Cybercrime costs $1 trillion a year globally

By Albena Spasova

Gordon Brown, the British prime minister, will soon announce a new UK national cyber security centre to combat growing attacks on computer systems within government departments and big business. His initiative follows an earlier move by US President Barack Obama to appoint a “cyber czar.”

Britain has been holding talks with the US and Canada to co-ordinate operations against cyber attacks by foreign powers, terrorists and criminals. But there is growing evidence of the need for a truly pan-European response, including by the UK, to what is a rapidly accelerating threat across the whole of the EU – and to its businesses and 500 million citizens.

Organised criminal groups are using the Internet to attack a large number of European citizens and businesses for huge gains. But the widely different jurisdictions and legal systems in the EU make it almost impossible for law enforcement agencies and the judiciary to successfully investigate and prosecute a pan-European criminal case. That’s what has come home to me after taking part in the prosecution of more than 400 criminal cases.

The focus at the EU policy-making level is on protecting what is called critical information infrastructure. But what policy-makers also need to do is find mechanisms to address organised cybercrime in Europe. It’s so easy to move from one country to another and there are certainly no borders on the Internet but there are borders when it comes to judicial co-operation.

The EU is having a large penetration of high speed broad band connections – a top priority for Viviane Reding, the EU information society and media commissioner. Unfortunately besides the great opportunity Internet offers in our daily life and business it is used as well for illegal gains. And we need to find solutions to make it difficult for fraudsters to use the Internet to commit crimes – to defraud businesses and citizens to download illegal content, to move funds illegally etc.

Ms Reding is also pressing the EU to appoint its own cyber czar but primarily to combat attacks on infrastructure such as in Estonia, Lithuania and Georgia in the past two years. This was the main topic of a cyber warfare conference this month in Tallinn, the Estonian capital, where EU ministers initially discussed it in late April.

But it’s clear that gaps in judicial co-operation in Europe are creating a paradise for the bad guys to use the Internet and commit fraud. It’s also clear that the majority of cyber threats in Europe are not related to cyber warfare but to cyber fraud, a much bigger and more widespread phenomenon – and growing exponentially.

A typical example of a fraudulent scheme would look like this: fraudster X masterminds a criminal ring in, say, Italy organising cross-border phishing (sending spoof emails) attacks from several EU countries that target financial institutions and e-commerce globally. By recruiting online “money mules” in other countries to move the money from one jurisdiction to another and paying them a small fee X creams the bulk of the huge profits. Fraudsters are even creating their own ISPs (internet service providers) to use the IPs (internet protocols) for their criminal activities.

But there’s an extraordinary lack of data on the scale of cybercrime in the EU and not even a unified system for reporting it. Europol is setting up a European platform for reporting crime but officials admit that the 27 EU member states are under no obligation to provide them with information and they have no precise data on either the scale or the cost of cybercrime in Europe.

What we know is that available statistics show that cybercrime costs $1 trillion worldwide each year. An April 2009 study ¹ by internet security firm McAfee shows that data theft and other online offences have robbed global businesses of that staggering amount. But Europe’s share is unknown.

Online credit card fraud alone cost the UK £223.8m in 2007, according to online identity protection company Garlik. This type of phishing is rising, with information about cards representing 32% of data illegally available online in 2008 – up from 21% in 2007, according to internet security firm Symantec. And this is just the tip of the iceberg. We need cross-border co-operation in Europe to fight a borderless crime that puts at risk the benefits of a digital society and economy.

Albena Spasova is a Bulgarian lawyer and strategy advisor based in Brussels

Annual APWG Counter eCrime Operations Summit

The 3rd Annual APWG Counter eCrime Operations Summit (CeCOS) in Barcelona on May 12, 13 and 14 will survey the technical advances of phishing and cybercrrime groups. At the same time, presenters from across the globe will examine the kinds of technical, operational and policy responses that have proven useful in countering them – from the desktop all the way back to the domain name registry.

The agenda stands as one of the most provocative and useful of any program the APWG has heretofore assembled. Among the cybercrime issues probed at CeCOS III:

• Analysis of techniques used to hack the Tibetan movement’s computers
• presented by the technologist who discovered the hacks and traced them back to China
• Analysis and interpretation of the Conficker worm by the technologist at the California think-tank, SRI, who reported out on Conficker’s new and dangerous capabilities last year
• Strategies for protecting consumers from electronic crime – Defensive strategies for the enterprise IT manager
• Emerging technical attacks against desktops
• Global electronic crime field reports and law enforcement case studies from Italy, Spain, the UK, Malaysia and India
• Evolving defensive strategies for eliminating criminal abuse of the Domain Name System

Discounts for students, justice and law enforcement personnel available: *write to admin@antiphishing.org

*Media request and inquires for attendance, please write: *pressrequest@antiphishing.org

*For more detail on the program’s content, visit the CeCOS III agenda: * http://www.antiphishing.org/events/2009_opSummit.html CeCOS III presenters will deliver discussions of counter-electronic crime operational issues such as successful forensic data sharing, criminal domain name delisting, the evolution of crimeware, a global response architecture for electronic crime events, the co-ordination of responses to electronic crime through a common data reporting format – and an intriguing case of a national government’s intelligence agency spying on a dissident group’s email communications – and more.

Thought leaders, researchers and responders chosen to speak at CeCOS III come from some of the pre-eminent counter-electronic crime companies, research centers, and agencies in the world, including the FBI, SRI, Japan CERT, Australian Federal Police, China Internet Network Information Center, University of Cambridge, Carnegie Mellon University and United Nations Interregional Crime and Justice Research Institute.

*For Conference registration information, see*: http://secure.lenos.com/lenos/antiphishing/opSummit09/ * Hotel registration is available at*: http://www.antiphishing.org/events/2009_opSummit.html#location

*Conference questions*: Peter Cassidy at pcassidy@antiphishing.org or Foy Shiver at fshiver@antiphishing.org

Entrepreneurship in GEB: Fanyab

Ghasem Monajati is an Iranian student who belongs to this year’s GEB group. Just like Martin his ambition is to develop a new company.

In the following interview you can get an idea about what his professional project is about.

GEB blog: Hello Ghasem, what professional back ground did you have before doing the GEB?

Ghasem: Hi, my name is Seyed Ghasem Monajati. I graduated in the mathematical field in Iran and I got my Bachelor of Management and International Marketing from the Russian Federation. I have a good experience in international trading and especially in machine tools trading.

GEB blog: Could you describe briefly what your project is about?

Ghasem: FANYAB is a E-Marketplace project which works in the field of machine tools. In fact this is a business project which contains two environments of businesses:

1)     An industrial environment: because the products in this marketplace are machine tools for the manufacturing process. 

2)  An internet and electronic environment: Because we use the internet and a website as  tools for our business, the tasks of these tools are to provide a way for our customers to access to our database (E-catalog).

The objective of this project is to buy second hand machines in France and sell them in Iran and Turkey.

For the GEB project (a group project that every GEB student has to choose in the beginning of the year) a team was built to develop the business plan for this project: Selim Cheblal (French), Ali Onur Arisoy (Turk) and me (Iranian). Thanks to our team collaboration we achieved very good results for the phase of the project planning.

Let me indeed that FANYAB was already created in 2004 in Iran but it was working just for the local Iranian market. In this “new GEB project” we implement new ideas and did some market research and found  tools to develop this business by expanding the market. Our main target was “ to create a connection between the French and the Turkish market – to create an international business.

To achieve our “goal”, nowadays the best and efficient tool is the internet and to launch an e-business at an international level.

During working on our project we found out more about the weaknesses and strengths of the current FANYAB web site and tried to build an improvement plan to have a more dynamic and active web site. 

Also generally speaking, from a business ethics point of view, the FANYAB project team tried to focus on very important values, which we are going to be created in this project:

ü      The gap between developed and developing countries will be reduced.

ü      Useful machines will not be wasted anymore (environmental aspect)

ü      A virtual union between occidental and oriental countries will be built.

 

GEB blog: In what the GEB could help you to develop your project?

To be honest, the GEB Master was a brilliant chance for the FANYAB project.

If I should describe in one sentence what  the GEB taught me, I would say: “Think globally (internationally) and act locally!”

You probably know that, in the GEB Master we all came from different countries, with different cultures, different ideas and for sure from different markets. So this atmosphere was a great opportunity for me to learn about other markets and also the economy of other countries. This permit me to get good ideas from those other countries and act  in my local market by implementing specific characteristics of the Iranian market.

Another good point about the GEB Master were the IT courses we got. The skills that I achieved there are very important for me and the FANYAB project, which is based on e-business. Courses like:  Internet security, Networking, Competitive intelligence, Database etc. helped me for sure to have more “power” doing FANYAB project.

But you know….for me personally; the most important fact which I REALLY LOVE this GEB Master (out of professional matters) are the “perfect friendship relationships between students of this master”. I found very good friends in this master from other countries and I really enjoyed it a lot with them.

GEB blog: Are you going to launch your company soon?

Ghasem: To create an international company like FANYAB, which we worked on in GEB project, we should analyze more precisely the financial needs and also the legal enquiries. It is an international project with a lot of specific technical parameters (machine tools), so we need more time to be sure about every thing. As we will solve these matters, we won´t establish our company directly. But I hope it will be soon.

Lastly I would thank all professors of the GEB Master from who I learnt a lot of things and also  special thanks to Mr. Sirven for organizing and managing the GEB MASTER. Also thanks again to the FANYAB project team for their collaboration.

I wish success for all my friends in GEB.

GEB blog: Thank you a lot for speaking about your project with us and we also wish you the best for your future.

Entrepreneurship in GEB: JobFact.com

Matthieu Brossard is a French GEB student and willing to answer some questions about his internship.

GEB blog: Hi Matthieu, could you tell us in a few words in what kind of company you do your internship right now?

 

Matthieu: I am doing my internship in a company which is still in establishment: Its name is JobFact.

Since September 2008, I work with two other persons on  the creation of a new website with a brand new concept:

The website content is: Employees all over Europe communicating about their work conditions and salaries.

Thanks to the distance learning program of the GEB Master, I have been able to follow the courses during working with the JobFact team.

 

GEB blog: What is your job in there?

 

Matthieu: My job is to handle with all technical related subjects and to participate in all the company decisions.

On a technical point of view, this includes managing the development provider (team of 5 people), the web server (configuration, security, emailing etc …), building a local technical team etc …

On a more global point of view, I participate in the discussions about the future evolutions of the site, the communication policy, the partnerships etc …

 

GEB blog: Why you chose to work for this company?

 

Matthieu: Well, working on a company creation is one of the most interesting challenges that anyone can take. You get a lot of responsibilities very quickly and you have to apply a lot of what you learnt at school, especially in management.

Moreover, you get to experience fields that are not originally in your skill pool.

 

GEB blog: Great, so if we would like to have a look to the website, what is the address?

 

Matthieu: www.jobfact.com

Don’t hesitate to visit our website and enter in our community!

N’hésitez pas à venir et à entrer dans la communauté!

 

GEB blog: Thank you a lot for sharing your experience with us and we wish you and your team a lot of success with JobFact.

Entrepreneurship in GEB: Bumbou.com

Martin Diatta is a Senegalese student who belongs to this year’s GEB group. His ambition is to develop a new company. Today he will share with us his ideas and tell about the plans for the future.

GEB blog: Hello Martin, can you present us briefly your idea?

Martin: Hello everyone! My project is called Bumbou.com. It will be a company of e-services within the framework of the bilateral commerce between China and Africa. More precisely, it will be a web site which will be a directory of Chinese and African companies. This platform will allow the companies which are beginners in such exchange to have a broader panel of offers. The web site will enable also finding the adequate partners for the customers.

GEB blog: So you want to link the companies from Africa and China. Why did you choose these markets?

Martin: Because the two economic areas (China and Africa) are exchanging more and more. Until now it was mostly cooperation on the state level. But now, the companies are exchanging between them, of course using the opportunity of the good relationship between their different countries.

GEB blog: Who can be interested in this kind of site?

Martin: First of all those who are in trade between China and Africa and those who are interested in this area of trade. Also people who are interested in research of jobs or internships

GEB blog: I understand that the registration will be for free. How do you want to make money on this business?

Martin: One way of making money will be charging advertisers or sponsors for banner advertising and sponsorships. Other solution is CPM (click par mille): it means that every 1000 visit of page, the advertisers consider that there is one click, and they pay between 5 and 30 cent for this click. For the promotion of Bumbou.com, I’ll use all the techniques and skills I’ve learned from the Global E-business masters courses.

GEB blog: What are your plans for the future, after launching the Bumbou site?

Martin: In a medium term I am thinking about launching out the market research for our customers (companies, States or Councils) and universities witch want to share knowledge between those two areas. If the business will go well we can start launching the trade of various products.

GEB blog: Sounds great, when can we see the first results online?

Martin: Actually, I’m going to do my internship (for 6 months with some others interns from GEB master) in the implementation of Bumbou.com. The first 3 months from April to June, we’ll build the website, write the content, and prepare the promotion campaign. And from July to the end of September, the final version will be online and we’ll promote and update the website. I’ll continue, of course, to work on Bumbou.com after September because in Lille 1 University, I’ve the opportunity to be hosted by Cré’innov which is a kind of nursery for new companies. They are my first Partners, thanks a lot to them and Lille 1 University. I believe on the success of Bumbou.com, of course it’s a lot of job but I’ll use all my energy and my volunteer to realize this project. I’ll finish by the sentence I like more “The drone (the male of the bee) flies by its own WILL”.

GEB blog: Good luck, we are looking forward to seeing Bumbou.com!

Martin: Thank you!

GEB in Second Life

GEB courses take place physically in Lille and remotely on Moodle for students, who are abroad. Now the the teachers will have a new tool to use for remote learning, the amphitheater in Second Life. Group of the GEB students created this space during several months and presented the results on a special conference.

Have a look at this video to see the results and hear the comment of one of the creators:

Internship in SNCF

Today we continue our internship cycle and present you a testimony of Alexandre Lenne, who worked for SNCF as a security engineer.