Misha Glenny: Inside the World of Cybercrime, EIBF 2012, Review
Misha Glenny was introduced by Douglas Fraser, the BBC News Scotland business and economy editor, who noted that Glenny's previous books included Bosnia and McMafia, the latter exploring the world of organised crime - possibly a useful way of preparing to write his latest book, Dark Market, which deals with cybercrime.
Fraser asked the audience how many changed the password for their pin every six months; when very few put up their hands, he said that the rest might be receiving some useful advice during the next hour!
Glenny did not speak about his book in detail as he did not want to spoil it for his readers, but instead spoke in some detail about the characters involved with cybercrime, the rapidly growing wave of criminal activity conducted through the internet.
He remarked that the majority of us feel that computers are tedious - useful but tedious - and most people lose interest in them very rapidly. He started his research by looking at all the movies that were billed as having great computer bias, but found that only about one percent of any of the movies was devoted to computers. This was true for films such as War Games and The Girl with the Dragon Tattoo. From this he decided to try to get to know the hackers, cyberbarons and members of the FBI who were involved with this new wave of criminal activity.
He launched into a splendid and carefully prepared power-point presentation about cybercrime. He asked some key questions: how serious is the cyber threat? Glenny said the answer is that no one knows, the US Government says $1 trillion is lost each year to cybercrime, but how do they know? Many people do not report cyber theft and many companies are afraid to do so, therefore never believe what governments claim - it is probably worse!
The second question Glenny asked was, who are the perpetrators? No one actually seems to have a definition for cybercrime because it is different from ordinary crime in that there is no need for physical violence to enforce it or carry it out; it can be initiated in one country, the victim can be in another and money extracted can be delivered to a third country anywhere in the world.
The third question he asked was, what can we do? He said that he hoped we would learn something from the examples he would be telling us about.
Cybercrime, Glenny said, started small with attacks on credit cards. One of the first operations of this type was set up in the Ukraine and was known as "Carderplanet". It had its own website and claimed that it owners "have the knowledge" and through the outreach of this site "we share the success of this knowledge".
It was strange to see on the screen what looked like a normal website which was designed purely for crime. One of the problems that the five people who set up the website faced was, how can I trust the criminals I am dealing with? They solved this by using a third party who would hold the money and test a selection of the credit card numbers in the batch sold in order to clear they were genuine, then the money would change hands and the balance of card numbers handed over.
Glenny told us of the development of 'skimming machines' which were concealed on ATMs so that the information keyed in was immediately transferred to the cyber thief who might be in the café opposite.
Glenny went on to describe how criminals set up a firm, "Innovative Marketing," to introduce 'malware' which claimed that a computer was attacked with a virus, however, for a fee this could be put right. As part of the process, individuals were asked to turn off all other virus protection systems which allowed an even stronger virus to be fed into the computer.
This scam worked well for several years until one person managed to hack into the criminal site itself where they found all the records and recorded exchanges between their call centres - yes, they had their own call centres world-wide - telling the poor individuals what to do. From the records found it was estimated that the crooks had made $500 million in three years!
Other examples of attack were outlined, such as identity attack. An example was given of a man who had two houses which he had bought as a retirement pension in Perth, Australia. A friend called him to say he was surprised that he was selling his second house - he had understood about selling the first house, but was surprised about the second.
The man was bemused as he had not instructed his agents to sell either of the houses and found that the house details had been hacked into as the documents were on a scan on his computer and were used as proof of ownership. Instructions were given to the agent to sell the house and send the money to an offshore bank account. Because of the several countries and police forces involved, the house owner never recovered any money.
But Glenny said we should all beware of unexpected messages which may contain a virus; the most virulent recent virus was the "I love you" virus which Glenny said he spotted as it claimed to come from his ex-wife who certainly did not love him!
In most of these things, what is humbling is how far our children are ahead of the older generations. But the even more worrying thing to remember is that so much of what we need and use every day depends on computers: money, food, water, gas, electricity - almost everything we use is controlled by computer operations. If there is a criminal attack on these computers we are in trouble.
Glenny gave a fascinating run down on some of the key cyber criminals; he went from the man who was one of the founders of Carderplanet to a former graduate of the London School of Economics with a brilliant brain which was turned to support crime and another who hacked into massive corporate servers.
Another worked for the FBI to fight cyber crime, but could not resist leaving a hidden window for himself to access the sites and was caught by some of the FBI agents he was working with. The last example was one hacker who was arrested and placed in an open prison with several criminal bankers; they looked after him on release and he set up a highly effective operation to pursue crime - he was provided with a flat, a car, girls and anything he wanted!
So brash are these people that they even had their own conference in one of the best hotels in the Ukraine and also issued a press release afterwards!
Glenny said that the United States is extremely worried about these developments and has set up a National Security Agency - US Cyber Command to pursue the wrongdoers, however, the US itself is not squeaky clean, having been responsible for introducing a virus into the Iran nuclear programme.
We were all treated to an exceptionally polished presentation with a mass of fascinating information gained by months and years of patient research by a leading investigative journalist. Many politicians would benefit from hearing this!
Event: 19 August, 2012