Cyber-gangs are increasingly targeting businesses, where the largest concentrations of valuable data are to be found. There is easy money to be made, said Detective Constable Mark Fenton of the Vancouver police’s computer crime unit, due to the major imbalance in the resources allocated to combat cyber-crime compared with real-world crime.
When thieves rob a bank, he said, they net an average of $800. When they leave the bank, alarms sound, police are mobilized, dog squads are called in and detectives may do follow-up investigations.
Conversely, someone who sets up a false account on an online auction site and puts a computer up for sale may defraud 20 people at $1,000 a pop for weeks. But the resources used to go after the cyber-fraudster are zero, said Fenton.
“You’re looking at a guy who can pull off maybe two or three bank robberies before he’s caught, versus a guy who can make $20,000 a month in fraud.”
Fenton also pointed out that a convergence of street-level crime with cyber-crime is occurring. In the past, drug addicts were typically involved in low-end crime, such as breaking and entering. But that is changing. “We have a lot of meth heads in Vancouver. Their big thing now is identity theft so they can obtain credit,” he said. Addicts are breaking into mailboxes to steal credit cards, then activating them to make online purchases.
The street-level criminal is increasingly realizing how lucrative information can be, said Fenton. A laptop is no longer valuable just for its hardware resell value — thieves are realizing the data can be far more valuable, and are connecting with knowledgeable cyber-criminals.
“It wouldn’t take a lot of work for a thief to get connected quickly to find a market for a laptop’s data,” said Lyle Singular, director of recovery services at Absolute Software in Vancouver and also an ex-RCMP officer. Street-level criminals and cyber-criminals are increasingly cooperating to steal laptops to get at information, said Fenton. “There are two schools at work here, and they’re co-evolving.”
Corporate espionage is also another area where street-level crime is converging with cyber-crime. “There are individuals who move on the periphery of certain industries. They know that data from one company will be of value to another and there are many ways to connect the dots,” said Singular.
Fenton agreed, pointing out there are individuals who target businesses, and their primary targets are low-level insiders. “They’ll approach cleaners and say, just steal us the laptop from the president’s secretary.” Fenton has some stern advice for businesses: “What I try to tell business people to do is to try not to have their main data banks hooked up to the Internet — keep them completely separate.”
Fenton is relentless in the face of protests that business people can’t do that in today’s business environment.
“Yes they can. They can have an Internet presence that has their Web site, home page and customer forms. What’s difficult about turning your chair around to another keyboard, and putting the same information into your internal database? And they look at me and say, ‘The cost.’”
What costs more, he asked: the loss of all that information and public image, or putting it on another server? He is unimpressed with Web servers, firewalls and other such security mechanisms.
“I don’t care how good your firewall or security (is); if there’s a human operating that system, the information can be obtained, period,” he said.
Cyber-criminals can easily circumvent such security with social engineering, he added. “We’re seeing more and more cyber-crime. If you can do the crime in the real world, you can do it in the cyber-world, better.”