Skip to main content

The Mafia moves online: Are you at risk?

Professional criminals across Europe are forsaking traditional crimes such as armed robbery, muggings and burglary in favour of committing crimes on the Internet, where their chances of being caught range from slim to zero.

In the UK, for example, only one computer hacker a month is actually caught and brought to trial. Even the most conservative estimates put the monthly total of cyber crimes at around 10,000. In reality, the figure is probably significantly higher. And professional criminals have not been slow to recognise that the chances of being caught online are probably not even one in 10,000.

"People used to break into a bank with a sawn-off shotgun, getting on average £30,000 every time. Now they can sit in another country, buy someone's services to break into bank accounts and get hundreds of times more money without putting themselves directly at risk," says Professor Alan Woodward, who co-authored Europol's Internet Organised Crime Threat Assessment (IOCTA) report.

Interpol believes that a major reason that cyber crime is so hard for the authorities to prosecute successfully is its truly international nature. The criminals can be sitting in one country with their servers located on the other side of the world while committing crimes in another hemisphere.

According to Interpol: "Attacks predominantly originate from jurisdictions outside the EU, particularly from the countries where the proceeds of online crime notably outweigh income from legitimate activities."

The Crime as a Service (CaaS) business model

Another major catalyst for the global boom in cyber crime is what Interpol terms the "Crime as a Service (CaaS) business model". This fuels illegal online activity by providing a wide range of commercial services that facilitate almost any kind of cyber crime.

Criminals with even limited computer skills can simply buy services such as malware development, data theft and password cracking freely on the Dark Web. These online criminal services are frequently provided from outside the EU. Russia alone has a $2 billion (£1.3 billion) a year industry in developing and selling precisely the kind of malware needed to commit online crimes such as hacking into a financial institution's IT system and transferring huge amounts to a bank account in another country.

The Russian authorities are also notoriously reluctant to prosecute Russian citizens for online crimes where the victims are located outside of Russia.

According to Interpol: "Traditional organised crime groups (OCGs), including those with a mafia-style structure, are beginning to use the service-based nature of the cybercrime market to carry out more sophisticated crimes, buying access to the technical skills they require." In some cases, even trained State Cyber experts in some countries are being encouraged to moonlight, knowing full well they won't be caught or prosecuted.

Law enforcement agencies around the world are further confounded by the anonymisation techniques used to users to communicate and trade goods and services without the risk of being traced.

According to Interpol, these are perfectly legitimate software tools for citizens to use to protect their privacy. But these privacy networks are also proving attractive to criminals and Mafia gangs who abuse this anonymity to run an illicit trade in drugs, weapons, forged IDs, child exploitation and malware.

Cyber criminals will soon have their own digital currencies

This anonymity is further protected by anonymous payment methods such as virtual currencies like Bitcoin. Although Bitcoin is widely recognised as a legitimate currency, it is, nevertheless, abused by criminals for illegal transactions and for money laundering. Interpol predicts that cyber criminals will, however, soon evolve into having their own digital currencies.

"Crypto-currencies continue to evolve and it likely that more niche currencies will develop, tailored towards illicit activity and providing greater security and true anonymity," says the international law enforcement agency.

Although there are no accurate statistics as online crime is hard to track and often goes unreported, industry observers predict that the problem is about to mushroom.

According to Adam Firestone, president of Russia-based Kaspersky Government Security Solutions, the growth in cyber threats is happening on an "almost exponential" basis as hackers around the world become more sophisticated.

Interpol also believes that the EU will remain a key target for cybercrime activities owing to its high wealth relative to some other regions, it's high degree of Internet penetration, it's advanced Internet infrastructure and increasingly Internet dependent economies and payment systems.

Law enforcement agencies such as Interpol are pleading with governments to enact new legislation to provide law enforcement with the legal instruments it requires to allow it to access the information needed to apprehend criminals. But any moves in that direction are likely to be piecemeal and slow moving as national governments try to weigh the rights of their voters to online privacy against the pressing need to stem the rising tide of cyber crime.

As OGCs use increasingly sophisticated CaaS malware, they will become increasingly ambitious and European corporations will find themselves coming under more sustained and devastating attacks.

Those companies which have not yet installed truly Twenty-First Century IT security on their systems and who have failed to educate their staff properly about cyber security now represent low-hanging fruit to OGCs such as the Russian Mafia.

Stuart Poole-Robb is the chief executive of business intelligence and cyber security adviser, the KCS Group.