With cybercrime on the rise in the Middle East, there is a need for proactive analysis, creation of cybercrime prevention measures, focus on staff education and development of ‘in-house’ capabilities to deal with cyber security threats.
Electronic Commerce (e-commerce) can simply be described as doing business electronically. That is, the use of one or more technologies to communicate or trade with trading partners such as customers or suppliers, or to gather information electronically about markets, competitors and business opportunities.
E-commerce is the means of selling goods on the Internet, using web pages. This involves much the same processes as selling goods elsewhere, but in digital format. Presentation, placement, display, stocking, selling and payment are all familiar concepts.
However, the World Economic Forum Global Risk Report 2014 highlighted the following dangers that will undermine e-commerce:
• Digital disintegration
• It is easier to attack than defend
• One disruptive technology away from attackers gaining a runaway advantage
• Internet would cease to be a trusted medium for communication or commerce
• A trusted cyberspace must be developed
Although it is fervently advocated that the private sector should have strategies and policies to deal with Information Technology (IT) abuse and Cybercrime, investigative experience shows us that in the main they do not, and there are electronic voids in existence between departments. These gaps need to be identified and filled before the private sector can fulfil what is expected of it.
For example, ‘Phishing’ and similar offences are being used to get hold of important information from employees of corporate business and personal information belonging to an individual. They then use said information to breach the security of the organisations to obtain confidential and sensitive data. This is the outsider attack, what about the insider attack?
“Exposed: Barclays account details for sale ‘gold mine’ of up to 27,000 files is leaked in worst breach of bank data EVER” (Daily Mail Online Sunday 9th February 2014)
The Internet has developed rapidly over recent years. It started life as an experimental network used and controlled by the academic community to share information and promote professional communications. Within this framework self-governance worked well because the community of users shared common goals and norms. Now that the network has evolved into a public domain, where people of many cultures and dispositions can share access to this common resource, conflicts and abuse occur. Cybercrime affects most Internet users at one time or another, plus technological developments and the innovation of the criminal mind have left us playing catch up.
Today, not everyone who uses the Internet has good intentions. There is a growing amount of information on the ‘Net’ on ‘how to’ commit numerous types of crime; radical extremist groups commonly use the Internet to disseminate doctrine, recruit new members and coordinate activities, and the criminal element is now able to communicate with effectively absolute impunity using freely available tools and services to mask their identities and render their correspondence unreadable.
“In today’s world of rising Cyber Attacks, and the growing demands for secure software, it is imperative to eliminate opportunities for unintentionally revealing information that may be beneficial to attackers.” (Hewlett Packard Cyber Risk Report 2013)
Despite this, from the investigators perspective, the Internet represents an important investigative aid and an unprecedented, cost effective ‘open source’ intelligence-gathering opportunity. Information that could prove very useful in many types of investigations can be accessed with relative ease by an experienced and proficient Internet researcher or forensic analyst.
IT enabled abuse is committed across cyber space and does not stop at the border. They can be perpetrated from anywhere in the world and against any computer user. It is recognised that efficient action to combat cybercrime is necessary between both the public and private sectors.
“Electronic documents can save company money, but they’ve become the latest target of Internet fraud” (Lenton, 2005). When said in 1965 it was an observation, today it is ‘Moore’s Law’.
Published on 19th April 1965 in the Electronics Magazine, Intel co-founder Gordon Moore wrote that the number of transistors on a chip would double every 24 months. As technology has pushed forward over the past decades, the impact of his words has been astounding. These words, written as an observation has set the standard for the development of computer chip technology, and as this technology develops, so must investigative techniques and cyber security awareness.
According to the Price Waterhouse Coopers (PWC) Annual Economic Crime Report 2014, the future trend is alarming as more than 38 per cent of the respondents in the Middle East indicated that they expect their organisations to suffer from economic crime over the next 24 months.
The Middle East is fast becoming a prime target of cybercrime. We all have a duty to raise awareness about this growing concern.
AccessData’s interaction with government, financial, telecom and enterprise organisations in the region has revealed the dire need for proactive analysis, the creation of cybercrime prevention measures, ‘education – education – education’ of staff and an ‘in-house’ ability to deal with cyber security threats.
If we do not invest in the skills necessary to police this ever-changing environment, we will have to contend with playing ‘catch-up’ in understanding how new technologies are associated with traditional and some new crimes, which also means we will not be comfortable in the digital world.
By Paul Wright, manager of professional services and investigation team, Middle East, India and Africa at AccessData