Cyber Law

According to the Internet Crime Complaint Center (IC3), cyber crime was up in 2008, and if the first few months of 2009 is anything to go by, this trend is not only continuing, it is accelerating.

As the country slides into recession, early indicators for 2009-February to March 2009-shows an additional 50% increase in reported Internet fraud complaints.

"These numbers are shocking, but given that the vast majority of incidents go unreported, the threat of identification theft is actually much more serious than even these figures would lead us to believe," says Justin Yurek, President of ID Watchdog, Inc. Common wisdom says that only one cyber crime in seven-or about fifteen percent-is actually reported.

Internet fraud includes everything from bogus sales on auction sites such as eBay and classified sites like craigslist.com, to smaller scale version of the Ponzi scheme perpetrated by disgraced New York financier Bernard Madoff.

As an example, a scam recently surfaced via e-mails that masquerade as originating from the FBI and other federal agencies seeking the recipient's bank account information in order to "help with illegal wire transfer investigations." Sweet.

The Recession Impact

Many observers put the continued surge in cyber crime down to the recession, and for several reasons.

As reported by the TechArena Forum , McAfee for one, in their annual McAfee Virtual Criminology Report-which examines emerging global cyber security trends, with input from leading academics, criminal lawyers, law enforcement authorities and security experts across the world-identified the following challenges:

The Cyber Credit Crunch - The cyber criminal is now trying to cash in on consumer anxiety to profit from old-fashioned "get rich quick" scams.

Meaning, that there are now people who voluntarily sign up to add malicious code to their websites, lured by the promise of easy money. At the same time, desperate job seekers are being recruited as "money mules" to launder cybercriminal gains under the guise of "international sales representatives" or "shipping managers."

In addition, with the economic downturn driving more people to the web to seek the best deals, opportunities for cybercriminals to attack are on the rise as people are more easily drawn in.

Governments are distracted - As governments grow more and more preoccupied with the economic downturn, their fight against cyber crime slides down their agenda, inviting more and more audacious individuals onto the cyber crime field.

The Cybercop Shortage - It is a known fact that police forces on the cyber crime front line often lack the specialist skills required to effectively fight these criminals.

Furthermore, the lack of dedicated and ongoing training, sufficient remuneration, or even a clear career path, is causing cyber crime specialists to be lured into the more lucrative private sector or even into underground economies.

Criminality Concealed - Eastern Europe, Russia and China have become key safe havens for cybercriminals while Brazil has become one of the fastest growing scapegoat countries for cybercrime. Traffic is often re-routed (and often via Brazil) as a decoy causing considerable misdirection in the origin of attacks.

Information Silo - While law enforcement is bound to physical national boundaries, cybercriminals are free to cooperate across borders.

Law enforcement communication between countries remains inconsistent and limited. Local issues and priorities take precedence over global efforts and international laws are being implemented with regional variations that impede the ability to negotiate jurisdiction and extradition between countries.

This is an environment that plays right into the hands of the cyber criminal, much to the frustration of cyber police.

Microsoft's Take

As reported by RedOrbit Microsoft shares McAfee's view that the global recession could prove to be a starting point for an influx of more cyber criminals seeking to use their computer skills to earn extra money.

"Today these (cyber) attacks are no longer about vandalism, they are about cash," says Roger Halbheer, Microsoft's chief security advisor for Europe, the Middle East and Africa.

"Cyber crime has gone from cool to cash. And this will definitely grow in the future," he told AFP (Agence France-Presse) during a recent international conference on terrorism and cyber security in Spain. "At the moment we are still at the cool side. But I'm expecting it to move to the cash side."

He then went on to add that it is, "one of the things that scare me about the economic downturn because I expect cyber crime to grow."

Also, the current economic crisis is causing a large number of layoffs, many of them from tech firms, meaning that more and more computer experts will have a lot of time on their hands, but no money. Tempting.

Fixing any and all security issues in software, does not solve the problem for, "Unfortunately the bad guys don't give up and go away. Instead they increasingly focus on crimes of deception that prey on human vulnerabilities rather than software vulnerabilities."

A Law Enforcement Perspective

Lt. Rocky Costa, who until recently headed up the Southern California High Technology Task Force agrees. "In fact, law enforcement has always seen a rise in all sorts of theft crimes when the economy goes south. The crooks look to fraud as the best way to separate folks from their money. People are most vulnerable when money is tight and they are looking to save their homes, savings, retirements, and often, their families.

"They become easy prey to the con-artist who has no sense of right and wrong, but knows how to capitalize on human weaknesses. You see the con artist makes a living studying people and their behaviors. They know their success rate will increase as the economy tumbles and/or the recession climbs. Since a vast number of folks use technology daily, it is only natural to expect technology to be another weakness and another method for exploitation.

"Historically, the number of street robberies goes up, along with shoplifting, and burglaries as the money becomes scarcer. Although we have not yet seen these increases at the lab, we fully expect them. However, with the current economy, even government must begin to cut back. When they do, technology based crimes slide down the priority list in favor of these more visible types of theft.

"People need to stay vigilant in the face is despair, holding onto their values and good judgment will be the only way they will be able to fully protect what they have left, until we all see around the corner."

A Call to Action

According to the RSA Press Release of Tuesday, April 21, 2009:

During the opening keynote at RSA Conference 2009 Art Coviello, President of RSA, The Security Division of EMC, cautioned that the global cyber-threat continues to escalate and online fraudsters are more organized, collaborative and effective than ever. He addressed major forces such as the economy and emerging technologies that are driving the information security industry to evolve and adapt-and how these forces provide an opportunity for "inventive collaboration" to effectively restructure the information infrastructure.

"To combat the cybercriminals requires far more purposeful collaboration on the part of the industry and a strong security ecosystem built around a common development process focused on risk," said Coviello. "Today's security technologies are applied as independent applications cluttering the information landscape and leaving perilous gaps of risk."

Coviello cited three major forces driving the information security industry to evolve and adapt, including:

o the challenge posed by the criminal threat;
o the demand upon enterprises and governments to achieve unprecedented levels of productivity to restore value to the faltering economy; and
o the opportunity to rethink the approach to security based upon emerging technologies and trends such as virtualization, cloud computing and social networking.

According to Coviello, "We must embrace a common development process that allows us to create a more secure infrastructure today. Then with an eye on the future we can ensure that the new technical infrastructure is designed around that process, rather than forcing a process around a collection of technologies.

"We must develop a stronger and healthier ecosystem than the fraudsters and ensure the fluid and frictionless exchange of information on which our global economy depends. It's not about changing the game; it's about winning the game," said Coviello.

Educating the Individual

However, it does not matter of safe our hardware and software becomes, if the individual citizen, desperate for money-and reaching for digital straws, as it were-believes that perhaps this Nigerian Prince really does exist and really does want to spit his $2 Million 50/50 if only he were to help him.

And by the same token, scouring the Internet for the best deal, and finding some that are (in fact) too good to be true, he may pounce on them, not only losing his money in the process, but also his credit card number and other private information.

The same holds true for many "work-at-home" opportunities that only require a small $300 payment for the material you will need to make "thousands a week from your kitchen." You've seen them. Well, as often as not, you will not even receive the material, and by the time you've wised up, your card has been charged, your money gone.

The time to wise up is now.

Internet Commerce Made Safe

As we all know, at least during some of our more rational moments-the "too good to be true" deal is often precisely that. But that is not to say that there are no good deals out there. In fact, the Internet is probably the marketplace that to a large extent will pull the economy out of its slump, precisely because it is replete with good deals and true opportunities.

But how to tell the good from the bad?

According to the IC3, the best way to guard against Internet facilitated scams is to stay informed. Keeping informed of the latest scams on the Internet may enable Internet users to recognize and report these scams instead of losing money or their identity information in one of them. To learn about the latest scams, they recommend periodically checking the IC3, FBI, and the FTC websites for the latest updates.

Additionally, the IC3 and its partners have launched a public website, "www.lookstoogoodtobetrue.com," which briefs the consumer about various consumer alerts, tips, and fraud trends. Pay it a visit. Make it a habit.

Also, when it comes to online auctions, and the potential of non-delivery of goods that you've paid for, the IC3 makes these specific recommendations:

o Make sure you are purchasing merchandise from a reputable source. As with auction fraud, check the reputation of the seller whenever possible, including the Better Business Bureau.
o Try to obtain a physical address rather than merely a post office box and a phone number. Also, call the seller to see if the number is correct and working.
o Send them an e-mail to see if they have an active e-mail address. Be cautious of sellers who use free e-mail services where a credit card was not required to open the account.
o Investigate other websites regarding this person/company. Do not judge a person/company by their fancy website; thoroughly check the person/company out.
o Be cautious when responding to special offers (especially through unsolicited e-mail).
o Be cautious when dealing with individuals/companies from outside your own country. Remember the laws of different countries might pose issues if a problem arises with your transaction.
o Inquire about returns and warranties on all items.
o The safest way to purchase items via the Internet is by credit card because you can often dispute the charges if something is wrong. Also, consider utilizing an escrow or alternate payment service after conducting thorough research on the escrow service.
o Make sure the website is secure when you electronically send your credit card numbers.

Bona Fide vs. Fraudulent Online Escrow Companies
If you have found a good online deal and are now ready to purchase, it would serve you very well to take IC3's recommendation and engage an online escrow service.

The problem is that while there are several bona fide online escrow sites, they are nowhere near as many as there are fraudulent ones.

So, how can you be sure that the escrow company you're considering using is in fact what it says it is?

You must research it. First, do a WHOIS search on the domain. This will show you how long the site has been up, where it is being hosted, how many times the site has been taken down. These are clues. If it smells fishy at all to you, go elsewhere.

Then Google the name of the escrow company to see what gives. This will lead you to forums and other articles. Study them well.

Then, when you have found a site that appears legitimate, travel the extra mile and take one of several additional steps:

o Firstly, while fraudulent sites can buy the necessary certificate to make it a secure site, they seldom do;
o Secondly, you can check at escrow-fraud.com to see if the site you have decided on is listed as a fraudulent site by them; they also maintain a list of bona fide sites;
o Thirdly, you can call the site's customer service department to make sure they are based in the United States. If you have any doubts about that, ask them to call you back, and check the caller ID-if it is an international call, beware. Also, if the site does not have a customer service department, again, beware;
o Once you know that you're talking to a U.S. based service department, ask any questions you can think of to ensure they are legitimate, such as which bank are they using for their escrow accounts, and who is their main contact at that bank (whom you can then call to verify that this online escrow company does in deed have an escrow account there);
o If the answer is a well-known American bank, and if the customer service rep can supply contact information at the bank, you are 99% there. Then, if you want to reach 100%, make that final call to the bank to rule out any vestige of doubt.

Now you have found an online escrow company you can trust; register with them and enjoy your purchase.

Here's to good and safe Internet deals.