HomePublicationsCrime Profile Series › Cyber Crime

Cyber Crime

Organised crime groups are increasingly taking advantage of new technologies, such as the Internet, to find new ways to commit crimes, and facilitate their traditional criminal activities. It gives them unprecedented ways of committing crime at arm’s length from their victims and across national borders.

Nature of Cyber Crime

Criminals have exploited weaknesses in technology, legislation and lack of public awareness that is created by the global reach of the Internet and its rapid expansion, to develop new crimes, and to facilitate traditional crimes in a new way.

New crimes include attacks on computer systems utilising malicious software (malware), computer viruses and denial of service attacks.

However, the greatest opportunity for criminals and subsequently organised crime has been the adaptation of traditional crimes to the online environment. In this respect criminal groups have been able to use the Internet to reach new victims, to maintain anonymity and evade detection by law enforcement.

Some examples of the migration of traditional crime to the online environment include the following:

Traditional Crime Cyber Crime Equivalent
Fraud Online fraud, auction fraud, advance fee fraud
Burglary/malicious damage Online hacking, denial of service attacks, viruses
Child Sex Offences Online child grooming, child pornography websites
Money laundering Online payment systems, e-cash
Theft ID Crime, bank website ‘phishing’ and movie, music and software piracy
Stalking Cyber stalking, cyber bullying

The Australian Crime Commission conservatively estimates that serious organised crime costs Australia between $10–15 billion every year. This cost comprises loss of business and taxation revenues, expenditure on law enforcement and regulatory efforts, and social and community impacts of crime. Raising public awareness of crime issues is an important step in minimising the impact serious and organised crime can have on the community.

Extent

Due to the nature of cyber crime, estimating its extent is challenging. Some cyber crimes are never detected by their victims or are either concealed from or not reported to authorities because disclosure could prove embarrassing or commercially inconvenient to victims.

Available data about cyber crime paints a picture of how organised criminals are finding new tools for moving their illicit activities between the real world and virtual environments.

In 2008, small, medium and large Australian businesses were surveyed on unauthorised use, damage, monitoring and attack or theft of their business information technology. Of those surveyed, 14 per cent reported computer security incidents during the survey year amounting to a financial loss estimated up to $649 million. Only eight per cent of victims reported breaches to the authorities yet estimated the cost of e-protection for their business to be up to $1.95 billion.1

The most common incidents of cyber crime cited in the survey were malware code and virus attack leading to software corruption.2

Between 2007 and 2008, malware detections rose ten-fold with a majority said to be geared towards stealing identity information, password information or credit card information in such a way as to make money.3

Impact

Using the Internet allows cyber criminals to use less hierarchical structures than traditional organised crime groups. It allows new collaborations so that loose affiliations can form even though members may live thousands of kilometres apart and never meet in person. This helps make the organisation of cyber crime more efficient, effective, fast and flexible.

Organised crime groups need not have the expertise and access to commit cyber crime, because they can buy it. They can shop around for capable and competitively priced people to help them. They can even use the Internet to buy or rent the malware or software they need to commit their crimes, download manuals or do-it-yourself virus kits, or visit bulletin boards for tips and advice. They can even collude by encrypted means over the Internet.

Alternatively, and particularly in terms of money laundering, they can cultivate ‘cyber mules’—ordinary people who are recruited as ‘international sales representatives’ or ‘shipping managers’ and are then asked by criminals to receive payments into a bank account. The ‘cyber mule’ then sends the money out again, effectively laundering it and in return, receives a commission.

Cyber crime has a wide ranging impact including:

  • loss of online business where consumers lose confidence in the digital economy
  • potential for critical infrastructure to be compromised affecting water supply, health services, national communications, energy distribution, financial services and transport
  • victims who lose financial resources and subsequently suffer losses in terms of time and effort, and the emotional damage attached to the crime
  • businesses that lose assets
  • costs to government agencies and businesses who must help re-establish credit histories, accounts and identities
  • cost to businesses in improved cyber security measures
  • fuelling other criminal activity
  • increasing investment in time and resources by law enforcement.

Cyber Crime and Identity Theft

Online social network sites such as Facebook, Myspace, blogs, online gaming and online dating have not only opened a world of social interaction, but also a virtual encyclopedia of personal information.

Online criminals often exploit the information supplied on social network sites to harvest enough information about a person to assume their identity. This identity theft is then used to obtain money and goods fraudulently in the name of the victim. This is an increasing market for organised criminal groups.

Many victims may not know their identities have been stolen. However, eventually the victim will find their credit rating and financial state have been compromised. Unravelling these fraudulent activities is often problematic.

Is My Computer a Zombie? Enter the 'Botnet'

Criminals use a number of malicious software tools (malware), to access victims’ computers online, in order to steal information and in some cases take control. These software tools include trojans (named after the Greek fable in which a gift wooden horse hid an army of enemy soldiers), which pose as legitimate programs and provide hackers with a back door to your system and spyware which is a general term used for programs that covertly monitor and harvest information on computers, including passwords and banking details.

Commonly trojans and spyware programs are delivered by replicating software programs collectively called computer ‘viruses’. A virus is often delivered over the Internet and exploits a weakness in your computer software, to install or deliver its payload, which may be a trojan or spyware or simply have a function which adversely affects your computer.

Another tool which has jumped to prevalence in the online criminal arsenal is the botnet. ‘Bot’, short for robot (sometimes called zombie), refers to a malicious software program that takes control of numerous third party computers, to perform automated tasks over the Internet without their owners’ knowledge.

Criminals typically use viruses or trojans to infect large numbers of computers (hundreds or thousands) and to form a network of controlled computers, or a botnet.

Botnets are used as a tool in a number of cyber crimes to covertly steal banking and identity details, send unsolicited spam, fraudulent email messages, spread computer viruses and attack computers and servers. People whose computer is infected as a botnet may never know it is being used in this way.

Recent estimates put the number of bots operating in Australia at around 100,000. The average bot can dispatch 10,000 spams a day.4

Organised criminal groups use these botnets as a force multiplier, to gather information and attack more online victims. These attacks are called distributed denial of service attacks, which is where the botnet overwhelms a website with requests for information. This attack prevents legitimate users from accessing the website—denying access to the information or services provided by that website. Organised criminals sometimes use these attacks as part of an extortion attempt on the website’s operator.5

Links to Serious Organised Crime

As more and more legitimate businesses move their enterprises online seeking new opportunities for profit, so do organised criminal entities.

There are a number of things about the Internet that make it particularly attractive to criminals. It is globally connected, borderless, anonymous, fast, low-risk, easily accessible and has high volumes of rich data including financial data, personal information, military information and business information.

As a consequence, organised criminals are highly motivated to move into the cyber space arena.

Three types of organised crime groups have been identified as operating in cyber space:

  1. Traditional organised crime groups that make use of information and communications technology to enhance their regular criminal activities.
  2. Organised cyber criminal groups that operate exclusively online.
  3. Organised crime groups made up of ideologically and politically motivated individuals who make use of information and communications technology to facilitate their criminal conduct.6

Protecting Yourself From Cyber Crime: Internet Security and Cyber Safety

Whilst the Internet does bring the threat of cyber crime into your home through your computer, there are a number of simple rules which can lessen your risk of being a victim:7

  • Install security software and update it regularly.
  • Turn on automatic updates so that all your software receives the latest fixes.
  • Get a stronger password and change it at least twice a year.
  • Stop and think before you click on links or attachments.
  • Stop and think before you share any personal or financial information— about yourself, your friends or family.
  • Know what your children are doing online. Make sure they know how to stay safe and encourage them to report anything suspicious.

Always protect your identity online and beware of providing personal financial details, logons and passwords to unsecured websites, or in response to emails, and check your bank/credit card statements regularly for unusual transactions.

Source: Protecting Yourself Online booklet, available from <http://www.ag.gov.au/RightsAndProtections/CyberSecurity/Pages/default.aspx>. Hard copies can be requested from cybersecurity@ag.gov.au.

More information for children and parents on cyber safety and Internet security can be found at <http://www.cybersmart.gov.au/> and <http://www.staysmartonline.gov.au/>.

More information about the Australian Government’s Cyber Security Strategy can be found at <http://www.ag.gov.au/RightsAndProtections/CyberSecurity/Pages/default.aspx>.

Government Response

The Australian Government launched the Organised Crime Strategic Framework in November 2009 to ensure Commonwealth agencies are working together to prevent, disrupt, investigate and prosecute organised crime. As part of the Framework, the ACC has produced two biennial classified Organised Crime Threat Assessments (OCTAs) which identify the highest organised crime threats to the Australian community. The OCTA informed the development of the Government’s inaugural Commonwealth Organised Crime Response Plan (OCRP) in 2010 to help prioritise Commonwealth agencies resources against these threats.

Recognising that organised crime is a national issue that requires a nationally coordinated response, the Commonwealth and the States and Territories agreed to the National OCRP 2010-13 in 2010 to strengthen multijurisdictional approaches, coordination, information sharing and joint activities to combat the national threat of serious and organised crime. Preventative partnerships with industry and the community are part of the strategies to respond to organised crime. These organised crime fact sheets describe the breadth and impact of organised crime activities and provide an insight into how industry and the community can help combat organised crime.

Further information on the Organised Crime Strategic Framework and the OCRP can be found at <http://www.ag.gov.au/CrimeAndCorruption/OrganisedCrime/Pages/default.aspx>.

 

This fact sheet was developed in collaboration with Attorney-General's Department and Australian Customs and Border Protection Service.

Endnotes

  1. Challice, G 2009, The Australian Business Assessment of Computer User Security (ABACUS) Survey: methodology report. Australian Institute of Criminology Technical and Background Paper No. 32, 2009.
    http://www. aic.gov.au/documents/A/0/A/{A0AF6B99-9D3F-4276-86F9- 68DBDB99B26E}tbp032.pdf
  2. Ibid.
  3. Sutton, N 2008, Malware grows 10-fold in 2008: McAfee researcher points to ailing economy as key factor in cybercrime crisis, Canadian Security Magazine, December 2008.
    http://www.canadiansecuritymag.com/News/Malware-grows-10-fold-in-2008.html
  4. Internet Industry Association submission to the Standing Committee on Communications: Inquiry into Cybercrime.
    http://www.aph.gov.au/house/committee/coms/ cybercrime/subs/sub54.pdf
  5. Fowler, A 2009, ‘Fear in the Fast Lane’, ABC Four Corners, first broadcast 17 August 2009.
    http://www.abc.net. au/4corners/content/2009/s2658405.html
  6. 6 Choo, KKR & Smith, RG 2008, ‘Criminal exploitation of online systems by organised crime groups’, Asian journal of criminology 3(1): 37–59.
  7. Stay Smart Online website
    www.staysmartonline.gov.au/