Cyber crime could trigger a global crisis

Billions of dollars are being routinely pilfered online, and banks seem more concerned with keeping the public in the dark. Learn how to protect yourself, from your phone to your social media network.

The security software developer Symantec believes cyber crime is a threat to the economic prosperity of many countries in the Middle East.
Powered by automated translation

Financial institutions across the world could face a new wave of global recession because of a rapid rise in computer crime.

"The scale of cyber fraud now being experienced by the world's banks is high enough, potentially, to trigger another global financial crisis," says a source from the KCS Group, an international security firm.

The world's banks have built a wall of silence around their losses, fearing a dramatic loss of confidence in the banking system if the true scale of the cyber criminals' operations were ever made public.

"The banks will not admit to the size of the problem for fear of damaging their reputation and there are therefore no accurate figures available," says one KCS source, who did not want to be named.

"But there is hard evidence that the problem is far worse than has so far been reported and is now affecting banks across the globe with potentially crippling consequences."

There is a growing danger that, by keeping their heads in the sand and making no concerted effort to tackle the problem, the banks have foolishly given organised criminal groups (OCGs) an opportunity to make themselves unassailable with their new-found wealth.

Even conservative attempts to gauge the scale of the problem estimate that gangs are now stealing billions of dollars on a regular basis. There are also reports that cyber criminals are using their vast wealth to buy political influence and other forms of protection for their illegal activities.

"I don't know that there is any way to get an accurate reading of this, but every credible estimate puts it in the tens of billions of dollars," says Alan Brill, the senior managing director of the cyber security and information assurance practice at Kroll, a security company.

Although there are no reliable statistics available for cyber fraud, security experts at companies such as the KCS Group now believe that the cyber hacking of banks is far more lucrative for organised crime than the global trade in illegal drugs.

Cyber hacking has a number of close parallels with the international trade in illegal drugs. It has grown from a cottage industry into a global business. And, according to security experts, cyber criminals use individuals known as "mules" to transfer money in much the same way as drug smugglers use carriers, also known as "mules", to transport drugs.

The difference is that, where the drug mules transport relatively small amounts of narcotics across borders, cyber mules regularly use personal accounts to hold and transfer millions of dollars siphoned from banks and their clients.

"A colleague and myself recently saw the scale of the problem on a computer screen. We were watching the every day losses from cyber fraud experienced by three banks and a building society over a few hours. These four institutions alone experienced losses of £660,000 [Dh3.7 million] over a typical four-and-a-half-hour period," says the source at the KCS Group.

"This was not a one-off event, just a typical few hours. Multiply this over a whole year across all the world's banks and you start to grasp the full scale of the problem."

While the banks have tried to conceal the fact they are haemorrhaging billions of dollars, the OCGs have developed increasingly sophisticated forms of cyber attacks, regularly robbing financial institutions on a scale that makes the masked and gun-toting bank robbers of the past look like small-time pickpockets.

"There is absolutely no question that the attacks are more ambitious. And they are in many cases far more sophisticated than we've ever seen before," Mr Brill says.

"We're seeing a real change from the hackers having a 'hit-and-run' mentality [break in, steal data, maybe try to cover their tracks and get out] to a strategy of persistency [get in, hide, stay inside the network for weeks, months or years, with the ability to steal data over a long period]."

But, according to Kroll, many banks have not yet grasped the altered nature of the attacks and instead focus their resources on trying to prevent intrusions into their IT systems, something the security companies believe is creating a spate of dangerous complacency within some financial institutions.

"Unfortunately, many banks haven't fully understood the change and focus too much of their security resources trying to prevent an intrusion," Mr Brill says.

"Current thinking is that while you try hard to prevent intrusions, you assume they have occurred and set up systems to identify and neutralise threats that are already inside of your systems."

Symantec Corporation, the security software developer, also reports that the rate of computer viruses in the UAE is steadily on the rise and that the nature of the threat is changing.

Symantec says the aim of the attacks is to establish persistent access to a targeted organisation's network. In many cases, this is to provide remote access to confidential data. In the long term, Symantec believes the problem represents a significant threat against the economic prosperity of many countries in the Middle East.

Cyber hacking began with the Triad gangs in Hong Kong, according to the KCS source: "At first, it took a fairly primitive form. The stiff cardboard from the tops of Cornflake packets was used to create fake bank cards for insertion into cash machines. For years, the banks would not admit that the Triad's hackers could break their security codes. Today, cyber hacking is taking place on a far greater scale, with China now becoming a key player and hacking into corporate as well as private bank accounts."

A major problem facing the banks is that the OCGs have become adept at hiding their online movements, often making it impossible to track what they are doing accurately.

"As to China, there is no question that there are attacks emanating from that country," says Mr Brill. "However, it is very likely that many of those attacks actually originate elsewhere, with the attack routed through China to pin the blame where it doesn't belong. Certainly, there are attacks that do originate there, but in our experience at Kroll, there are a lot of source countries for these attacks."

Client confidentially, coupled with the banks' attempts to safeguard their increasingly tarnished credibility, prevents security companies from naming those institutions most affected by cyber hacking. Nevertheless, there are many examples of the type of crime now being committed by international OCGs on a frighteningly regular basis.

Kroll, for instance, reports that a financial-services company was planning to replace a system that was becoming obsolete with a new one. But because of economic conditions, it decided to postpone the new system for a year, omitting to maintain the old system, which had a major security flaw. A hacker was then able to easily breach the system controls and steal the financial files of 40,000 customers.

"A bank recently came to us when a backup tape from their system went missing between their data centre and the secure-storage facility," says Mr Brill. "Unfortunately, they did not encrypt their backup tapes even though the backup software fully supported encryption. They had never bothered to turn on the encryption. The result was a very large data breach that caused significant embarrassment to the institution."

There is also evidence that cyber criminals are increasingly holding private account holders and financial institutions in the UAE to ransom.

"The problem of online fraud is current and growing in the UAE," says the KCS source. "Ransomware is increasingly used to extract money from both banks and from private account holders.

"In the case of banks, the threat could be to publish sensitive information. In the case of an individual account holder anywhere in the world, the threat could be to freeze access to all the data on their PC unless a toll of, say €5 [Dh24] to €10, is paid."

The KCS source says a case earlier this year involved a criminal who was holding a bank to ransom by threatening to ruin its reputation by publishing client details stolen from its IT system on the internet. KCS uses a mix of electronic detection together with an international network of agents from backgrounds such as the CIA and the KGB to locate cyber hackers.

"We tracked him down to Belarus and then informed the bank," says the source. "Once we have located the criminal, it is up to the banks to decide whether to involve the police or whether to handle the situation themselves more discreetly."

The shroud of secrecy the world's banks have wrapped around the threat of cyber hacking makes it hard for governments to address the problem fully and pass effective regulations aimed at restricting the OCGs' operations, thereby averting a possible financial crisis. This means that the banks themselves must acknowledge cyber hacking for the massive problem it is and to do their utmost to safeguard themselves and their clients.

"Cybercrime is far beyond being a technical problem that should be handled by the information technology organisation - it's a business problem that should be on the radar of the chief executive, chief financial officer and the rest of the senior executives," Mr Brill says.

Cyber safety tips

Secure mobile devices A growing number of bank account holders and staff rely on mobile smartphones. Users must exercise equal caution when conducting their financial affairs from a hand-held device as when seated at their desks

You have already been hacked Organisations should not spend all their security resources on protecting their systems as they will often have been compromised already. Restricting access to certain files should go some way to preventing cyber crime

Beware of phishing attacks Bank account holders should be extremely wary of responding to unsolicited requests to confirm their password or divulge other privileged information

Be careful on social networks According to the security company Kroll, social media attacks will increase in 2012, with thieves using clever tactics to coerce Facebook users into revealing sensitive information

Avoid "mirror" sites Some hackers create websites that copy legitimate websites created by banks to attract clients and account holders. Access to these websites is generally via a link on another site or forming part of an electronic message

If small, act big Small businesses in countries such as the UAE are about to enter the cross hairs of cyber attacks and must learn to safeguard data as zealously as the big corporations