Mark's Musings

A miscellany of thoughts and opinions from an unimportant small town politician and bit-part web developer

Cyber-crime, terrorism and the big bad wolf


A rather strange article in the Daily Telegraph claims that

Britain is losing the war on internet crime, a leading police officer has admitted, after it emerged that cyber crime cost UK businesses around £205 million in lost revenue last year.

That’s a fairly scary headline, and if true is something to be concerned about. But the rest of the article doesn’t even mention this cost to business. Instead, it talks instead about fraudsters using the Internet to target their victims:

Commissioner Adrian Leppard, head of City of London police, said online fraud is rising “exponentially”, with the largest number of attacks originating from Eastern Europe and Russia.

Mr Leppard said half of all fraud in the UK, which costs the country £70bn a year, is now conducted online.

Among the victims are wealthy retired people who are conned out of large sums money in fraudulent share schemes at a cost of £3.5bn a year.

The average cost to the victim is £25,000 and half of those who lose out under the schemes are over 65.

The article doesn’t give details, but the implication is that many traditional scams, such as “boiler rooms” are increasingly being carried out via the web rather than by phone or post. Phishing, too, would probably fall into the same category – people lose money from their bank accounts after being duped into giving away their login details.

That is, clearly, a problem, and the international nature of the Internet makes it a lot easier for the criminals to be in one part of the world and their victims in another. I don’t find it at all surprising that the Russia and Eastern Europe is the source of the largest number of such frauds. But the article makes a different, rather more puzzling, claim:

There is “plenty of evidence” that al-Qaeda and other terrorist groups are using the proceeds of online fraud to finance their activities, he said. The police and security services are seeking to disrupt those lines of funding.

Now, call me ignorant if you want, but I wasn’t aware that al-Queda had a major presence in Eastern Europe. And, truth is, I’d be surprised if there is any significant overlap between the online activities of al-Queda and those of Eastern European fraud gangs.

So, forgive me if I’m being just a little cynical, but I’m wondering if al-Queda aren’t really little more than a bogeyman in this discussion. After all, as the article goes on to say

However, Mr Leppard warned that the 800 specialist internet crime officers face being cut by one quarter under spending cuts.

Whether or not the government will be deaf to Mr Leppard’s claims remains to be seen, but it’s hard to see this as anything more than a piece of propaganda. Of course, crime is an issue, and we need to be aware of trends in technology-based crime and take appropriate steps to remain up to date. But it seems to me that the issue is more about ability than funding, and I have a feeling that I’m not the only one:

Keith Vaz, chairman of the commons Home Affairs select committee, suggested to Mr Leppard that internet criminals “keep running rings around some of the best police officers in the country”, adding: “Are we winning this battle?”

What’s more worrying here, from a political perspective, is that playing the al-Queda card is often a prelude to asking not just for more money, but more powers. Given the mauling that the draft Communications Data Bill has received at the hands of the parliamentary select committee, is this just another ploy to try and manipulate public, and political, opinion? I have a feeling that the answer is “yes”.

Incidentally, going back to the previously quoted statements, it’s clear that older people are far more at risk of online fraud. These are, of course, precisely those who are likely to be less familiar with the Internet, and, in particular, may be unaware of just how easy it is to fake an identity online. So it seems to me that a major plank of any solution will be a combination of greater user education and better security management by online institutions. And by “better security management” I don’t mean requiring more complex passwords or adding more hoops for users to jump through, but developing systems which are secure by design. Some of the biggest culprits here are the banks and credit card companies which have devised systems intended primarily to insulate them from the costs of fraud rather than actually reduce it. The fact that the police apparently are not aware of these systemic flaws in the mechanisms ostensibly designed to protect consumers rather suggests that Keith Vaz is spot on in his comments.