FBI: Cyber crime is now a ‘business’
MICHAEL Eubanks was a software engineer before he joined the FBI some 18 years ago. His sole focus? Cyber crime.
He has seen how cyber criminals have learnt through trial and error and evolved over the past 15 years.
“Over time, I saw criminals working together using their speciality and looking for distribution platforms.
“When they have enough credibility as a criminal, they would do business with other criminals so that they can target different businesses,” he said recently at an international conference on financial crime and terrorism financing in Kuala Lumpur.
He says cyber criminals have turned what they are doing into a “business”.
Eubanks says a cyber criminal could specialise in stealing credentials then sell these to other cyber criminals who would figure out how to use them.
“The reason you should be concerned is because the criminals are considering themselves as businesses.’’
From the cases Eubanks has worked on over the last six years, he has found that cyber criminals have an organisational structure.
“They have a development team, recruitment and management, sales and marketing people to market to other criminals.
“These guys work as a team. There is a whole underground infrastructure of people that provide such services.
“It is no different from the business world. Most of the criminals refer to their organisations as their business. Their mindset is that ‘This is business’.
“These criminals keep business records of every transaction. They know who owes them money, who they owe money to and what the transaction is for and the date and time it was executed.
“They maintain ordinary business records,” he adds.
He says the cyber underground market these days exists on different platforms with more and more popping up each day which makes it much more difficult for law enforcement to track.
“You don’t even have to be a criminal to get in there. You only need a bit of credibility to purchase stolen data.”
Another speaker at the conference, Md Khairul Anam, deputy director of Bangladesh Financial Intelligence Unit, spoke of how hackers took advantage of a weekend in early February this year to hack into Bangladesh Bank’s central system and steal US$81mil (RM341.1mil) through unauthorised payment using the SWIFT system.
(The SWIFT system is one of the pillars of international finance. It is the network that financial institutions rely on to send and receive information about financial transactions supposedly in a secure and reliable environment. So what happened to Bangladesh’s central bank sent shock waves through the international banking community.)
Md Khairul says Friday and Saturday is the weekend in Bangladesh, so the hackers waited until Thursday night (Feb 4) to hack into the system.
“They choose a moment in such a clever way to commit the crime during the weekend (Feb 5 & 6) when the bank is closed so that their action will go undetected (until after the weekend).”
He says people at the bank noticed that the printer was not working but did not think anything of it because this was something normal for the bank.
He says the hackers had actually tried to circumvent US$926mil (RM3.9bil) from the central bank but a number of transactions did not go through.
“It was a criminal master plan. The criminals are smarter than us. Everyday they build new adware and malware. We have a lot to do to have a foolproof and secure system.”
Sophisticated hackers
In an interview with The Star, Cyber-Security Malaysia CEO Dr Amirudin Abdul Wahab says the techniques used by attackers are getting more sophisticated.
He warns that a lack of user awareness and negligence among users and organisations in terms of security could put people and organisations at risk against cyber security threats.
Any sector, he says, which has online business and transactions for the public, is exposed to cyber attacks and most sectors use the Internet and computer technology to run their business and operations.
“Along with sophisticated technology, hackers motivated by financial gain and individual satisfaction continuously launch cyber attacks.”
He says the sectors most exposed to cyber attacks is the Critical National Information Infrastructure (CNII) such as the banking and finance sector, emergency services, energy, goods and agriculture, government, health services, information and communication, national defence and security, transportation and water.
“These sectors have the most valuable information to a nation in terms of people, business and processes.
It is no different from the business world. Cyber criminals work as a team: they have a development team, recruitment and management, sales and marketing people to market to other criminals. Michael Eubanks, FBI
“Targeting and successfully compromising a CNII sector may have a high impact.”
In parliament this week, Deputy Science, Technology and Innovation Minister Datuk Dr Abu Bakar Mohamad Diah disclosed that there has been a sharp increase in computer hacking over the past two years.
He said in 2014, there were only three cases, one involving the CNII and two involving corporate companies.
That number skyrocketed last year, he said, with 20 cases involving CNII, 43 to do with corporate companies, three involving institutions of higher learning and 21 home users.
This year, the number continued to be worrying, with 23 cases involving CNII, 18 with corporate companies, three universities and six home users.
Dr Amirudin says what we are seeing these days is an advanced persistent threat. He warns that future threats are only going to get “more sophisticated, more advanced and more challenging”.
“In the past, they just dump viruses randomly. But now the attacks are more targeted and focused.
“If you are a bank for example, they will focus on you and attack and persist until they get what they want.
“And with more advanced highly sophisticated malware and advanced persistent threats, the antivirus program might not be able to detect it.
“And it might get past the firewall and even the intrusion detection system.”
He says organisations have to put the best security measures they can in place to stave off these cyber attacks.
“For criminals, that is their bread and butter. They will find ways. If I say it is safe today, they will try to find other ways tomorrow. That is why we have to be always adaptive and not wait until things happen.”