Curricula - Knowledge - Navigation

Cybercrime and Organized Crime

Organized crime in the past had found safe environment in countries with weak governments and unstable political regimes. Today, organized crime use advantage of national jurisdictions with not proper legal frameworks and weak technical capabilities to fight cybercrime.

Cybercrime is now far away of hackers fighting with computer systems just for fun or to teas administrators. The growth of the digital economy completely changed the criminal scene where access to assets stored in the computer’s systems becomes a objective of the crime. Possibility of high profit combined with practically very low risks made digital networks an attractive environment for various types of criminal activities. Organized crime in the past had found safe environment in countries with weak governments and unstable political regimes. Today, organized crime use advantage of national jurisdictions with not proper legal frameworks and weak technical capabilities to fight cybercrime.

Historically, traditional organized crime and cyber crime have been two discrete branches. There is one overriding message emerging from Europol’s Serious and Organised Crime Threat Assessment 2017 – organized crime hasfinally gone digital, wiping original difference between this two entities. All possible means had come into consideration of organized crime – drones, tracking devices, social engineering, hacking, encrypted communication etc. This is a development that law enforcement agencies have to recognize and deal with on a transnational basis.

For Europol, which acts as an information exchange for the EU’s 28 national police agencies, that is an immense challenge. Electorates continue to clamor for more police on foot patrol, but on the same time vast sums are required to keep up with the technological challenge from sophisticated organized crime gangs. According to the SOCTA2, Europol is now combating 5,000 international crime groups within the EU, that means 1,400 more than in 2013. But there are many others operating outside the territory, while selling their illicit goods and services into the EU largely using cybernetic means.

It is not that long ago when Swedish cybercriminal described how he had tried to interest his father’s organized crime operation in Malmö in online credit and debit card fraud. “The returns were much higher and the risks much lower,” he explained, “but they just couldn’t get their heads round the technology. They preferred to stick with what they knew best — baseball bats, Semtex and stockings over their heads.” His response hinted distinctive attribute that has kept apart old-style crime and the new world of criminal hackers: the use of violence. In the world of mafia organizations, if you cannot deploy or credibly threaten intimidation, you don’t make it. Violence is the sine qua non of traditional organized crime. But in cybercrime, the physical world is not an issue: you can hatch a crime in Australia with your victim in West Coast of United States while organizing the cash-out in Dubai.

As we already announced, the crime become a digital with all the aspects which could be admissible. The crime itself change not only an environment where it is occurred, but also a time element when days and hours are changed to milliseconds as well as the nature of the tools used on the crime scene which becomes non material. The law enforcement agencies and law itself is very slow in change not achieving the speed of the change in the crime scene. The tools, mode of the operation and immateriality of the environment creates completely new situation for investigators, prosecutors and attorneys in the process of law enforcement and thanks to problematic practices slow in reaction to changes in the society, unpractical to use old tools and habits.

Crime as a Service

Steve Durbin1, managing director of the Information Security Forum, proposed the most significant cyber threats ahead the attacks fueled by „crime-as-a-service“. „Crime as a service“ refers to organized crime rings offering services such as on-demand distributed denial-of-service attacks and bulletproof hosting to support malware attacks etc. The easiness of communication, anonymity, and the accessibility of tools for illegal operations have transformed cybercrime into a global, fast-expanding and profit-driven industry with organized criminal groups thriving behind it a machine. Police estimate that just 100 to 200 people may be powering the „cybercrime-as-a-service“ ecosystem by developing the attack code and services that enable criminals who lack technical acumen to pay for their cybercrime will to be accomplished. Various providers offer such services as installing malware onto PCs and then selling access to those devices; selling subscriptions to malware and ransomware toolkits that automate attacks, with developers taking a cut of all proceeds. There are not rare services that will support gang members with fake debit cards so they can make as many ATM cash withdrawals as possible before banks catch on. Other services will offer to „clean“ the bitcoins that attackers demand from victims, making them more difficult for authorities to trace. Many cyber-attacks today copy the method of classical racketeering crime, threatening to launch distributed denial-of-service attacks against organizations unless they pay attackers bitcoins. To carry through on those threats, attackers often rely on so- called booter or stresser services2, which sell on-demand DDoS attacks based on traditional business act as issuing purchase order and pay invoice in bitcoin. Based on online advertisements, the cybercrime-for-hire business appears to be so lucrative and booming that hacker gangs can’t keep their crews staffed. In recent months, crime syndicates have enhanced their ability to share information and collaborate, achieving better understanding of product positioning, of strengths and weaknesses. We are seeing a decrease in the price points for crime as a service, because the market is becoming a little bit more saturated and the consumers or buyers of this service have a little bit more choice.“

Big Data Issue

It looks easy to generate enormous amount of data and then get caught up in opportunity of big data presentation. However, one of the reasons big data is so underutilized is because big data and big data technologies also present many challenges. One survey found that 55% of big data projects are never completed [1]. This finding was repeated in a second survey that found the majority of on-premises big data projects aren’t successful.

With big data, it’s crucial to be able to scale up and down on-demand. Many organizations fail to take into account how quickly a big data project can grow and evolve. Constantly pausing a project to add additional resources cuts into time for data analysis. Big data workloads also tend to be bursty, making it difficult to predict where resources should be allocated. The extent of this big data challenge varies by solution. A solution in the cloud will scale much easier and faster than an on-premises solution. Large scale system requested for storage of tremendous amount of data leads usually to store such a data outside of the company, on cloud systems, when data are transferred to the storage managed by third party, so allowing unobserved analysis and possibly a fraud of the data stored. When attacker penetrate through the first level of the system security – authentication, then the doors should be open for selling the data as a service for other, possibly competing company.

On the other hand, there should be not necessary to break into the system, data should be accessible openly for further analysis. The security guarding company, contracted to ensure security services including to registering visitors, can easily keep a list of incoming visitors and sell it to the competition. While the number of big data challenges can be overwhelming, it also presents an opportunity. Those businesses, which are able to identify the right infrastructure for their big data project and follow best practices for implementation, will see a significant competitive advantage. Entrepreneurs have also capitalized on big data technology to create new products and services.

Data Quality

The care has to be taken about data quality itself, which would be questionable in IoT. It is not a new concern, but the ability to store every piece of data during business produces in its original form compounds the incredible problem. Dirty data costs companies in the United States up to $600 billion every year. Common causes of dirty data that must be addressed include user input errors, duplicate data and incorrect data linking. In addition to being meticulous at maintaining and cleaning data, big data algorithms can also be used to help clean data.

  • Data Security and Privacy

Keeping that vast lake of data secure is another big data challenge. Specific challenges include:

  • Recording data access histories and meeting other compliance regulations
  • Restricting access based on a user’s
  • User authentication for every team and team member accessing the
  • Proper use of encryption on data in-transit and at

Data quality faces formidable security challenges. Data security and privacy are being raised ever higher as sensitive healthcare data, personal retail customer data, smartphone data, and social media and sentiment data become more and more a part of the big data mix. It is necessary to reevaluate the safety of data in database and with the following security best practices:

(i)     Plan before you deploy
  1. data protection strategies must be determined during the planning phase of the new database deployment,
  2. it is critical to identify any sensitive data elements before moving any data into database, along with where those elements will reside in the system,
  3. company privacy policies and pertinent industry and governmental regulations must be taken into consideration during the planning phase in order to better identify and mitigate risk1.
(ii)   Do not overlook basic security measures
  1. ensure user identification,
  2. control user access to sensitive data,
  3. create users and groups and then map users to groups; permissions should be assigned and locked down by groups,
  4. use of strong passwords1.
(iii) Choose the right remediation technique
  1. use remediation techniques as encryption or masking2,
  2. place both masked and unmasked versions of sensitive data in separate
(iv)  Ensure that encryption integrates with access control
  1. make encryption solution compatible with the organization’s access control technology,
  2. keep on mind that users with different credentials won’t have the appropriate, selective access to sensitive data in the environment that they
(v)    Monitor, detect and resolve issues
  1. even the best security models are inadequate to reality,
  2. organizations need to make sure that best practice monitoring, and detection processes are in
(vi)  Ensure proper training and enforcement
  1. best practice policies and procedures with respect to data security in  must  be frequently revisited,
  2. employee trainings and constant supervision is

Social Impact

With the development of computer industry and internet networks during the last three decades things have changed and global communication has reached an unprecedented height [2]. With these developments immense scopes have come to the surface to impart learning in a much less efficient and interactive way. Multimedia technology and internet networks had limited and revolutionized the whole philosophy of knowledge and memorization. Quick dispatch of information globally has facilitated the commercial expansion to an extremely high level. Information smog, coming from the internet, television and radio, is continually overloading humans and as an impact the human way of achieving knowledge is changed. The knowledge based information filtering is replaced by emotional filtering and such a way the attitude, supported by knowledge, is replaced by emotional attitudes without any background.

Mankind itself is promptly decreasing the ability to create finding a solution just relying on evaluated information but retrieving the knowledge from the web sites. A lot of the information available on the Internet is incomplete and even incorrect. People spend more and more of their time absorbing irrelevant information just because it is available and they think they should know about it. The role of memory is being downsized to knowledge of internet web site, where we can search for the information – usually Google, accompanied with endless trust to the information found. The privacy, thanks to social network with a lot of personal documents loaded by users, has potential impact on the security not only the one who loaded it up, but on the sharing companions also.

Increasing  representation  of  a  wide  variety  of  content  in  digital  form  results  in  easier  and  cheaper duplication and distribution of information. This has a mixed effect on the provision of content. On the one hand, content can be distributed at a lower unit cost, easily stolen. On the other hand, distribution of content outside of channels that respect intellectual property rights can reduce the motivations of creators and distributors to produce and make content available in the first place.

Information technology raises a host of questions about intellectual property protection and new tools and regulations have to be developed in order to solve this problem. Many issues also surround free speech and regulation of content on the Internet, and there continue to be calls for mechanisms to control objectionable content. However it is very difficult to find a sensible solution. Dealing with indecent material involves understanding not only the views on such topics but also their evolution over time. Furthermore, the same technology that allows for content altering with respect to decency can be used to alter political speech and to restrict access to political material. Thus, if censorship does not appear to be an option, another possible solution might be labeling1, but introduction of the Offices of Fair Things looks rather curious.

The rapid increase in computing and communications power has raised considerable concern about privacy both in the public and private sector. A technological approach to protecting privacy might by cryptography although it might be claimed that cryptography presents a serious barrier to criminal investigations. Introduction of large global surveillance system as well as broad availability of hidden and spying devices leads to the conclusion that nobody knows who currently collects data about individuals, how this data is used and shared or how this data might be misused. In any case, the “Big Brother” from George Orwell 1984 novel becomes reality. In the view of these concerns the consumers‘ trust in online institutions and communication lowers and inhibit the development of electronic commerce.

Therefore, it must be studied how people assign credibility to the information they collect in order to invent and develop new credibility systems to help consumers to manage the information overload. Technological progress inevitably creates dependence on technology.

Author

Vaclav Jirovsky, Czech Technical University in Prague

References

[1] „Why 55% of Big Data projects fail – and what IT can do about it,“ IT Manager Daily, February 2013. [Online]. Available: http://www.itmanagerdaily.com/big-data-projects-fail/. [Přístup získán 2017].

[2] „The Impact of Information Technology on Work and Society,“ 6 February 2014. [Online]. Available: http://www.benmeadowcroft.com/reports/impact/.

[3] „Gartner Symposium ITxpo 2014,“ Gartner, November 2014. [Online]. Available: http://www.gartner.com/imagesrv/symposium/barcelona/docs/Symp-2014-Barcelona-Trip- Report.pdf. [Přístup získán November 2018].

[4] „REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE
COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC,“ EURLEX, pp. L119_1-88, 5 May 2016.

[5] C. Cimpanu, „Owners of vDos, Largest DDoS-For-Hire Service, Officially Charged in Israel,“ 10 August 2017. [Online]. Available: https://www.bleepingcomputer.com/news/security/owners-of- vdos-largest-ddos-for-hire-service-officially-charged-in-israel/. [Přístup získán 12 December 2017].