The basics of cyber crime

To most of us cyber crime is something we read in a paper or on the Internet.   Most of the time it is of little consequence to ME in the real world.   Although that has all changed in the last 2 to 5 years, we do not seem to learn from our experience.

The criminals are getting smarter, the tools are less obvious and the payday for them is much higher.

Crime has been around for years and so has crime fighting.   The problem is in the old days most crime was one on one, a mugging in the street or pick pocketing was a one on one crime.    With the advent of things like banks, trains and stage coaches it became a crime of one against many.    The advent of the Internet has made it possible for one person to steal from millions of people in one hit.   This happened recently with Sony and will continue to happen because we never learned the basics.

With most of the western world moving everything to the Internet, whether it is internet based mail, cloud based CRM, your gaming habits or using Internet banking it has become an essential part if not critical part of both work and home life.   Most parents with young people in the family have probably heard “I cannot live without my –insert technology here- ”  so we all know how important that connection to the virtual world is.

The problem is that the bad guys have realised that as well.   Most of us have 50 – 90% of our personal lives and information as some form of electronic data.   Whether it is your buying habits, your email, you banking or your personal information it is all available to you in some form of electronic information.

The bad guys rely on a number of things in their thinking and their attacks.   They target the innocent, the unaware and the uneducated to ensure that they have a steady stream of income coming into their criminal organisations.   They target these type of people because it is the easiest way of stealing what they want.   They also target the ill informed, yes you can be infected if you use a mac, yes they will target you, not the firewall, because you are easier to get around.

They also use semi legitimate processes in very illegitimate ways.   They corrupt your email with phishing and spear phishing components, they corrupt your favourite web sites with malware and spyware,  if you use peer to peer systems to access perceived free music, films, games and applications they corrupt the information that is available with Remote Access Trojans (RAT’s), viruses and worms.  In most cases anything that is free on the Internet has some form of criminal aspect, not everything but most have.

The Internet has made the criminals harder to find, harder to locate, they cross intentional boundaries with impunity and they steal anything that they can get their indescrimate little hands on.   They are the twenty first century version of the biblical plague.

That’s the bad guys, the good guys are constantly playing catch up.   They are restricted by laws and boundaries and most of the time the bad guys have developed and innovated technology well before the main stream and the business world has seen the potential.   The most obvious of this was android and the app market.   This was infiltrated, compromised and infected from day one.

So in this landscape we cannot rely on the good guys so we had better learn to rely on ourselves.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.