Australian Crime Commission flags encryption, mobile risk as “adept” cyber-crims reshape organised crime
- 21 May, 2015 09:30
Increasingly sophisticated online criminal activities have featured heavily in the Australian Crime Commission's (ACC's) latest biennial report on organised crime, which found that money-spinning online fraud has rapidly displaced more conventional crimes as the activities of choice for what the criminal-research body terms “serious and organised crime”.
The perpetrators of that crime have become so technologically sophisticated that many criminal groups have employed their own specialist IT teams, contracted external parties specialising in “the provision of illicit technology services”, or simply bought readily-available cybercrime kits through online markets.
“Serious and organised criminals have,” the report warns, “proven themselves adept at identifying and exploiting new and emerging technologies to facilitate their crime, to expand their reach, and to provide them with the anonymity and distance from their crime which makes it difficult for law enforcement to detect and identify them.”
Use of encryption technologies by criminal elements has been a common source of concern in Australia and elsewhere, with UK prime minister David Cameron recently so concerned about criminals' use of encryption that he threatened to ban secure instant-messaging apps that didn't offer encryption back doors for government investigators.
That stance was a significant departure from the approach advocated in Australia, where communications minister Malcolm Turnbull has openly advocated the use of such tools by those concerned about increasing government surveillance and the intrusions of new metadata retention laws.
With 41 percent of first-quarter 2015 losses of data, money, goods and personal information resulting from online scams or fraud – accounting for $234m in self-reported losses due to cybercrime activities – the ACC's report advocates a co-ordinated national approach “that harnesses collective resources, capabilities, expertise and knowledge” and involves Australia in global information-exchange forums that “will help improve our ability to discover, understand and respond to transnational serious and organised crime”.
The recent opening of the Australian CyberSecurity Centre (ACSC) is mentioned as a key initiative in this effort, promising to centralise and better support law-enforcement agencies' efforts to fight cybercrime, technology-enabled crime, identity crime, and the rest of the six key enabler activities identified by the ACC as being 'enabler activities' for organised crime.
These activities are facilitated by exploitation of individual technologies that have become increasingly common amongst the general public, with unsecured WiFi, wireless payment card technology, and insecure smartphones, other vectors identified as concerns.
“Those using poor security practices – such as providing personal information to unknown sources and using devices without adequate anti-virus software – are most likely to fall victim to these identity crime methodologies,” the report warns.
“There is also a risk that organised crime may seek to corrupt or compromise individuals employed in sectors with large datasets of [personally identifiable information]. Through these individuals, organised crime may be able to access PII for use in other criminal activities.”
Recognising the growing spectre of these threats, the ACC's report flagged recent innovations such as the government's slow-growing Document Verification Service (DVS) as initiatives that will help organisations reduce their exposure to fraud.
“It is important that service delivery agencies undertake robust security and fraud risk assessments,” the report warns, “in consultation with law enforcement and other relevant agencies, to help ensure that these risks can be managed effectively.”
The report also calls out the increased risks from social-media services, particularly in terms of their role in facilitating other organised criminal activities such as sextortion, and the use of darknets buried within anonymising networks such as TOR.
“Online services have enabled offenders to share methodologies and experiences with like-minded individuals internationally, and to support the transnational exploitation of children,” the report warned.
“The ability to do this from a home environment also allows offenders to invest many hours in planning and undertaking activities to reduce the evidence of their offending online. The online culture of society today can provide organised crime with opportunities to engage in criminal activities anonymously and remotely.”
Looking forward, the ACC anticipates a continued growing threat from cybercrime activities, with organised crime expected to continue finding new ways of exploiting Australians.
Law-enforcement authorities, by extension, will have their hands full for the foreseeable future as continuing adoption of mobile technologies and ever more-flexible malicious actors keep threats fresh and the stakes high.
“Our reliance on technology in everyday life means that the online environment, in particular, provides organised crime with a diverse pool of Australian victims,” the report observes.
“As organised crime becomes smarter at exploiting technology and members of the community increase their reliance on mobile devices, there is likely to be an increased susceptibility to compromise. Failure to install electronic security measures on mobile devices will remain an issue, as mobile devices as just as susceptible to attack as laptops and desktop computers.”
This article is brought to you by Enex TestLab, content directors for CSO Australia.