DarkMarket_ Cyberthieves, Cybercops and You - Misha Glenny [1]
These days if it’s only a flat tyre, you can still probably reach your destination. But a growing number of breakdowns are now the result of a computer failure in the control box – the black plastic housing usually located behind the engine. If it is a control-box issue, then even if you are an experienced tank mechanic you won’t be able to get the car moving. If you are lucky, a computer engineer will be able to fix it. But in most cases you will need to replace the unit.
Computer systems are so much more complex and fragile than internal combustion engines that only the very tiniest group of people can begin to deal with a problem beyond the familiar mantra, ‘Have you tried rebooting it?’
We now find ourselves in a situation where this minuscule elite (call them geeks, technos, hackers, coders, securocrats, or what you will) has a profound understanding of a technology that every day directs our lives more intensively and extensively, while most of the rest of us understand absolutely zip about it. I had first begun to appreciate the significance of this when researching my previous book on global organised crime, McMafia. I travelled to Brazil in order to investigate cybercrime because this absorbing country is, among its many positive qualities, a major centre of bad stuff on the Web – though this was little known at the time.
Here I met cyber thieves who had engineered a spectacularly successful phishing scam. Phishing remains one of the most dependable pillars of criminality on the Internet. There are two simple variants. The victim opens a spam email. The attachment may contain a virus, which enables a computer somewhere else in the world to monitor all activity on the affected computer, including the input of bank passwords. The other trick lies in designing an email that appears to have been sent by a bank or other institution, requesting confirmation of login and password details. If the recipient falls for the ruse, then the spammer can use these to access some or all of your Internet accounts. The Brazilian hackers demonstrated step-by-step how they secured tens of millions of dollars for themselves from bank accounts in Brazil, Spain, Portugal, the United Kingdom and the United States.
I then visited the cybercops in Brasilia who had busted four other members of their criminal group (although at least twice that number were never tracked down by the police), and then I interviewed the chief of X-Force, the covert-operations department of the American computer security company, ISS. In the space of about a week I realised that conventional or traditional organised crime, colourful and varied though it was, carried with it significantly greater risks for the perpetrators than for those engaged in cybercrime.
Old-fashioned organised-crime groups, attached to the technology and means of the twentieth century, need to overcome two daunting hurdles if they are to make a success of their chosen profession. The police represent their primary business risk. The efficacy of law enforcement varies both geographically and in time. Organised-crime groups adapt themselves to these changing conditions and choose one of a number of methods of dealing with the forces of law and order. They can attempt to outmuscle them; they can corrupt them; they can corrupt politicians exercising authority over the police; or they can evade detection.
Then they face a second problem: threats posed by the competition, other bad guys trawling for prey in the same waters. Here again they can attempt to outmuscle them; they can suggest forming an alliance; or they might agree to be absorbed by them.
In neither case, however, can the criminal syndicate simply ignore them – that way lies failure, with sometimes fatal results. Key to survival and prosperity is the ability to communicate