Cyber-crimestoppers: How individuals and companies help nab internet crooks
The infamous bank robber Willie Sutton denied ever saying, "That's where the money is" in response to being asked why he targeted financial institutions. An entry on debunking site Snopes.com indicates the quote dates back to 1952, when it first appeared in a Southern California newspaper.
(By the way, Snopes.com is embroiled in an ownership kerfuffle that could put this valuable debunking service out of business. It is seeking donations via Gofundme to help keep it afloat, and to defray its legal bills.)
No one has to ask why criminals have turned to the internet to find their victims: That's where the people are. The FBI's Internet Crime Complaint Center (IC3) reports that U.S. losses due to internet crime increased to $1.33 billion in 2016, compared to $581 million in 2012 and $17.8 million in 2001. Statistica charts the year-by-year increase in "cyber crime" over the past 16 years.
One particular internet crime is skyrocketing: romance scams. In a July 20, 2017, article, USA Today's Kellie Ell reports that 14,546 people were victims of internet-based romance or confidence scams in 2016, according to the IC3, compared to 5,791 people similarly victimized in 2014. Financial losses due to the scams likewise soared, from $87 million in 2014 to $220 million in 2016.
As Ell notes, these numbers are likely the tip of the iceberg when it comes to internet scams because many people are too frightened or ashamed to report being taken. The people most likely to be victimized are women over the age of 60, many of whom are not "digitally savvy," as Ell explains. Ell offers six tips for preventing internet scams, which I can boil down to three:
Here's to the people working to put internet criminals behind bars
Unless you've been hiding under a rock these past few weeks -- and I wouldn't blame you if you were -- you heard stories about widespread ransomware attacks with names like WannaCry and Petya. Ransomware victims are often large organizations, such as hospitals and businesses. A big reason is that ransomware targets machines running old, outdated versions of Windows, including XP and Windows 2000.
At this point, these antique Windows systems are a data breach waiting to happen. Yet many large organizations continue to rely on machines that are more than 10 years old. Microsoft stopped supporting Windows XP years ago, but organizations refuse to spend the money required to replace them with secure computers. These organizations are most likely to be the victims of malware attacks.
The best defense against ransomware and other malware is to keep your software updated, and to make sure the programs are set to update automatically. Also, keep your data backed up on an external storage device or in a cloud service. (Keep in mind that ransomware can encrypt cloud data as well, which means you have to back up your backup.)
WannaCry would have done even more damage than it did were it not for an anonymous malware analyst who goes by the name MalwareTech. Wired's Lily Hay Newman writes in a May 13, 2017, article that MalwareTech discovered a "gibberish URL" that the ransomware was directed to check. If the URL was active, the malware shut down. So MalwareTech registered the domain name (for about $11). This simple step prevented WannaCry from spreading.
In a May 15, 2017, post on Forbes, Thomas Fox-Brewster writes about MalwareTech's efforts to prevent the press from discovering and disclosing his identity. A malware warrior who doesn't mind being identified is Victor Gevers, who took a year off his job as an IT security expert to search for and report software vulnerabilities. A July 21, 2017, article on Zerocopter explains how Gevers spent 15 hours a day probing software, ultimately discovering 690 "serious vulnerabilities." Gevers is expected to be one of the stars of this week's DefCon 25 security conference in Las Vegas.
Shining a light on the criminal Dark Web
Two of the most dangerous criminal networks on the so-called Dark Web were taken down recently, as BBC News' Chris Baraniuk reports in a July 20, 2017, article. AlphaBay and Hansa were online markets for the sale of drugs, guns, malware, and stolen data. Officials for the U.S. Department of Justice and Europol expect more arrests of Dark Web proprietors in the coming year, although they admit that while succeeding in shutting down the illegal sites, they have managed to arrest only a handful of the perpetrators.
In May 2016, a "white hat hacker" that goes by the moniker bRpsd helped the FBI charge a man with first-degree murder. The hacker broke into a Dark Web site called Besa Mafia that claimed to offer murder for hire. The suspected murderer's name was in the Besa Mafia database, and other incriminating evidence was discovered as a result of the hacker's "ethical breach."
It's not just hackers who are getting involved in combatting internet crimes. In a July 20, 2017, article on the Daily Beast, Kevin Poulsen describes how Microsoft has targeted the Fancy Bear group of Russian hackers with ties to the Kremlin. The company has sued Fancy Bear in the U.S. District Court for the Eastern District of Virginia. Microsoft's goal is to take over the internet domain names used by Fancy Bear's "command and control servers" and reroute their traffic to Microsoft's own servers. This gives the company an "omniscient view" in addition to separating Fancy Bear from its potential victims.
Poulsen points out that Russia has an array of sophisticated hacking tools it uses to infiltrate and damage networks around the globe that are unaffected by the action against Fancy Bear. These include the X-Tunnel implant that provided the Russian government with access to the Democratic National Party servers. However, Fancy Bear was directly involved in the DNC break-in, and blocking Fancy Bear has become a cat-and-mouse game as the group switches to new domain names that Microsoft subsequently blocks.
A Russian national named Mark Vartanyan was sentenced in a U.S. District Court in Atlanta to five years in prison for computer fraud related to the distribution and sale of the Citadel malware toolkit. Citadel targeted financial accounts and personal information; it is blamed for 11 million computer infections and $500 million in financial losses. R. Robin McDonald writes in a July 20, 2017, article on Legaltech News that Vartanyan, who went by the name "Kolypto," provided his criminal customers with updates and patches from 2012 to 2014. Previously, Demetry Belorossov was convicted of computer fraud related to Citadel and sentenced to 54 months in federal prison and $300,000 in restitution.
McDonald notes that Citadel's author remains at large.
Corruption affects the media, too: A couple of people responded to last week's Weekly to point out some of the failings of our so-called free press. I found a post from November 18, 2016, on Transparency International that describes "Three ways to fight corruption in the media." Publicly owned and privately owned media companies can be corrupted by failing to serve as neutral platforms giving voice to a range of viewpoints.
Corruption can also occur when the media company's finance models are undisclosed. This can make the media vulnerable to undue influence by the handful of revenue sources they rely on. That's why media companies should be required to disclose the sources of their income.
Lastly, a lack of resources can lead to a lack of professional responsibility among reporters, editors, and other media professionals. In addition to ethics training, media workers need sharp tech skills, a fair salary, and adequate quality-control procedures.
Not one, not two, but 13 things to feel good about: I'm suffering from an acute case of Fear of What He's Going to Do Next. These days, the simple act of walking by a television set can send a jolt of despair through your body, especially if it happens to be airing a cable news channel. We can all use a little optimism for the future. That's what led the staff at AlterNet to compile the thoughts of 13 "optimistic thinkers" as an antedote to "the dark future of Trump."
For example, Noam Chomsky points out that Bernie Sanders is now the single most popular politician in the U.S. In addition to supporting a progressive social and economic agenda, Sanders represents a rejection of the corporate power and private wealth that "is a virtual prerequisite even for participation in the political arena."
Rebecca Solnit of the Guardian is encouraged by the "many stories of people standing up for the vulnerable." Solnit points out that the resistance to the threats to "shred our social fabric or our constitution" is just getting started
Finally, Charles Bayer of BillMoyers.com says he is no "optimistic liberal, unaware that the world can be cruel, ruled by selfish tyrants and dominated by hogs only interested in getting to the trough before anyone else." Yet Bayer is encouraged by "the moments of common, gracious, human kindness" he encounters on a daily basis, each a reminder that we are at heart "a people who really care about each other."
The selfish tyrants and hogs may be calling the shots now, but the day will come when graciousness and human kindness once again rule the hearts of our rulers.