Crime figures: 'Five million' fraud cases in past year
15 October 2015
As June Kelly reports, the figures show the scale of cyber crime
There were more than five million incidents of fraud in England and Wales in the last year, estimates suggest.
The Office for National Statistics has published an estimate of fraud for the first time, based on its Crime Survey.
There were also 2.5 million cyber crime offences, such as computer hacking, the ONS estimated.
The Crime Survey indicated an 8% fall in crimes it covers. Separate data, based on reports to police, shows an overall rise in offending of 5%.
Official figures are drawn from two sources:
The two sets of figures have been published together for many years to give a more rounded impression of crime levels.
The police figures suggest a 25% increase in violence, with murders at their highest level for four years.
In the 12 months to the end of June there were 569 homicides, up 44 on the same period the year before.
For years traditional crimes have been falling right across the Western world, irrespective of who's in government and how many police are on the beat.
But today's figures have captured for the first time an awful lot of criminality that, quite simply, looks like it has been missed.
If you add the official data for traditional crimes to the provisional figures for cyber and fraud, the number of offences breaches 14 million. That's still down on the 1995 peak of 19 million offences - but it's an awful lot higher than statisticians thought a year ago.
Many experts will now be having a "told you so" moment. Crime statistics sceptics say there's just not enough police and policy focus on 21st Century offending.
Criminality is rapidly changing - and the real question is 'Are the police in a good place to combat it?'
Just over half of the 5.1 million frauds included in the Crime Survey data involved some financial loss, the ONS said.
Where losses were reported, 78% got some form of compensation, with 62% reimbursed in full.
Frauds included card fraud and frauds committed over the phone and online. The fraud data was based on a sample of 2,000 people.
An ONS spokesman said: "Although we estimate that there were more than seven million fraud and computer misuse incidents in the past year, this does not necessarily imply a recent rise in crime as the new measures bring into scope a large volume of offences not previously included in the Crime Survey."
He added: "These new estimates should be seen in the context of a reduction over the past 20 years in the more traditional forms of crime, from 19 million incidents a year in 1995 to under seven million a year today."
The most common cyber crimes - committed under the Computer Misuse Act - were those where a victim's device was infected by a virus.
The category also includes the hacking of people's emails or social media accounts.
Overall, the Crime Survey estimated 6.5 million offences had taken place in England and Wales - down 8% from last year.
That figure does not include the fraud and cyber crime estimates.
If they were added, it would mean a total of 14.1 million crimes, but the ONS cautioned against combining the two sets of figures, saying the fraud and cyber data are "experimental" and based on a much smaller sample.
A spokesman said: "One is a proven set of national statistics and the other is not."
The most common cyber crimes involved a victim's device being infected by a virus
Crime Minister Mike Penning said crime rates were falling because of police reforms.
And he said the rise in violent and sexual crimes being reported was due to changes in how offences were recorded.
"Crime is falling and it is also changing, and we are committed to tackling fraud and cyber crime," he added.
A spokesman for the National Police Chiefs' Council said the fall in crime estimated by the Crime Survey figures was "encouraging".
Meanwhile, the increase in crime reported to police, he said, "reflects the efforts being made by forces to improve consistency in crime recording".
He added: "There is still a gap in what the public are experiencing and what is being reported to the police. However, it is extremely encouraging that the gap between the CSEW public survey and the recording of crime by the police continues to narrow."
US undercover agent jailed for six years for Silk Road Bitcoin theft
Virtual currency Bitcoin allowed Silk Road users to remain anonymous
A former undercover policeman has been sentenced to six and half years in prison for stealing $700,000 of the virtual currency bitcoin.
Agent, Carl Force was part of the Drug Enforcement Administration (DEA) investigation into the black market website Silk Road.
Silk Road allowed its users to buy and sell illicit good including drugs and weapons anonymously using Bitcoin.
Force pled guilty to extortion, money laundering and obstruction of justice.
Force was posing as a drug dealer with connections to hit men to establish contact with Silk Road's founder, Ross Ulbricht. His code name for the assignment was "Nob".
Once he reached Ulbricht, Force sold him information about the investigation.
Ulbricht is a serving life sentence for conspiracy to traffic narcotics, money laundering and computer hacking, all associated with his creation of Silk Road.
The judge in the case said Force's "betrayal of public trust is quite simply breathtaking".
A former Secret Service agent who was also charged pleaded guilty and will be sentenced separately in December.
Bitcoin is digital currency not controlled by any government. Users can buy and sell goods using a unique code that allows users to remain anonymous, something that has made Bitcoin a popular choice for funding criminal activity.
Online attackers steal £20m from UK bank accounts
14 October 2015
The UK's National Crime Agency is hunting cyber-attackers who stole more than £20m from British bank accounts.
Malware called Dridex harvested victims' online banking details so the attackers could siphon off funds.
The NCA said it was working with the FBI and other authorities to limit the malware's usefulness to criminals and one man had already been arrested.
One expert told the BBC the attackers had been particularly cunning to avoid being detected.
"This is very sneaky software that relied on people not being vigilant with their online banking," said Prof Alan Woodward, a cybersecurity expert who advises Europol.
"If you imagine thieves making lots of little transactions, rather than one big one, it is more likely to go unnoticed."
People were tricked into installing malware
The Dridex Trojan infected computers through a malicious Microsoft Office document, typically disguised as an invoice and emailed to victims.
The malware relied on tricking people into installing it on their machines, rather than exploiting a security hole in the operating system.
It would then eavesdrop on people entering their bank account details and send the information back to the attackers.
"Banks have software running constantly in the background looking for suspicious transactions, but criminals are adopting patterns that are not flagged up," said Prof Woodward.
"With thousands of computers infected, they only need to take a small amount from each bank account and suddenly they've got millions."
The NCA said it was trying to "sinkhole" the Trojan - working with internet service providers to divert the software's attempts to "phone home" with stolen bank account details.
The US Department of Justice said on Tuesday that a Moldovan man, Andrey Ghinkul, had been arrested in Cyprus in August and the United States was seeking his extradition.
The FBI encouraged people to use anti-virus software to help protect their computers.
"All the usual advice applies," said Prof Woodward. "Don't open unexpected email attachments, even if they appear to be from the bank.
"And check your bank statement for suspicious transactions. Query anything you don't understand, even if it's a small amount, as criminals may be taking a small amount from millions of other people."
US dismantles 'massive' cyber crime syndicate
10 November 2011
The FBI alleges that infected computers would be re-directed to sites that rewarded the gang
Cyber criminals who are alleged to have made $14m (£9m) from advertising fraud have been arrested in Estonia.
The FBI alleged that the gang infected more then four million computers in 100 countries with code that redirected users to online ads.
The six arrested are Estonian nationals while the seventh member of the gang, a Russian, remains at large.
Security firms hailed the arrests as the "biggest cyber criminal take down in history".
About 500,000 of the affected computers were in the US and many of the millions inadvertently enrolled in the fraud scheme were in government offices, schools, and corporates.
Aiding the investigation into the scale of the scheme was US space agency Nasa which first discovered the malicious software on 130 of its computers. Security firm Trend Micro also provided key intelligence during the long investigation.
The FBI claimed that the "massive and sophisticated internet fraud scheme" revolved around servers set up to surreptitiously reroute traffic to websites where the gang would get a cut of the advertising revenue.
Victims would start out trying to visit sites such as Amazon, Netflix and ESPN but instead end up on sites displaying adverts put together by the gang, said the FBI in a statement.
"These defendants gave new meaning to the term, 'false advertising'," said Manhattan US attorney Preet Bharara in a statement detailing the take down which the FBI dubbed "Operation Ghost Click".
Describing the gang as "cyber bandits", Mr Bharara alleged they collected "millions in undeserved commissions for all the hijacked computer clicks and internet ads they fraudulently engineered".
FBI documents detail the scheme the gang is accused of running which employed rogue copies of the net's address books to re-direct people to the fraudulent sites.
The FBI has produced a software tool that people can download and run to see if they had been hit by the gang and were being re-directed. The gang reportedly tricked people into installing the malicious code that hijacked their PC by disguising it as a codec required to watch adult movies.
More than 100 computers were seized in raids conducted at the same time as the arrests. The rogue address books have now been switched for servers that direct people to where they wanted to go.
Domestic ISPs are also being told about the people that were infected to give them a chance to clean up.
The defendants have been charged with five counts of wire fraud and computer intrusion crimes. If found guilty they face heavy jail sentences.
James Bond cyber crime expectations 'unrealistic'
By Sian Grzeszczyk
8 April 2013
The public may have "unrealistic" expectations, the report found
Being "brought up on a diet of James Bond, CSI and Mission Impossible" may have given the public "unrealistic expectations" when it comes to solving cyber crimes, according to police.
Public perception is listed as one of five challenges representing the "greatest issues" in tackling cyber crime, and crime in general, in the future, in a Warwickshire Police report.
Other issues highlighted by Det Insp Mark Glazzard include the availability of technology and challenges to police resources.
In the report, Mr Glazzard said: "The public have been brought up on a diet of James Bond, CSI and Mission Impossible films and programmes. Their expectations with regard to complex, international crime investigation may be unrealistic."
Other future problems in tackling cyber crime, he said, would include the difficulty of international cyber crime crossing different jurisdictions, and also fewer police resources being dedicated to investigations because of budget cuts.
He said the increase in use of "cloud storage" could complicate investigations with information, intelligence and evidence contained within the internet itself.
Mr Glazzard said the sheer number of handheld devices which could be used to access the internet could mean a potential increase in online crime.
Regardless of how good the investigators on CSI look, or how flashy their cars and music are, crimes are not solved by iconic imagery, nor the latest hi-tech see-through monitors.
Law enforcement relies on good old fashioned detective work, which is aided by forensic and IT specialists, who provide the technical and procedural skills in recovering data, identifying movements from mobile phones and other digital devices.
Criminals are not generally experts in the use of IT, so in many cases, the evidence can be identified, selected and used to prosecute or help corroborate other non-digital evidence or testimony.
In saying this, many more criminals are becoming aware of the dangers of leaving a digital trail and as such have become much more IT-wise than they had previously, and now employ techniques such as encryption and steganography to hide their trail.
Warwickshire Chief Constable Andy Parker was due to present the report's findings to the county's Police and Crime Commissioner Ron Ball.
It reveals there were more than 250 reports of cyber "fraud" in Warwickshire in January and February. The most-reported category of fraud in January was connected to online shopping and auctions.
The category of cyber crime includes fraudulent online shopping activity, computer software service fraud, computer misuse crime, offences linked to computer viruses and spyware and computer hacking.
Action Fraud, the national reporting centre for fraud and internet crimes, said it had received more than 46,000 complaints over the past 12 months from members of the public across the UK about "cyber-enabled crime".
It said that amounted to attempted levels of fraud of £292m.
Brian Moore, senior lecturer in ethical hacking and network security at Coventry University, said the general perception of how cyber criminals operated had been "glamourised and completely falsified by the likes of shows like CSI and NCIS".
He added: "The criminals may always be one step ahead, and the biggest barrier may be that, as time passes, more and more knowledge and tools of how to hack, crack and carry out identity crime have been proliferated across the internet.
"The next wave of hackers may be the first true data terrorists, as we, perhaps, ain't seen nothing yet."
1