Digital Shock. Part 2

 

 

 

 

‘Previous Home Office estimates of the costs of crime have historically excluded cyber-crimes due to the challenges in developing robust estimates (Home Office, 2000), but there is increasing need to look at these more modern crime types to get a better understanding of their costs and harms.’ This comes from the Home Office Report which was published earlier this year January 2018. 

 

‘In response to an ever-changing world, fraud has evolved more dramatically than other crimes over recent times with the rise of computers and the internet, and the introduction of “plastic payment”. 

 

Such technology has not only facilitated new methods of committing traditional crimes, but has also created opportunity for new types of crime altogether, such as computer misuse and cyber-crime. Focus around fraud from the government, the authorities and the media has been heightened, particularly over recent years in response to accumulating evidence that it has grown in volume. 

 

More emphasis has also been placed on accessing data on fraud and computer misuse from a variety of sources to help identify the true scale of the problem. Multiple sources may create a confusing picture, which can sometimes be difficult to clearly interpret.’ Office for National Statistics

 

The current cost to the UK economy of cyber-crime is currently about £30 billion which includes all commercial attacks as well as personal individual hacks and thefts.   

 

Hackers stole a total of £130bn from consumers in 2017, including £4.6bn from British Internet users, according to a new report from cybersecurity firm Norton. More than 17 million Brits were hit by cybercrime in the past year, meaning the nation, which accounts for less than 1% of the global population, makes up almost 2% of the 978 million global victims of cybercrime and almost 4% of the global losses.

 

 

The most common crimes were generally regarded as Low-Tech, such as attempts to trick individuals into revealing their personal information through bogus emails with generally low costs to victims. Other forms of cybercrime were more expensive: the typical victim found that a technical support scam cost them £44, a ransomware attack £111, and a fraudulent purchase online costing as much as £166.

 

We are at the beginning of an electronic revolution that like earlier industrial revolutions will substantially alter and change our society, the way we live, our engagement with others and this one will alter us as individuals. 

This revolution is a significant development and intergration of digital, physical and biological systems which will change our individual, national and global electronics, which has been called a Cyber Innovation or Web 0.3, but is probably best described as the 4th Industrial Revolution. 

 

 

This new electronic revolution is developing by employing emerging computing technologies such as cognitive electronics and using advanced analysis, nanotechnology, biotechnology, and quantum computing to develop everything from new methods of commercial production, to specific recognition and robotic bio-technology. The next phase of business web/cyber innovation is the ability to collect, deeply analyse and commercial process global data and an organisation’s connections. This will enable far deeper analysis and comprehension of information and electronic relationships. 

 

This process will change the way in which we work and innovate processes and it will change an organisation’s ability to significantly understand their market position and their capability to commercially operate.  This is the next major phase of global change and it is already known as the 4th Industrial Revolution and can be called the Semantic Cognitive Search or Digital Revolution or more simply Web 3.0.

 

Currently Londoners are losing an average of £26 million a month in cyber-attacks on businesses and individuals, Scotland Yard has warned. About 3,500 victims of cyber fraud are recorded in the capital each month, with phishing emails, ransomware and malware the most common scams. Senior Met officers warned fraudsters often target individual employees to bypass company security systems.

 

Detective Chief Superintendent Mick Gallagher, head of the Met’s Organised Crime Command, said: “We accept organisations and the public generally have the technology and correct processes but it is people that are vulnerable. “What we are finding is that people are vulnerable through a lack of understanding of the cyber threat.” He said criminals were singling out individuals and targeting them in a “Trojan horse” style tactic to infiltrate firms.

 

Detective Chief Inspector Gary Miles, head of the Met’s Falcon cyber-crime unit, said research showed 89 per cent of firms had installed the right firewalls but fewer than 20 per cent had trained staff to make them aware of threats. It was now easier to exploit an individual than try to breach a company’s cyber defences, he added. The biggest threat was phishing emails to vulnerable employees which allowed fraudsters to access company networks.

 

Authorities and the government should report these Cyber Crimes more precisely and publicly. They should discuss the changes to traditional crime methods and the subsequent significant increases in Cyber Crime with the general public so that awareness of these crimes and how to help to reduce them takes place. 

 

Scotland Yard’s cyber-crime unit has developed a tabletop exercise which aims to teach business leaders how to protect their companies. However, UK Police are only investigating one in 100 cybercrime fraud cases, an investigation has revealed.

The number of online fraud cases has rocketed in recent years - leaving officers reliant on a computer programme to decide if cases 'are worth' following up, it was reported last night. 

 

In the past year there have been 3.2million frauds, but these have resulted in fewer than 9,000 convictions. Instead of reporting the crimes directly to police, since 2013 victims of online fraud have been told to contact Action Fraud - which is run by the Home Office in association with City of London police - either online or over the telephone

 

Experts have warned the situation has given fraudsters 'virtual impunity', the investigation by The Times revealed.

Instead of reporting the crimes directly to police, since 2013 victims of online fraud have been told to contact Action Fraud, which is run by the Home Office in association with City of London police, either online or over the telephone.

 

• Victims are given a police crime reference number and their cases are passed to the National Fraud Intelligence Bureau. Action Fraud's website warns those reporting a crime that they will only be contacted again by police and other law enforcement agencies 'in some cases', and that 'the police cannot investigate every report individually'.

• Analysists suggest that about 73 per cent of frauds are carried out online, with many criminals based overseas, making it difficult for police in the UK to pursue a case. According to the Times, more than 230,000 criminal reports were submitted last year, but only about 24% of these were handed to police and the rest were dismissed.  

 

Alan Higham, a campaigner against pension fraud, said: 'Allowing fraudsters to get away with it only encourages more crime and leaves vulnerable people exposed to having their life savings stolen.’ Stephen Greenhalgh, deputy mayor for policing and crime in London, said: 'Fraud and cyber-enabled fraud are considerably under-reported and under-investigated.' 

 

 

In 2013-14 Action Fraud and the National Fraud Intelligence Bureau recorded 211,000 crimes in England and Wales with a reported loss of £2.2 billion. However, City of London Police estimated that a further 1,160,500 crimes, with a loss worth £12.1billion have gone unreported. 

 

Action Fraud was introduced nationwide two years ago as a central way for financial crime to be reported by members of the public and businesses, amid concerns that conmen operating online and on phones were getting away with billions of pounds. However, the service has been hit with problems, including allegations that victims' welfare was ignored and cases were not being passed on to police. Within months of its launch, private company Broadcasting Support Services (BSS), which operated the service, had to pay up after an IT fault meant almost 2,500 cases were lost in the system. Therefore, with these issues taken into perspective the Internet and cybercrime pose considerable challenges for law enforcement because Internet‐related offending takes place within a global context while crime tends to be nationally defined. 

 

Policing cybercrime is made all the more complex by the very nature of policing and security being networked. The future of the public police role in policing the Internet is more than simply acquiring new knowledge and capacity, but it is about forging new relationships and connections within the networks of Internet security. 

 

These relationships require a range of transformations to take place in order to enhance the effectiveness and legitimacy of the electronic connection architecture. 

 

The Policing and Cybercrime policy paper, which is based on freedom of information (FoI) requests sent to all police forces in the UK, also reveals that a total of only 39,483 police staff and officers underwent training across the UK in the last four years.

North Wales Police topped the list with £375,488 on cyber-crime training for officers and staff between 2015 and 2017. This included a dedicated five-day mainstream cyber training course for 147 key staff, costing £160,000.

There was also a one-day cyber-crime input course for all new Initial Police Learning and Development Programme (IPLDP) recruits for 183 officers which cost £29,900. An additional £52,300 was spent on a similar course for 68 criminal investigation department (CID) officers.

 

West Mercia and Warwickshire Police spent £125,633 on cyber-crime training, followed by Lincolnshire which stated it had spent £119,834. This was followed by West Midlands Police on £91,200 and Police Scotland on £83,121. On the lower end of the scale, Norfolk and Suffolk police forces reported a combined spend of £71,100. This included sending 3,882 staff on a cyber-crime and digital policing first responder course, while 147 staff members were sent on a digital media investigator course costing £6,500. Some £15,000 was also spent on an open source level 2 course for 87 members of staff.

The report said while the majority of UK police forces responded to the FoI request, several were unable to provide specific data around training costs, and could only identify how many officers and staff had experienced the training programmes available. South Yorkshire Police, for example, said it had sent 71 officers on a mainstream cyber-crime training programme, and provided a course on hacking and how cyber criminals operate. The lowest level of spending was reported by the Port of Dover Police, a small organisation, which said none of its staff had been trained and no budget had been used on cyber-crime training.

 

Sheila Flavell, COO at professional services firm FDM Group, said with cyber-crime on the rise, it is clear that all organisations are urgently seeking to recruit, train and equip staff with the latest security expertise and cyber skills.

“Whether it’s online courses or specialist programmes, it’s encouraging to see police forces taking steps to improve IT skills of serving officers and staff,” she said. Flavell said these skills are not only vital for modern policing, they are also essential to support and protect businesses across the country.

 

 

Underlining the need for cyber-crime training for police forces, the report said the UK Office for National Statistics (ONS) reported that there were 4.7 million incidents of fraud and computer misuse in the 12 months to September 2017.

Other reports have estimated that 17 million Britons were targeted by phishing, ransomware, online fraud and hacking in 2017, while security firm Norton estimated that £130bn was stolen from consumers online. Cyber-crime is on the rise, the report said, and will continue to pose a serious threat to UK businesses, consumers and critical national infrastructure.

“This in turn, places huge pressure on our police forces to ensure that officers, staff, new recruits and trainees are fully prepared to handle increasingly complex investigations,” the report said.

 

The report quotes National Cyber Security Centre (NCSC) chief Ciaran Martin as saying the agency cannot protect UK cyber space alone. “We can do it only by working with others, with the rest of government, law enforcement, the Armed Forces, our international allies and, crucially, with business and wider society,” he said.

 

The report notes that while some police forces are working together occasionally to develop cyber-crime training programmes, the majority are working alone in this process.

“While we appreciate that individual forces have varying challenges in terms of crime, headcount and volume of citizens to protect, it would make sense to develop a more standardised approach to cyber-crime strategy,” the think tank said.

Parliament Recommends:

 

• The establishment of a national police cyber strategy to enable security specialist companies to provide an agreed standard of training for all officers and staff across the country.

• An increase in the recruitment of officers with existing cyber skills.

• That police forces work closely with schools, colleges, universities and private companies to ensure a pipeline of highly skilled workers are encouraged to join the police.

• Sharing of key security training services with other police forces.

 

Information is Power, is certainly true when it comes to cybercrime. Access to your personal information is what gives hackers the power to tap into your accounts and steal your money or your identity.  But the right information can also empower you to protect yourself from being caught up in the thriving industry that is cybercrime. And so the Top 10 steps you can take to avoid becoming a victim of cybercrime. 

 

1)  Education - Hackers aren’t the only ones who can gain power from information. By educating yourself about the types of scams that exist on the Internet and how to avert them, you are putting yourself one step ahead of the cybercriminals. 

Since phishing is prevalent, read up on the latest phishing scams and learn how to recognise a phishing attempt. Remember, phishing is when hackers attempt to lure you into revealing personal information by pretending to be a legitimate organisation or person. These scams often play off major new stories, so keep informed on the latest news-related scams. 

2)  Use a firewall - Firewalls monitor traffic between your computer or network and the Internet and serve as a great first line of defense when it comes to keeping intruders out. Make sure to use the firewall that comes with your security software. And if you have a home wireless network, enable the firewall that comes with your router. 

3)  Click with caution - When you’re checking your email or chatting over instant messenger (IM), be careful not to click on any links in messages from people you don’t know. 

The link could take you to a fake website that asks for your private information, such as user names and passwords, or it could download malware onto your computer. Even if the message is from someone you know, be cautious. Some viruses replicate and spread through email, so look for information that indicates that the message is legitimate. 

4)  Practice safe surfing - When navigating the web, you need to take precautions to avoid phony websites that ask for your personal information and pages that contain malware. Use a search engine to help you navigate to the correct web address since it will correct misspellings. That way, you won’t wind up on a fake page at a commonly misspelled address. 

5)  Practice safe shopping - In addition to practicing safe surfing, you also need to be careful where you shop online. Be cautious when shopping at a site that you’ve never visited before and do a little investigation before you enter your payment information. because this is another way to see if the site uses encryption. 

When it comes time to pay, use a credit card instead of a debit card. If the site turns out to be fraudulent your credit card issuer may reimburse you for the charges, but with a debit card your money is gone. 

Finally, evaluate the site’s security and privacy policies in regards to your personal data. 

6)  Use comprehensive security software and keep your system updated - Because hackers have a wide variety of ways to access your system and information, you need comprehensive security software that can protect you from all angles. Software like McAfee SecurityCenter, available pre- loaded on DellTM PCs, can help protect you from malware, phishing, spyware, and other common and emerging threats. 

Just make sure that you keep your security software up to date by selecting the automatic update function on your security control panel. And don’t forget to perform regular scans. 

You also want to update your operating system (OS) and browser with the latest security patches. If you are a Microsoft Windows user, you can enable automatic updates to keep your OS safe. 

7)  Secure your wireless network - Hackers can access data while it’s in transit on an unsecured wireless network. You can keep the hackers out by enabling the firewall on your router and changing the router’s administrator password. Cybercriminals often know the default passwords and they can use them to hack into your network. 

You may also want to set up your router so it only allows access to people with passwords that are encrypted. Check your owner’s manual for instructions on setting up encryption. 

8)  Use strong passwords - Although it may be easier for you to remember short passwords that reference your birthday, middle name, or pet’s name, these kinds of passwords also make it easy for hackers. Strong passwords can go a long way in helping secure your information, so choose a password that is at least 10 characters long and consists of a combination of letters, numbers and special characters. Also consider changing your password periodically to reduce the likelihood of it being compromised. 

9)  Use common sense - Despite the warnings, cybercrime is increasing, fueled by common mistakes people make such as responding to spam and downloading attachments from people they don’t know. So, use common sense whenever you’re on the Internet. Never post personal information online or share sensitive information such as your social security number and credit card number. Exercise caution when clicking on any links or downloading any programs. 

10) Be suspicious - Even if you consider yourself cyber savvy, you still need to keep your guard up for any new tricks and be proactive about your safety. Backup your data regularly in case anything goes wrong, and monitor your accounts and credit reports to make sure that a hacker has not stolen your information or identity. 

Although protecting yourself does take some effort, remember that there are a lot of resources and tools to help you. And by adopting a few precautions and best practices, you can help keep cybercrime from growing. 

 

With the digital revolution, we have seen impressive growth of global connectivity initiatives, the opening of new markets and the creation of a global community driving innovation that is fundamentally changing the business landscape.

Unfortunately, with the good has come the bad and it’s estimated that cybercrime costs the Australian economy over $4.5 billion annually. Beyond criminals and hacktivist groups, cybercrime has become an increasingly instrumental tool in geopolitics and conflicts.

 

 

Malware and exploits are now “open source” and freely available, with malicious threat actors working together on development, trading best practices, buying and selling tools to hack into businesses and extract anything that can be monetized or used to their advantage on the global market.

 

In its annual report, the Australian Security Intelligence Organisation (ASIO) revealed that due to the scale of malicious activity, it’s been unable to investigate all the espionage and foreign interference against Australia. These adversaries are trying to access information about Australia’s alliances and partnerships, as well as positions on diplomatic, economic and military issues. Australian’s diplomatic ties and US alliance may make it more vulnerable as it is perceived as a softer target for nation state adversaries.

 

But who are these adversaries? While China was in the headlines recently after a suspected Chinese hacker stole significant data from a defence contractor, this year Iran has emerged as one of the most advanced cyber actors on a global scale and with its recent activity targeting the US, Australia should have them on its radar.

 

For years, Iran has been honing its hacking capabilities and investing heavily in building out advanced exploit capabilities. It has staged campaigns targeting regional neighbours, and demonstrated keen interest to disrupt critical infrastructure.

In 2012, disk-wiping malware ‘Shamoon’ hit Saudi Arabia's oil conglomerate, Saudi Aramco, destroying data on tens of thousands of computers. Then in 2016, ‘Shamoon’ resurfaced, inflecting thousands of computers in Saudi Arabia's civil aviation agency and other Gulf State organisations.

 

Initially Iran had the US in its sight, launching attacks from 2011 to early 2013 that inundated the financial sector with distribution denial-of-service (DDoS) attacks, taking websites and bank accounts offline. The same group infiltrated a New York dam’s control systems and seven Iranian hackers were charged for conducting coordinated cyber-attacks. Then in 2013 when the US began discussions to lift economic sanctions in exchange for limits on the nuclear program, Iranian hacking activity in the US dramatically dropped.

 

But this year’s threat landscape has been characterised by the growth of cyber activity from Iran. It has integrated cyber operations into military strategy and developed a mature way of thinking about establishing offensive cyber capabilities.

As the US-Iran relationship grows more complex with the US potentially withdrawing from the nuclear agreement, it’s foreseeable that Iran will use cyberattacks to strike back if the agreement is discarded.

 

As nations seek to advance political interest through cyber means, Australia must find innovative ways of identifying and preventing such activity to better protect itself from complex cyberattacks. Long gone is the belief that Australia’s geographic location protects it from national security threats. The internet exposes it to the world’s cyber threats, and Australia’s political allies puts it in the firing line for geopolitical threats.

 

Iran’s cyber response to the US was swift and intentional. It immediately started targeted cyber intrusions, sending a clear message about what could potentially happen if the agreement is discarded. Nations need to recognise the very real threat of geopolitical warfare and just how quickly nation states can respond. 

 

The Australian government is making good progress in its national defence strategy, recently unveiling an International Cyber Engagement Strategy that highlighted the increasing seriousness of cyber threats from a foreign policy perspective and identifying that most cybercrime affecting Australians originates from overseas.

 

Beyond regulation, the private sector can also play an important part in national security by enhancing their defences and changing their approach to cyber security. Organisations should embrace modern security solutions that leverage artificial intelligence for detection and response to protect intellectual property. Often people believe that cybercrime only affects certain sectors but the reality is that the potential impact on essential services, private information and organisations is huge. There are no boundaries, there are no limits, and there is no denying that geopolitical conflicts will continue to be played out in cyberwarfare.

 

Cybercriminals are using cloud-based services, much like regular businesses. A new study reveals important lessons for the future of fighting cybercrime. From 2009 to 2016, a cybercrime network called Avalanche grew into one of the world’s most sophisticated criminal syndicates. It resembled an international conglomerate, staffed by corporate executives, advertising salespeople and customer service representatives.

 

Its business, though, was not standard international trade. Avalanche provided a hacker’s delight of a one-stop shop for all kinds of cybercrime to criminals without their own technical expertise but with the motivation and ingenuity to perpetrate a scam. At the height of its activity, the Avalanche group had hijacked hundreds of thousands of computer systems in homes and businesses around the world, using them to send more than a million criminally motivated emails per week.

 

Successful cyber-criminal enterprises need strong and reliable technology, but what increasingly separates the big players from the smaller nuisances is business acumen. Underground markets, forums and message systems, often hosted on the deep web, have created a service-based economy of cybercrime.

 

Just as regular businesses can hire online services, buying Google products to handle their email, spreadsheets and document sharing and hosting websites on Amazon with payments handled by PayPal, cyber criminals can also do the same. Sometimes these criminals use legitimate service platforms like PayPal in addition to others specifically designed for illicit marketplaces. And just as the legal cloud-computing giants aim to efficiently offer products of broad use to a wide customer base, criminal computing services do the same. They pursue technological capabilities that a wide range of customers wants to use more easily. 

 

 

The Avalanche network excelled at this, selling technically advanced products to its customers while using sophisticated methods to evade detection and identification as the source by law enforcement. Avalanche offered, in business terms, Cybercrime as a Service, supporting a broad digital underground economy. 

 

By leaving to others the design and execution of innovative ways to use them, Avalanche and its criminal customers efficiently split the work of planning, executing and developing the technology for advanced cybercrime scams.

The Avalanche group also sold access to 20 unique types of malicious software. Criminal operations facilitated by Avalanche cost businesses, governments and individuals around the world hundreds of millions of dollars.

 

To date, cybercrime has offered high profits to the criminals involved, like the US$1 billion annual ransomware market, with low risk. Cybercriminals often use technical means to obscure their identities and locations, making it challenging for law enforcement to effectively pursue them.

 

 

For instance, in 2014, cyber criminals hacked into major financial firms to get information about specific companies’ stocks and to steal investors’ personal information.  They first bought stock in certain companies, then sent false email advertisements to specific investors, with the goal of artificially inflating those companies’ stock prices. It worked: stock prices went up, and the criminals sold their holdings, raking in profits they could use for their next scam.

 

 

Criminals in the real world must be at a crime’s actual site and may leave physical evidence behind, like fingerprints on a bank vault or records of travelling to and from the place the crime occurred. In cyberspace, a criminal in Belarus can hack into a vulnerable server in Hungary to remotely direct distributed operations against victims in South America without ever setting foot below the Equator.

 

All these factors present significant challenges for police, who must also contend with limited budgets and manpower with which to conduct complex investigations, the technical challenges of following sophisticated hackers through the Internet and the need to work with officials in other countries.

 

The multinational cooperation involved in successfully taking down the Avalanche network can be a model for future efforts in fighting digital crime. Coordinated by Europol, the European Union’s police agency, the plan takes inspiration from the sharing economy.

 

Uber owns very few cars and Airbnb has no property; they help connect drivers and homeowners with customers who need transportation or lodging. Similarly, while Europol has no direct policing powers or unique intelligence, it can connect law enforcement agencies across the continent.  This “Uberisation” of law enforcement was crucial to synchronising the coordinated action that seized, blocked and redirected traffic for more than 8,00,000 domains across 30 countries.

 

Through those partnerships, various national police agencies were able to collect pieces of information from their own jurisdictions and send it, through Europol, to German authorities, who took the lead on the investigation. Analysing all of that collected data revealed the identity of the suspects and untangled its complex network of servers and software. The nonprofit Shadowserver Foundation and others assisted with the actual takedown of the server infrastructure, while anti-virus companies helped victims clean up their computers.

 

Police are increasingly learning, often from private sector experts, how to detect and stop criminals’ online activities. Avalanche’s complex technological setup lent itself to a technique called “sinkholing,” in which malicious internet traffic is sent into the electronic equivalent of a bottomless pit. When a hijacked computer tried to contact its controller, the police-run sinkhole captured that message and prevented it from reaching the actual central controller. Without control, the infected computer couldn’t do anything nefarious.

 

However, interrupting the technological systems isn’t enough, unless police are able to stop the criminals too. Three times since 2010, police tried to take down the Kelihos botnet. But each time the person behind it escaped and was able to resume criminal activities using more resilient infrastructure. In early April, however, the FBI was able to arrest Peter Levashov, allegedly its longtime operator, while on a family vacation in Spain.

 

The effort to take down Avalanche also resulted in the arrests of five people who allegedly ran the organisation. Their removal from action likely led to a temporary disruption in the broader global cybercrime environment. It forced the criminals who were Avalanche’s customers to stop and regroup and may offer police additional intelligence, depending on what investigators can

convince the people arrested to reveal.

 

The Avalanche network was just the beginning of the challenges law enforcement will face when it comes to combating international cybercrime. To keep their enterprises alive, the criminals will share their experiences and learn from the past. Police agencies around the world must do the same to keep up.

 

Whilst the link between technology and crime is unclear, a review of literature suggests that crime has transformed since the 1990s, attaining new dimensions and creating an array of new challenges and demands on policing. 

The nature of online criminal activity means that skilled criminals have acquired a transnational reach in conducting illicit intrusions into computer networks to gather information, deface websites or carry out Distributed Denial of Service (DDoS) attacks.

 

Fraud specialists employ social engineering techniques including spamming, domain squatting and phishing to manipulate peoples’ actions Bullying has moved beyond traditional spheres as cyberbullies subject their victims to flaming (abusive posts), malware (deliberate sharing of viruses) and outing (posting of personal information) (Gillespie & Weare, 2015). 

The spread of online child pornography worldwide exposes children to the dangers of sexual assault and re-victimisation that occurs in the knowledge that through the internet their images are kept alive (Taylor & Quayle, 2003). Examples can be broadened further to include concepts of organised cybercrime, corporate espionage and cyber-terrorism (Brenner, 2010). 

 

The social and economic costs of cybercrimes may be hard to define as a lack of reliable empirical data means that no study can ever be definitive (Levi, 2012a). The scope of the challenge may be increased by an underreporting of cybercrime from the public and businesses and a lack of transparency and comparability from industry sources (McGuire & Dowling, 2013). 

In the former case, a survey by the Institute of Directors (2016) found that 49% of firms believed the most significant damage from cybercrime was the interruption to business, but only 28% of incidents were reported to police. In the latter case, Lagazio, Sherif and Cushman (2014) suggest that UK financial institutions are affected by a feedback loop, where a higher number of reported cyber-attacks is linked to a higher potential for reputational damage. 

 

It is therefore claimed that companies under-report cyber incidents in the UK, which drives down government estimations of the problem and leads to a lower state effort to reduce it. Nonetheless, a recent official estimate (Action Fraud, 2016) suggested that the cost of cybercrime to the UK economy was £10.9bn. Prior to this, a report by Detica (2011) estimated the annual cost to be £28bn, while a study by Anderson, et al (2012), broadened to include traditional (e.g. tax fraud), transitional (e.g. online payment card fraud) and new crimes (e.g. malware), found the cost of genuine cybercrime to the UK economy was a much lower £108m. 

 

Beyond the monetary costs of cybercrime are the political and social effects (Kshetri, 2010). First, are implications for education, employment and wealth creation. In the UK, in 2010, approximately 16,500 young people aged 11–15 were absent from school where bullying was cited as the main factor (Brown, Clery & Ferguson, 2011). 

 

Of the total number who experience bullying, 65% report some form of cyberbullying (Ditch the Label, 2016). This is significant, as a longitudinal study found that Britons who were bullied in childhood had poorer cognitive functioning at the age of 50 and lower education levels, with male victims more likely to be unemployed and earn less (Takizawa, Maughan & Arseneault, 2014). 

 

Second are implications for child protection. Holloway, Green & Livingstone (2013) remark on the substantial rise in internet usage by children under nine years between 2007 (67%) and 2012 (87%), with children using online and mobile technology to access virtual worlds and social networks. 

 

The potential dangers within these domains can be categorized as content-risks (child receives mass produced content, e.g. pornography), contact risks (interaction commenced by an adult, e.g. sexual grooming) and conduct risks (child participates in peer-to-peer interaction, e.g. cyberbullying). However, as sensible as it may seem to affiliate the increase in internet usage with an increase in risk, it is worth noting that long-term measures over the same period in the UK and USA indicate little or no increase of harm to children (Madge & Barker, 2007; Maughan, Collishaw, Meltzer & Goodman, 2008), and a slight decrease in bullying and victimisation (Finkelhor, 2014). 

 

Examining the mantra that new technologies expose children to greater risk (College of Policing, 2015; Unicef, 2011), Livingstone & Smith (2014) question whether older forms of risk have instead been displaced (e.g. children accessing pornography online rather than offline), whether the receipt of hostile words or content is amplified by the ease or anonymity of new technologies, and whether technology is now so entrenched into children’s communicative activities that it is likely to be implicated along with (rather than instead of) real-world interactions. 

 

 

Third are implications for liberty and security. As the internet raises new risks for criminal victimisation, it inevitably raises questions about control. The UK National Cyber Security Strategy (HM Government, 2016) aims to expand the focus on cyber threats through the development and deployment of technology and the creation of a National Cyber Security Centre. 

This is cemented by the 2016 Investigatory Powers Act, which, according to sponsors, provides a framework to govern the official use of covert powers (House of Commons, 2015). However, critics of the legislation (MacAskill, 2016) point to a provision that requires communication service providers to retain internet connection records for a period of 12 months. Reasons for this include the prevention or detection of crime, interests of public safety, assessing and collecting taxes and the regulation of financial services (Schafer, 2016). 

 

While law enforcement argue that such powers are necessary in the fight against crime (UK Parliament Joint Committee, 2016), Anderson (2016) identifies that the shift from monitoring communications based on individual suspicion to the indiscriminate collection of personal data has a “chilling effect on people’s willingness and ability to lawfully express dissent” (p.6). Thus, it argued that repression in the physical world is realised through the regulation of cyberspace, in what Cohen (1985) describes as the ‘soft line’ mode of social control. 

 

Despite consensus that cybercrimes exist, there remains debate on what risks they pose. Over the last two decades, criminological research has expanded to develop understanding but without a unified definition many scholars are theoretically split.

 

On one side is the perspective that cybercrimes are traditional crimes applied through new means, but driven by the same intrinsic human emotions that underlie corruption in the real world. Nevertheless, analysis of studies on victimisation using routine activities found divergence between diverse types of cybercrimes and the impact of each principle.

For example, examination of victim impact factors found that women, people with a higher education and those with a paid job were exposed to the most risk of hacking and malware, whereas the risk of identity theft bears no correlation to any of those factors. 

 

Other studies have suggested that strong computer skills and careful password management did not reduce the threat of malware infection. Other criminologists paint cybercrime as a unique construct, focusing on the social-structural aspects of the environment in which they occur. 

 

In this novel environment, the scale and scope of offending is inexorably transformed, as are the relationships between victims and offenders. 

 

The public needs to accept more responsibility for its susceptibility to email, Internet and telephone-enabled offers from strangers, acquaintances and even from people that they thought are friends. But also the public needs to be trained and helped to make better decisions, and the police can play a collaborative role in arrangements to provide that advice before and after becoming a victim. 

 

A start might be made by asking, for every economic cybercrime, what it would have taken to have stopped it from happening or to have reduced its scale, and then to see who, victim awareness, software or Internet service providers, third parties or police/other enforcement agencies, might have intervened to affect those harms, and why they did not either attempt to or succeed. 

 

Police should also set up public briefings particularly for school/university attendees and the pension aging public.

 

The Police should promote cyber-crime protection methods to the public in general and this should probably begin with a public briefing from the Home Secretary.

 

Police should create secure cyber networks of corporates and international governments which help each other to reduce cyber-crime both in the UK and globally.

 

 

 

TechUK