Most people envision cybercrime looking like the movies, where slick tech geniuses sit behind keyboards writing elaborate programs to outsmart major computer networks.
But oftentimes, the truth can be as simple as criminals tricking users into clicking on web links contained in clever but fake emails from familiar companies that promise free gifts, seek to help fix your “full” email inbox or track bogus packages being delivered to your home.
ANU College of Asia and the Pacific’s Cybercrime Observatory ran an experiment on a group of students to see if they would click on these so-called phishing emails that used fake enticements to open bogus links. Large numbers of students clicked on these phishing links, especially one that was titled “exam schedule changed.”
“The victim is ‘socially engineered’ into opening it,” said Professor Roderic Broadhurst, who heads the Cybercrime Observatory. “You’re allowing the trespass or the intrusion. So it’s not hacking or using brute force to crack a password.”
Broadhurst has conducted research into spam, a practice that sends out thousands of emails and offers criminals a high return for a modest investment. One project churned through a sample of more than 13 million emails identified as spam, ran them through databases of known malicious software, known as malware, and found that about 1.5 million contained either malicious web links or attachments designed to steal information or plant destructive malware.
But spam is only one of a wide range of internet-related criminal trends that the observatory monitors, which also includes illicit online markets, malware or crime-as-a-service, and botnet attacks – where personal computers are taken over and used by criminals to disrupt a legitimate computer network.
Additionally, the observatory trains undergraduate and postgraduate students in cybersecurity and cybercrime prevention, providing them with real-world law-enforcement and technology experience. Its students were the first to be invited to use the high-end technology at the Australian Cyber Security Centre, which houses police and intelligence agencies focused on preventing hacking into Australian computer networks.
After gaining hands-on experience, the lab’s graduates usually get snapped up for jobs in the government or law-enforcement fields because of the high demand for computer expertise, said Broadhurst, who began his career in the prison and corrections sector.
His research has spanned across criminology and includes work on offender treatment and rehabilitation, crime prevention, and homicide analyses. Broadhurst jumped into the cyber arena more than 15 years ago while he was working in Asia at a time when Microsoft was offering seminars and conferences to law-enforcement communities in its attempt to thwart intellectual property theft.
He has learned to be comfortable with technology, and he sees many similarities between crimes committed online and in the real world. While fingerprints or fibre traces usually are left at crime scenes, cyber criminals often leave digital clues in their computer code or online forums, Broadhurst said.
“We spend a lot of time hanging around forum discussions and scraping (data) from dark nets and clear networks,” he said. “The most popular trend currently is attacks on Bitcoin miners – stealing their computer power.”
But technology often adds a layer of complexity as well as some twists to modern crime.
Some of the observatory’s projects include:
Sometimes cybercrime gets overshadowed by all the attention paid to the threats stemming from cybersecurity. The difference between the two is that while cybersecurity tries to protect computer networks from invading hackers, cybercrime involves criminal activity that employs technology.
“The current government and industry conversation is about cybersecurity. Cybersecurity is about the technology and about what criminologist would call the crime proofing of software and hardware so that it relatively safe from cyber attacks,” Broadhurst said. “It doesn’t, unfortunately, stop cybercrime.”
Research funded by: Criminology Research Council, Australian Federal Police, Korean Institute of Criminology
Related website: Cybercrime Observatory
Related research: Professor Roderic Broadhurst
Image credit: Shutterstock