Northwest Arkansas Democrat-Gazette
1,853 cybercrime reports for ’16 in state, FBI says
Arkansas was the source of at least 1,853 reports of Internet crime last year, with cyberattacks ranging from personal data breaches to government impersonation to extortion, according to the FBI.
The reports account for a small percentage of the nearly 300,000 online crimes the FBI tallied nationwide in 2016, but the agency warns that the attacks in Arkansas, some of which were carried out by hackers overseas, have become increasingly complex.
It reflects a global trend in which hackers have used rapidly evolving techniques to infiltrate government, business and personal computer systems.
In May, more than 200,000 computers across the world were reportedly infected in a cyberattack that investigators traced to a North Korean hacking group. Late last month, another version of that attack shut down banking and transportation systems across Europe, and stretched as far as the U.S. and Australia, according to reports.
FBI Special Agent Sebastian Montes said the scale of cybercrime in Arkansas is much smaller, but many of the methods are the same.
“Doing something like that is not easy,” he said. “It takes an individual with a level equivalent to computer scientists. These folks, they’re very savvy and they have the luxury of time.”
The FBI said more than $1.3 billion was lost in Internet crimes and cyberattacks in the U.S. last year, the highest annual total since the agency began publishing that information in 2000.
In its 2016 Internet Crime Report, the FBI noted that ransomware — malicious software that blocks access to a computer system until money is paid — has become more common. Hackers collected more than $2.4 million through ransomware attacks in the U.S. last year, according to the agency.
Some of that money came from Arkansas, where the FBI received 12 reports of ransomware attacks in 2016.
In December, overseas hackers blocked the Carroll
County sheriff’s office and the ARCare medical group from accessing its computer systems in separate attacks.
ARCare reportedly regained access to its files through a backup computer system. The FBI said the sheriff’s office, which did not have a backup system, paid hackers $2,400 in the digital currency Bitcoin to recover its files.
Montes, who is assigned to the FBI’s Little Rock field office, said the agency investigated the attacks but did not have further information.
“The advice that we gave them and we give everybody is we don’t advocate paying the ransom,” he said. “That’ll only encourage them to do it more. However, the reality of the situation is if they don’t have backups, they’re out of options.”
The FBI, through its Internet Crime Complaint Center, fielded at least three complaints of terrorism from Arkansas last year.
In one of those complaints, according to Montes, someone in Arkansas reported that a person in another state was planning to leave the country to “support Islamic extremism.” Montes said another complaint of terrorism that originated in Arkansas involved someone in Indiana who was plotting a mass shooting.
Montes said the complaints, which were ultimately handled by FBI offices outside the state, were taken “very seriously.”
The credibility of the third terrorism complaint from Arkansas last year was questionable, according to Montes.
The FBI said many complaints the agency receives are difficult to verify, but an even greater number are never reported. The agency estimates that just 15 percent of Internet crimes and cyberattacks are reported to federal authorities.
“There’s a lot of cybercrime that happens in the state of Arkansas that we don’t even know about,” Montes said.
The 1,853 complaints of Internet crime in Arkansas last year slightly higher than the average over the past decade.
The number of annual complaints from the state has been steady. The amount of money stolen in cybercrimes each year has increased, from $1.3 million in 2007 to $7.9 million last year.
“There’s no doubt about it that [the crimes] are getting more sophisticated,” Montes said.
The most common Internet crimes reported in Arkansas and across the country last year were nonpayment and nondelivery scams, according to the FBI. That’s when someone pays for a product or service online but never receives it, or when someone provides a product or service but is never compensated.
The FBI received 519 of those complaints from Arkansas in 2016.
The second-most reported online crime in the state last year was the “419/overpayment” scam. That’s the well-known “Nigerian prince” scheme in which a person solicits financial assistance, often through email, to transfer money in exchange for a portion of the money.
The “419” refers to a section of Nigerian law associated with con artistry and fraud.
The FBI received 169 of those complaints from Arkansas last year.
People over 60 years old are the most common victims of Internet crime in Arkansas and across the nation, according to the FBI.
Other Internet crimes reported in Arkansas last year were not financially motivated.
The Islamic State terrorist group hacked the Arkansas Library Association’s computer system last year and posted the names, home addresses and phone numbers of about 800 of the association’s members online, according to the FBI. The hackers also posted Islamic State propaganda on the association’s website.
The hack was reported to be among a series of cyberattacks that the Islamic State group carried out against small civilian organizations across the country. Authorities said the hacks were more about arousing fear than stealing data.
Arkansas State Police spokesman Bill Sadler said the agency looked into the hack but left an investigation to federal authorities.
“Once it gets to that point of international intrigue, we’re going to lean heavily on the FBI,” he said.
There was one report of “hacktivism,” illegal online activity aimed at promoting a social or political cause, that originated in Arkansas last year. Montes said the report involved activity on the “dark Net,” referring to back channels of the Internet that are sometimes used to sell and purchase illegal goods and services. He said he did not have further details on the complaint.
Montes said the FBI focuses on stopping groups of online criminals who steal large amounts of money from multiple people. He said the agency doesn’t have the resources to investigate most individual complaints. Many of those complaints are forwarded to local or state law enforcement agencies.
Montes recommended keeping computer software updated and backing up important files to protect against the most common online threats. The FBI partners with InfraGard, a national nonprofit group, to share cyberintelligence with businesses, law enforcement agencies and other groups to protect the country’s critical infrastructure against more complex attacks.
But even InfraGard has been vulnerable to cybercrime. The group’s website was defaced and the personal information of its members was distributed in 2011. A hacker group known as LulzSec claimed responsibility.
“It’s extremely difficult to stay ahead of every single threat that’s out there,” Montes said.