The RCMP has urged private sector organizations to report cyber crimes when they occur, saying it would help the law enforcement agency to track down criminals and prevent similar incidents from happening.
“If the private sector doesn’t tell us they were hacked, then we don’t know it occurred,” said Carole Bird, officer-in-charge of program management support services for the RCMP’s Technological Crime Program. Bird was a keynote speaker at the SecTor security conference held in Toronto this week.
According to Bird, less than five per cent of cyber criminals are caught and convicted worldwide. A 2006 survey of businesses found that two-thirds had lost income as a result of cyber crime.
Increasing computer access and tech know-how among the public are key contributors to the rise of cyber crime in Canada, Bird said, adding that online transactions have increased 38 per cent.
“Malicious software is widely available and the threat is not merely in the value of the data compromised, lost or stolen, but in the nature of the attack (i.e. an attack on the financial sector),” she said.
The nature of the Internet itself is what advances these crimes, as she noted that attacks are aided by the anonymity, openness, connectivity and speed of the Internet.
The globally interconnected networks, have also enabled hackers to launch cyber attacks from anywhere in the world, with rapid cascading effects in multiple jurisdictions, said Bird.
One of the most widely used forms of cyber crime against individuals is that of social engineering. Typically aimed at computer users, the objective of such a scheme is to try and trick them into revealing sensitive information, such as bank account information or user name and password.
Social engineering was also addressed by SecTor speaker Steve Riley, senior program manager with Microsoft’s security business unit in Washington, D.C., who said complacency is part of the problem.
“People see technology as the solution and invest millions of dollars, yet are still vulnerable to old-fashioned manipulation,” said Riley. “Anyone with access is a potential risk.”
Riley stressed the importance for organizations to utilize integrity screening and public code reviews when hiring personnel, in order to protect against insider attacks.
Cyber crime has also become increasingly sophisticated, said Bird. “People can buy hacker toolkits online.”
She said cyber crime has evolved from simple hacking to the Internet now being used by terrorists and organized crime, and even moving to the realm of cyber war.
Some of the challenges faced by law enforcement are that it’s becoming harder to track identities and transactions involving cyber crimes, and jurisdictions have either non-existent or differing laws, said Bird.
“Time is a huge issue and legislation that can facilitate information gathering and cooperation is key,” she said.
She said the RCMP is now seeing large-scale investigations with multiple locations, suspects and jurisdictions.
“Cyber crime will probably always exist,” said Bird. “What we want to do is make the Internet safer, and reduce online criminal activity.”