Australian Crime Commission flags encryption, mobile risk as “adept” cyber-crims reshape organised crime

Increasingly sophisticated online criminal activities have featured heavily in the Australian Crime Commission's (ACC's) latest biennial report on organised crime, which found that money-spinning online fraud has rapidly displaced more conventional crimes as the activities of choice for what the criminal-research body terms “serious and organised crime”.

The perpetrators of that crime have become so technologically sophisticated that many criminal groups have employed their own specialist IT teams, contracted external parties specialising in “the provision of illicit technology services”, or simply bought readily-available cybercrime kits through online markets.

“Serious and organised criminals have,” the report warns, “proven themselves adept at identifying and exploiting new and emerging technologies to facilitate their crime, to expand their reach, and to provide them with the anonymity and distance from their crime which makes it difficult for law enforcement to detect and identify them.”

Use of encryption technologies by criminal elements has been a common source of concern in Australia and elsewhere, with UK prime minister David Cameron recently so concerned about criminals' use of encryption that he threatened to ban secure instant-messaging apps that didn't offer encryption back doors for government investigators.

That stance was a significant departure from the approach advocated in Australia, where communications minister Malcolm Turnbull has openly advocated the use of such tools by those concerned about increasing government surveillance and the intrusions of new metadata retention laws.

With 41 percent of first-quarter 2015 losses of data, money, goods and personal information resulting from online scams or fraud – accounting for $234m in self-reported losses due to cybercrime activities – the ACC's report advocates a co-ordinated national approach “that harnesses collective resources, capabilities, expertise and knowledge” and involves Australia in global information-exchange forums that “will help improve our ability to discover, understand and respond to transnational serious and organised crime”.

The recent opening of the Australian CyberSecurity Centre (ACSC) is mentioned as a key initiative in this effort, promising to centralise and better support law-enforcement agencies' efforts to fight cybercrime, technology-enabled crime, identity crime, and the rest of the six key enabler activities identified by the ACC as being 'enabler activities' for organised crime.

These activities are facilitated by exploitation of individual technologies that have become increasingly common amongst the general public, with unsecured WiFi, wireless payment card technology, and insecure smartphones, other vectors identified as concerns.

“Those using poor security practices – such as providing personal information to unknown sources and using devices without adequate anti-virus software – are most likely to fall victim to these identity crime methodologies,” the report warns.

“There is also a risk that organised crime may seek to corrupt or compromise individuals employed in sectors with large datasets of [personally identifiable information]. Through these individuals, organised crime may be able to access PII for use in other criminal activities.”

Recognising the growing spectre of these threats, the ACC's report flagged recent innovations such as the government's slow-growing Document Verification Service (DVS) as initiatives that will help organisations reduce their exposure to fraud.

“It is important that service delivery agencies undertake robust security and fraud risk assessments,” the report warns, “in consultation with law enforcement and other relevant agencies, to help ensure that these risks can be managed effectively.”

The report also calls out the increased risks from social-media services, particularly in terms of their role in facilitating other organised criminal activities such as sextortion, and the use of darknets buried within anonymising networks such as TOR.

“Online services have enabled offenders to share methodologies and experiences with like-minded individuals internationally, and to support the transnational exploitation of children,” the report warned.

“The ability to do this from a home environment also allows offenders to invest many hours in planning and undertaking activities to reduce the evidence of their offending online. The online culture of society today can provide organised crime with opportunities to engage in criminal activities anonymously and remotely.”

Looking forward, the ACC anticipates a continued growing threat from cybercrime activities, with organised crime expected to continue finding new ways of exploiting Australians.

Law-enforcement authorities, by extension, will have their hands full for the foreseeable future as continuing adoption of mobile technologies and ever more-flexible malicious actors keep threats fresh and the stakes high.

Read more: Making the Best of BYOx

“Our reliance on technology in everyday life means that the online environment, in particular, provides organised crime with a diverse pool of Australian victims,” the report observes.

“As organised crime becomes smarter at exploiting technology and members of the community increase their reliance on mobile devices, there is likely to be an increased susceptibility to compromise. Failure to install electronic security measures on mobile devices will remain an issue, as mobile devices as just as susceptible to attack as laptops and desktop computers.”

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Feeling social? Follow us on Twitter and LinkedIn Now!

Join the CSO newsletter!

Error: Please check your email address.

Tags law-enforcementsextortionAustralian Crime Commission#CSOAustraliaDavid Cameroncyber-crimsencryption technologiesCSO AustraliacybercrimeAustralian CyberSecurity Centremobile riskMalcolm Turnbull

More about ACCAustralian Crime CommissionCSOCyberSecurityEnex TestLab

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place