Smartphones attract organized, international, profit-driven scammers

The mobile computing technology explosion has brought out seriously organized, international and profit-driven cybercriminals.

That was just one of the key points made today by the U.S. Department of Justice Deputy Assistant Attorney General Jason Weinstein to a Senate Judiciary Subcommittee on Privacy, Technology and the Law hearing.

"Every day, criminals hunt for our personal and financial data so that they can use it to commit fraud or sell it to other criminals. The technology revolution has facilitated these activities, making available a wide array of new methods that identity thieves can use to access and exploit the personal information of others. Skilled hackers have perpetrated large-scale data breaches that left hundreds of thousands -- and in many cases, tens of millions -- of individuals at risk of identity theft," Weinstein said. "As Americans accomplish more and more of their day-to-day tasks using smart phones and other mobile devices, criminals will increasingly target these platforms."

MORE ON CYBERCRIME: FBI: Internet crime high; types of misdeeds changing

He went on to say: "Foreign and domestic actors of all types, including cyber criminals, routinely and unlawfully access data that most people would regard as highly personal and private. Unlike the government -- which must comply with the Constitution and laws of the United States and is accountable to Congress, courts, and ultimately the people -- malicious cyber actors do not respect our laws or our privacy. The government has an obligation to prevent, disrupt, and deter such intrusions. The kinds of criminals we are up against are organized, international, and profit-driven."

How will the DOJ combat these problems? Weinstein said the department's 2012 budget includes a request for funding six Department of Justice attache positions that would emphasize the investigation and prosecution of laws prohibiting international computer hacking and protecting intellectual property rights at embassies around the world. The program would establish department representatives at hot spots for computer and intellectual property crime around the world, and would help ensure that we can continue to protect American citizens' privacy, both at home and abroad.

MORE ON MOBILITY: 82-year-old father of the cellphone buys new smartphone every 2 months

Weinstein also repeated his call for improved mobile data retention and forensics.

"One particular area of concern for the Department in collecting digital evidence is ensuring that law enforcement can successfully track criminals who use their smart phones to aid the commission of crimes. When connecting to the Internet, smart phones, like computers, are assigned Internet Protocol (IP) addresses. When a criminal uses a computer to commit crimes, law enforcement may be able, through lawful legal process, to identify the computer or subscriber account based on its IP address. This information is essential to identifying offenders, locating fugitives, thwarting cyber intrusions, protecting children from sexual exploitation and neutralizing terrorist threats -- but only if the data is still in existence by the time law enforcement gets there."

Weinstein noted that in his January testimony before the House Judiciary Subcommittee on Crime, Terrorism, and Homeland Security, he outlined some of the serious challenges faced by law enforcement in this area in the more traditional computer context.

"ISPs may choose not to store IP records, may adopt a network architecture that frustrates their ability to track IP assignments and network transactions back to a specific account or device, or may store records for only a very short period of time. In many cases, these records are the only evidence that allows us to investigate and assign culpability for crimes committed on the Internet," he said. "These challenges are equally serious in the context of smart phones and mobile devices. As the capabilities of smart phones expand, law enforcement increasingly encounters suspects who use their smart phones as they would a computer. For example, criminals use them to communicate with confederates and take other actions that would ordinarily provide pivotal evidence for criminal investigations. Just as some ISPs may not maintain IP address records, many wireless providers do not retain records that would enable law enforcement to identify a suspect's smart phone based on the IP addresses collected by websites that the suspect visited. When this information is not stored, it may be impossible for law enforcement to collect essential evidence."

Of course collecting data from mobile devices and that data is stored, protected and used is a hot button.

At the same hearing, the Federal Trade Commission's Deputy Director of Consumer Protection Jessica Rich said the agency has taken law enforcement actions against companies that fail to protect the privacy and security of consumer information. She noted a few cases of interest in the privacy realm:

• The FTC's case against Google alleges that the company deceived consumers by using information collected from Gmail users to generate and populate a new social network, Google Buzz, without users' consent. As part of the proposed settlement order, Google must protect the privacy of all of its customers -- including mobile users.

• In an FTC case against social networking service Twitter, the FTC charged that serious lapses in the company's data security allowed hackers to obtain access to private "tweets" and non-public data, and hijack user accounts, including then-President-elect Obama's account, the testimony states.

• In August 2010, the FTC charged Reverb Communications Inc., a public relations agency hired to promote video games, with deceptively endorsing mobile gaming applications in the iTunes store. And earlier this year, the FTC filed a complaint alleging that a spammer named Philip Flora used 32 prepaid cellphones to send more than 5 million unsolicited text messages -- almost a million a week -- to the mobile phones of U.S. consumers. The commission charged that Flora violated the law by sending unsolicited text messages, the testimony states.

"The rapid growth of mobile technologies has led to the development of many new business models involving mobile services." The innovations offer benefits to both businesses and consumers. "On the other hand, they facilitate unprecedented levels of data collection, which are often invisible to consumers."

Follow Michael Cooney on Twitter: nwwlayer8

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags U.S. Department of Justicesmartphone securityNetworkingmobile securitywirelesssmartphonesPhonesWireless Managementgovernmentindustry verticalsconsumer electronicssecurity

More about Department of JusticeDOJFBIFederal Trade CommissionFTCGoogleInc.LANTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Cooney

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place