Cybercrime is in the news more and more often. You cannot go one day without hearing about a data breach here or a scary new virus there. But the public’s response doesn’t fit the apparent severity of the problem. If you heard about a crime wave in your neighbourhood, you’d probably start thinking about better locks, a security system, or a big, angry dog. But most computer users haven’t taken any action to protect themselves from cybercrime.
Perhaps it makes sense. After all, ordinary crime is something you can see and hear. By contrast, cybercrime can seem pretty abstract. When a hacker robs or scams a new victim, you won’t see crime scene tape or hear sirens the neighbourhood. And your co-worker won’t exactly be eager to tell you about the malware he picked up from that “adult” download site. The effects of cybercrime are all around us, but the bad guys have done a great job convincing us that the internet is safe.
Cyber criminals don’t loiter in alleys. They don’t need to. A criminal thousands of miles away can target you and take your money, IP and identity before you even know it happened.
I harp on about the problems of cyber criminals. They are bad people—very bad people, in fact. They are also persistent, sneaky, ruthless and hidden, but the worst part is that they are always ahead of the good guys.
Like normal business people, they focus on revenue and profit. They are quite willing to invest millions of dollars in a system; Metasploit (an application created by the bad guys to attack system and application vulnerabilities) is a good example, but there are hundreds of others out there that will reap a 10- to 100-fold return on investment. Tell me any business who would not gloat over returns like that.
As with any criminal enterprise, the best way to gauge the severity of the problem is to look at what law enforcement is doing about it. Law enforcement across the globe is investing substantial money and resources in closing down and arresting as many people as possible when it comes to cybercrime.
But cyber criminals have the money and resources to invest in the things that law enforcement only dream about. They have the ability to pick apart a system, application or platform, find out how it ticks, work out how to get around it, and then use those discoveries to create tools to exploit those weaknesses.
In addition to this, the makers of the systems help the bad guys. They allow access to their systems through software development kits, beta versions and samples. What a great way to do business—“here is my intellectual property, why don’t you steal it, or better still, find ways to break into it but don’t tell me what they are?”
So, do we have a cybercrime problem? The answer is yes. The trick is to remember that it exists—even when we can’t see it.