In 1963, a gang led by Bruce Reynolds stole more than £2.000.000 (around $74.000.000) from a train to London. The looters used a false red light to stop the train and stole more than one hundred high-value packages without alarming most of the passengers. The Great Train Robbery was rightfully called the heist of the 20th century. Fifty two years later, in February 2015, Kaspersky Lab discovered the Great Bank Robbery – the biggest cyber-heist of the 21st century so far. An international gang of hackers managed to steal $1 billion during two years of secret online infiltration of banks all over the globe. By comparison, Bruce Reynolds now seems rather amateurish. The motto of the millennium is that to go professional means to go online, even for criminals.
Crimes, they are a changing
The number of online incidents has been growing rapidly. German Cyber-Abwehrzentrum (Cyber Defense Centrum) identified more than 900 breaches of online security between April 2011 and March 2013. The Czech National Cyber Security Centre has been reporting up to 10 significant cyber incidents nation-wide every month since 2013. And finally, the Polish Ministry of the Treasury claimed in January 2015 that expenditures on security formed 5,5 % of the overall national IT budget. Criminals seem to be more and more attracted by new technologies, as smart industrial espionage and data leakages gradually supersede crude attempts to steal virtual money.
Let’s go phishing
Recently, hackers invisibly redirected visitors on Chef Jamie Olivier’s web pages to a secret site with harmful malware. Similar fraud contaminated the erotic portal Redtube. Once the hackers get into a computer, they use its capacity for other crimes or track the way to the online accounts of its users. Apart from clandestine redirecting, the most common way of PC intrusion is phishing. The victims usually get an email that seems to be perfectly legitimate, useful and often hard to distinguish from regular “honest” communication. It may require them to verify a PayPal account number, or to install a security program. The verification or the attachment contains malware that submits the victim’s computer to the attackers’ will. During the summer of 2014, tens of thousands of Czech citizens got emails indicating that they were having their possession confiscated by a court order. This phishing contained real names and was so convincing that concerned authorities spent several weeks answering phone-calls and emails from frightened internet subscribers.
Help mi invest $1.00.0000, bro
Special categories of phishing include “lottery emails” or “heritage emails”. Usually written in poor language with grammatical errors, they inform you that you have won a fortune by visiting a certain website or that you have inherited millions from an unknown relative. The only thing you have to do is to submit your online account details. Sometimes those emails pretend to respond to your CV and offer you a fabulously paid job or a fabulously unrealistic position such as “promoting survey executive” or “officer for inner exchange”. Offers expressing sexual attraction are also quite frequent. Occasionally a literary masterpiece appears that combines all the carrots. An email from a mysterious Gizele Abuzu spammed thousands of mailboxes. She announced that she was a young (and beautiful) student of medicine, without a family, who was offering to transfer £ 800.000 to random accounts.
A project called Spamhaus was started to monitor phishing and other kinds of disturbing and unwanted communication. In retaliation, the hackers launched massive cyber-attacks against its websites in 2013 and repeated them several times.
The creativity of online criminals is almost unlimited. In 2009, a Twitter game appeared that encouraged users to create and share their own porn star nicknames. The nicknames were composed of different names from the users’ past, e.g. the name of the first pet and the surname of the first math teacher. However, funny outcomes often revealed more information than the users intended. Such past names are frequent answers on security questions which protect login to mailboxes and online accounts. Disclosing them opened the door for identity thieves.
The Internet is very friendly also for stalking and cyber bullying. Stories of the latter are surprisingly similar. Usually a teenage victim starts getting insulting messages or calls. Sometimes pictures or videos of the victim in uncomfortable situations spread through social networks, gain an audience and escalate the pressure on the adolescent. Sad suicidal endings are reported from Canada, Italy, the UK, and the US.
And finally, a wheeler dealer in the US set up a business selling drugs. You could order them via the Internet like pizza, get delivery through the postal service, and pay in bitcoin, the unregulated digital currency, completely anonymously and completely online.
Is there a Wi-Fi in jail?
National legislatures have recognized the severity of online threats and have adjusted punishments accordingly. Taking the Czech Criminal Code of 2009 as an example, obtaining unauthorized access to other people’s accounts may result in imprisonment for up to one year, or up to five years if the perpetrator took a significant amount. For damaging or suppressing online data, one may get up to 2 years, or up to 8 years should the damage be severe. Similar sentences follow unauthorized personal data processing, publishing private documents or infringement of other people’s rights. Nevertheless, no law can replace a careful attitude and common sense. Luckily enough, this is true also for criminals. Eighteen-year-old Juan Fresquez robbed a mobile home and posted a selfie with stolen money and jewellery on Facebook. The police liked that.