It’s easy to forget that cybercrime is a relatively new term that didn’t exist 30 years ago. Today, excluding some violent crimes, it appears that almost every conceivable crime can have a cyber element to it. Cybercrime can be described as any illegal activity that is dependent on a computer or network-connected device. But as devices are increasingly network connected, could we see a blurring of the line between traditional crime and cybercrime?
The concept of connecting any device with an on and off switch to the Internet is known as the Internet of Things (IoT). Connectivity, convenience, automation - these are some of the benefits that the IoT will bring. However, these benefits provide opportunities for miscreants to commit crimes which have a physical impact - not just the information security and financial impact we often associate with cybercrime.
That’s exactly what happened in Lappeenranta, Finland, at the end of last year. Attackers caused heating systems to go offline by targeting them with a Distributed Denial of Service (DDoS) attack, leaving residents to face the sub-zero temperatures typical for that time of year[i].In Germany in 2014, attackers infiltrated the corporate network of a steel mill, and used the access to pivot into the production network, enabling them to manipulate the facility’s control systems. The attack led to failures in equipment, and caused a blast furnace to explode[ii].In both of the above cases, the result was sabotage. Although no ransom demands were reported, the two cases highlight the opportunities that the IoT will bring to criminals. For some companies, cybercrime will not just be about data and financial theft. They will also have to consider the physical impact of cybercrime - in addition to the existing physical risks associate with day to day operations.
The insurance industry is already struggling to comprehensively quantify cyber risks; the physical considerations presented by the IoT will create further challenges for the industry.
Sometimes criminals use cyber methods to enhance the modus operandi of existing operations. Increasing digitalisation and globalisation is creating more opportunities for this to happen; blurring the lines between traditional crime and cybercrime.
The search for new ways to get drugs out of a port in Belgium port led a group of drug smugglers to recruit hackers in 2011[iii]. Together, the alliance hatched a plan which included the hacking of the port’s computer networks. Sometime later, after the breach was discovered, and their plan foiled, the group broke into the premises and plugged remote access devices into computers.
The group sought to infiltrate the port’s systems to steal release codes which enabled containers to be collected by authorised personnel. The objective was to gain access to cocaine and heroin, which the smugglers had hidden amongst legitimate goods prior to the departure of the container ships. Police were first alerted when entire containers began to disappear mysteriously.
There are plenty of examples of traditional crimes being facilitated by cyber methods. From human traffickers breaching airport systems with the help of immigration officers[iv], to the shift from postal to email-based advance fee fraud by West African fraudsters[v]. The hidden web, and in particular, Tor and other darknets currently provide the largest markets for the trade in illicit goods and services. Such darknet sites are increasingly replacing the ‘man in the pub’ and the drug dealer on the corner.
For traditional criminals, adopting cyber methods brings clear benefits. Perhaps the most important is anonymity. Whilst CCTV and forensics are helping to solve physical crimes, VPNs, proxies and dark nets are helping criminals evade capture.
By combining the two types of crime, criminals can also achieve greater scale and reach. Why rob one bank, when you can target the ATMs of many? Why pick a local target when you can place great distance between yourself and a crime using the internet?
Criminals can also use legitimate tools, malware and scripts to achieve greater automation and speed – as demonstrated by modern fraudsters, in their use of email scrapers, spam bots, keyloggers and email notifiers.
Apart from crime, technology is set to blur many other issues too - think cyber-enabled terrorism or cyber-enabled protests. The physical impact of cyber methods described earlier in this blog is relevant here.
Perhaps the difference with crime is that the cyber element is already the dominant factor. According to the World Economic Forum, the global cost of crimes in cyberspace is estimated to be $445 billion. The UK Government have more than doubled their cyber security investment from £860 million in the last Parliament to £1.9 billion over the next 5 years[i].The evolution in crime is mostly technology driven. The Internet of Things in particular requires greater scrutiny by security teams if we are to avoid playing catch up to the cybercriminals – again.
[i]https://www.gov.uk/government/news/britains-cyber-security-bolstered-by-world-class-strategy[i]http://metropolitan.fi/entry/ddos-attack-halts-heating-in-finland-amidst-winter[ii]http://www.pandasecurity.com/mediacenter/security/cyber-attacks-cause-physical-damage/[iii]http://www.techworld.com/news/security/hackers-planted-remote-devices-smuggle-drugs-through-antwerp-port-europol-reveals-3474018/[iv]http://www.straitstimes.com/asia/malaysia-fires-15-officers-for-immigration-breaches[v]https://www.secalliance.com/blog/west-african-threat-actors/