accounted for 94% of the offender population (212 out of 225). The average number of defendants involved in cyber-criminal activity was 4.91. To that end, a little over 68% of defendants were found to be working in groups, versus working on their own. This is an interesting revelation, as many perceive cyber-criminals as a lone-wolfs engaged in hacking related activities. However, as explained by Nurse and Bada, in comparison to the real world, cyber criminals join international organized criminal networks with great ease throughout the vast field of cyber space.
The leading country of origination for the offenders was discovered to be China. This comes as no surprise as Unit 61398 of the Peoples’ Liberation Army of China, has been featured front and center as a major international nemesis engaging in state sponsored cyber-warfare for a number of years now. To that end, the study only re-confirmed how China serves as the leading country for theft of secrets, as 84% of the offenders in this category originated from China. It is also China where many of the offenders were found to be engaged in counterfeit goods as well. However, of all of the cyber related offenses, cyber-fraud was found to be the most predominant crime committed, with leading countries of origin for these criminals stemming from Romania and Russia (12%). Hacking served as the next predominant offence, where the leading offenders were found to come from Estonia followed by Romania.
In yet another study of cybercriminals’ sociological structure and organizational practices, researchers found that in all of the cases, multiple offenders were discovered to have had some ties to one another. This study examined 18 offender groups from the Netherlands, who were engaged in malware and phishing offenses against banks and credit card companies and criminally charged. None of the criminal networks in this study involved lone actors. Instead, the majority of the 18 networks (12), which the researchers categorically identified as teams, were comprised of some hierarchal structure. They also engaged in their crimes for long periods of time. Core team members were responsible for planning the cyber-attacks, but enablers, who possessed certain knowledge or skills, were used to carry out the attacks (i.e., purchasing of malware or stolen credit cards). Money mules were also outsourced by the core members for purposes of obfuscating the money trail between the victims back to the core members.
Not Your Average Every Day MAFIA
According to the United Nations Office of Drugs and Crime, organized cyber-criminals engage in a multitude of cyber-crimes to include but not limited to fraud, but various malware attacks, intellectual property theft, as well as the sale and distribution of counterfeit products (knock-offs). They also contract themselves out to provide services to other cyber-criminals to further facilitate their crimes, whether it be the manufacturing of fake documents, selling of self-created malware, DDoS and botnet services, as well as phishing and key logger tools, just to name a few. As one can see, organized cyber-crime is anything but the traditional MAFIA that we all associate organized crime to be.
Cybercrime is rapidly changing the way law enforcement must think about and respond to such threats that are global in nature. Take for instance the threat that information terrorism poses, which is an information operations tactic that terrorists utilize to achieve their desired goals. Consider also deep fake technology, which according to Toews, affords the ability to manufacture realistic photos and videos of anyone saying or doing something they never said or did. Deep fake technology is growing exponentially and if you think about it, it serves as a goldmine of opportunities for extortion that makes ransomware seem like child’s play. As such, a non-traditional approach to policing is required, coupled with the necessary resources in combatting these types of crime. New methods of public and private cooperation, as well as joint initiatives, serve as basic requirements from a reactive and proactive perspective when trying to prevent, detect, and deter cyber-crime activity. But much like crime in general, cyber-crime, regardless of what form it comes in, is a global virus that we will always live with, much like terrorism has become.
Maybe a page from the lesson book of our intelligence world as to how to battle terrorism should be applied in dealing with cyber organized crime. As the former NSA Director of the National Security Operations Center once said through a National Geographic documentary, after 9/11, the philosophical approach to beating terrorism was to understand that “in order to beat a network, you have to be a network.” That mindset lies with all of us as industry professionals, which is to initiate proactive measures that immunize society of cyber-crime’s negative effects. However, much like most viruses, one can never protect themselves from every strain that develops, which as depicted through this article, cyber-crime is replete with multiple strains of criminality. That said, the best we can do is mitigate the impact, for we will never eradicate the global menace of crime that exists within cyber-space.
Bruno Pavlicek is a Senior Investigator with the Corporate Security Department of a major telecommunications corporation. He has over 25 years of experience in criminal and civil investigations between law enforcement and the private sector, specializing in fraud and non-traditional organized crime groups. He is a Certified Fraud Examiner, Certified Forensic Interviewer, and currently serves as the President of the Georgia state chapter of the Association of Certified Fraud Examiners. Bruno holds a PhD in Psychology, as well as a Master’s degree in Economic Crime Management.