The Motives of Internet Criminals: Why They Want Our Money

This chapter is from the book

dotCrime Manifesto, The: How to Stop Internet Crime

Learn More Buy

This chapter is from the book

This chapter is from the book 

dotCrime Manifesto, The: How to Stop Internet Crime

Learn More Buy

Emerging Threats

Internet crime tends to move from bad to worse. Just as the amateur hackers quickly moved from vandalism to making money, there is always a fringe of crimes where money is not yet the primary motive or the techniques are not yet outright criminal.

Spyware

Spyware is the common cold of the Trojan world. Most spyware will not kill you, but it can make you feel pretty miserable until you get rid of it. And, like the common cold, almost all spyware will make you more vulnerable to more serious forms of infection, and some can ruin your financial health.

The small group of spyware companies clinging to the pretense that they are engaged in an honest business is rapidly dwindling. It is being replaced by worse.

The most benign form of spyware insinuates itself into a Web browser and provides a constant stream of reports on the sites the user is visiting, the pages viewed, and so on. The spyware company constructs a profile of the user from this information and sells it to any buyer willing to pay.

A more intrusive form of spyware called a cobrowser or adware pesters the user with advertising related to the sites he surfs. If you visit a site on rock climbing, an advertisement for climbing gear or outdoors clothing might appear. If you looked at a TV on one site, you might see an advertisement from a competitor.

The worst type of spyware silently watches the user and reports his most sensitive personal data to the organized crime rings that produced it. This might be used to steal money from the victim directly or to perform an identity theft and apply for a loan in his name.

Today, spyware of the first type has pretty much sunk into the second type, which is rapidly sinking into the third.

The same thing happened with spam. The first spam tried to sell real products. As people stopped buying, the spammers found peddling porn and fake Viagra was the only way to make spam pay. As the second generation of spammers found it increasingly difficult to get legal network access, the gray-market spammers were quickly displaced by the outright criminal.

We could make an effort to distinguish legitimate spyware from the outright criminal, but it is easier to make the propagation of any software intended to resist removal at the direction of the owner of the machine a criminal act. Spyware provides nothing of value to the Internet community.

Like the spammers, the spyware outfits are caught between the pincers of legislative and technical measures, which are certain to obliterate their "industry." Even if they manage to stay ahead of the technical measures intended to make it harder for them to infect machines and easier for users to remove infections, legislative action is inevitable. As with the spam "industry," all that will be left is a hard core of spyware operations whose activities are unambiguously criminal.

Terrorism

The Internet has become an infrastructure that is as critical to the running of the modern economy as the telephone system or electrical power. And just as the Internet is dependent on electric power to run, there are complex and increasing interdependencies between the Internet and the telephone and electrical systems.

The threat of cyberterrorism is usually considered in terms of preventing an attack on critical infrastructure. In a recent TV drama, the fictional cyberterrorists performed the highly unlikely feat of successfully disabling every nuclear power station in the U.S. by hacking into the computer system that controls them. In practice, such an attack would be most unlikely to succeed because the nuclear power stations in the U.S. were designed long before the Internet existed, and there is no reason why the computer systems that are used to control them would need to be connected to the Internet.

Bombs are simple but effective means of creating fear and causing disruption. Cyberattacks require considerably greater resources to perform and are much less likely to be effective in achieving these particular ends.

The history of the Red Army Faction (Bader-Meinhof Gang) and similar groups operating in Europe in the 1970s and 1980s suggests that it is more likely that terrorists will turn to the Internet for funding and propaganda rather than as a means of attack. The Red Army Faction financed its activities by robbing banks. Al Qaeda's primary means of finance was the opium trade. Paramilitary groups on both sides of the sectarian divide in Ireland funded their activities through bank robberies and extortion rackets. We must deny these and similar groups the ability to raise funds through Internet crime.

Most terrorist groups already operate Web sites to further their political program, either directly or through sympathetic groups. These Web sites are often the target of attacks by opposing political groups, in some cases disabling the sites completely, but in other cases posting their own propaganda on their opponent's sites.

Often the attacks come from hacker groups that do not consider themselves as terrorists in the conventional sense. But there is a significant risk that actions by these irregular groups might cause escalation of an international incident at a time when the state actors are trying to diffuse the crisis.

A situation of this kind occurred during an incident in 2001 when a U.S. plane struck down a Chinese fighter jet with a missile and was subsequently forced to land in Chinese territory. While diplomats from both countries worked to avert a major crisis, groups of hackers in both countries launched information warfare attacks that threatened to escalate it.

Espionage and Warfare

Intelligence agencies used computer networks to perform espionage long before the Internet existed. The best public account is to be found in Clifford Stoll's book, The Cuckoo's Egg. Stoll, an astrophysicist and system manager at the Laurence Berkley National Laboratory, discovered a 75-cent discrepancy in the accounting records on a computer. Investigating this minor discrepancy led to the discovery that the machine was being used as a staging post for attacks on U.S. military computers by German and Hungarian hackers who were selling the results to the KGB.

The use of computer networks to conduct espionage is not new, but the amount of information available to the Internet spy is unprecedented. Equally unprecedented is the ease with which information that at one time might have been regarded as highly sensitive can be obtained from nongovernment sources. Perhaps the most dramatic example of this is Google Earth, which allows anyone to view a satellite picture of virtually any part of the world. Satellite reconnaissance is no longer limited to governments.

Espionage is a national security concern but not necessarily a national security threat. What governments reveal about themselves is balanced by what they discover from others. A mutual exchange of information can help reduce mutual suspicion and the political instability that can create.

The possibility of cyberwarfare is of considerably greater concern. Paradoxically, governments might be drawn to cyberwarfare for precisely the reason that terrorists are likely to avoid it. By definition, the terrorist seeks to create fear and panic. Governments seek a least-risk means of achieving their political outcomes. Physical violence, even if performed by proxies, carries a high risk of retaliation. Since the end of the cold war, the number of states that actively sponsor terrorism has dropped. The number of states designated by the U.S. as "state sponsors of terrorism" has dropped from seven in 1979 to five in 2007.¹¹ If a similar list had existed in the 1970s, it would have numbered 15 or more.

Cyberwarfare might provide a new opportunity for belligerent states to engage in low-intensity conflict. As with the use of terrorist proxies, cyberwarfare provides a degree of plausible deniability.

Cyberwarfare is only an attractive mode of attack against an enemy that is sufficiently dependent on a high technology infrastructure to make its loss a serious concern. A country that is only able to provide power for a limited number of hours each day is not going to be brought to its knees by an Internet outage.

Until recently, the ephemeral nature of Internet vulnerabilities has made cyberwarfare impractical. It is not possible to stockpile weapons for a cyberattack as if they were tanks, planes, or bullets. A cyberweapon has an unknown and short shelf life. Maintaining a cyberwarfare capability would require constant research and development. One approach for the country looking to develop a cyberwarfare capability is, therefore, to acquiesce to if not actively encourage the growth of Internet crime rings so that their technical skills may be called upon should this be required. Evidence is beginning to emerge that might suggest that this is happening.¹²

Pedophile Rings

Phishing is real crime, and a lot of money is lost, but as a banker who used to be a policeman on a homicide squad pointed out to me once, "It is only stuff." The worst effects of the online world are what can happen to people, not their money.

The positive effects of the Internet vastly outweigh the bad. The Internet is bringing information on sanitation and healthcare to slums around the world. It's giving the poor and the oppressed a voice in political systems from which they have been excluded. And the Internet has played a key role in the exposure of numerous abuses of children by pedophiles.

The threat of Internet pedophile rings was the first serious Internet crime that the mainstream media took seriously. The reports make it easy to believe that the Internet is filled with pedophile predators plotting to rape and murder children, a lawless frontier where law enforcement is impotent.

Fortunately, the truth is rather different; law enforcement was taking the problem of Internet pedophiles seriously before the first reports reached the mainstream media.

There will always be Internet sites offering pornographic material that offends the sensibilities of some government or other. Magazines sold openly on the shelves of newsstands in Germany would still result in a jail sentence if found in a UK home.

The material of concern for the purposes of this book is not what might merely offend but that which is universally prohibited, in particular explicit photographic or video depictions of prepubescent children in penetrative sex acts.

Internet pornography is a large, highly profitable, legal business. Child pornography is a threat to that business. The same is probably true albeit to a much lesser extent of the professional Internet criminal. Child pornography is a considerably greater risk than bank fraud; it is only going to be an attractive crime if it is considerably more profitable than the alternatives.

In 1995, the FBI began Operation Innocent Images, which tracked pedophile use of the Internet. FBI agents monitor online chat forums for criminal activities. Just as people who try to hire a hit man by responding to advertisements in the classified section of Soldier of Fortune magazine invariably end up talking to undercover law enforcement officers, pedophiles attempting to "groom" a victim in an online chat room are likely to receive a similar surprise.

In 1998 law enforcement agencies in 13 countries arrested 107 members of the Wonderland pedophile group. Police seized three quarters of a million images, many of which depicted sexual acts with minor children. Seven British members of the club received jail sentences of between 12 and 30 months, one received a 12-year sentence for rape, and another member committed suicide before the trial.

Even though the Wonderland club was extensive, its primary purpose was perversion rather than profit. Members of the club swapped images and videos. To join, a prospective member had to provide a large number of original images.

The breakup of the Wonderland gang and subsequent police operations demonstrate that the Internet does not allow pedophiles to operate without fear of prosecution. The members of Wonderland were caught despite attempting to use sophisticated encryption technology.

The use of technology cuts both ways; the most sophisticated Internet criminals can use technology to conceal their activities, but Internet technology also makes it easier to identify Internet criminals with ordinary skills or less. Even the most sophisticated Internet criminal only needs to make one mistake to get caught.

The Internet allows groups of all kinds to operate on a much larger scale than previously but does nothing to change the risks inherent in operating any criminal operation on a large scale. The more members that a criminal organization has, the greater the risk that one of the members will be caught with information that incriminates other members of the group.

The existence of the Wonderland club had been revealed by forensic examination of computers seized in an earlier 1996 investigation into a pedophile ring called The Orchid Club, which led to 19 defendants receiving sentences ranging from 12 months to 30 years.

Internet pedophiles remain a serious problem, but it is the only Internet crime problem that can be regarded as being under some measure of effective control.

The arrest and prosecution of Internet pedophiles demonstrates that Internet crime can be investigated and controlled. It is hard to get law enforcement in another country to investigate a case involving computer hacking, but pedophilia and bank fraud are a different matter.

Offline Safety

Online dating poses many risks, only some of which are criminal matters. The real safety concern is not what happens online. There are few places safer than the Internet; risks to life and limb occur only if the participants meet offline. Online chat rooms can result in emotional injuries, but there is no risk of physical harm unless online activities cross into the offline physical domain.

Despite widespread expressions of concern, safety appears as an afterthought in many popular books on Internet dating—a few chapters thrown in at the end. Heaven help the reader who starts dating before finishing the book!

The boundary between the online and offline world is an important safety control. Strictly speaking, the online world is not anonymous and never has been. An online avatar is a pseudonym, an alternative persona, a mask that is to be worn by its unique owner.

Maintaining the pseudonymity offered by online interactions allows participants to reduce the risk that the boundary between the online and the offline world will be broken without their permission. It also increases the risk of physical harm if those boundaries are breached.

The boundary between the online and offline worlds may sometimes be breached without permission. It takes some skill to hide effectively online. Occasionally, an involuntary breach leads to serious consequences. More often, the connection between the online and the offline world is made voluntarily. The point of online dating is to meet people after all.

Internet stalkers are a real risk for women in particular (and also for men). The risk of an unwanted pregnancy or contracting a sexually transmitted disease is considerably higher. A study of online dating by Dr. Paige M. Padgett at the University of Texas reports that "Seventy-seven percent of respondents who met an online partner did not use condoms for their first sexual encounter".¹³ None of the online dating guides I read made mention of condoms or birth control either.

If you are a woman and you meet an Internet criminal in person, you may have worse to fear than crime. While researching this topic, I went to an airport bookstore and asked if she had any books on online dating safety. Immediately she handed me a book and said, "It's not the Internet, but you should warn women about the men who read this."

After reading the book, I agree. A how-to guide for lounge lizards,¹⁴ the book advises men to peacock (that is, dress like a pimp), frequent places where lots of women congregate, and attempt to attract them through "demonstrations of high value" (that is, project a huge ego). The only counterintuitive part to the process is the idea that the man should demonstrate a high value relative to the woman by expressing a lack of interest in her and talking her down. Feminists will be disappointed to discover that the guy who insists that the woman buy her own drinks might well be a misogynist intent on establishing a high relative value rather than a champion of equality.

There is a curious mismatch between the shallowness of the pickup lines presented and the use of technical jargon. The mismatch is explained when it is realized that many of the terms used come from writers who are not generally regarded by mainstream psychology and whose theories are of the type that explain rather too much and predict rather too little.

Looking at the work a little closer, I noted some curious similarities between the self-styled "seduction community" and the activities of the online vandals who preceded the rise of the professional Internet criminal. Both groups display the same ego-centricity and obsessive use of jargon as a substitute for understanding, the same outlandish claims made for their success in applying their expertise. Finally, unpicking the wider social circle, I recognized some names of notorious (and some not so well known) Internet criminals.

In retrospect, it is obvious that someone specializing in "social engineering" would attempt to apply his skills for sexual advantage. As with all advice from such circles: Caveat emptor. If the author of a book openly boasts about his success in manipulating people, he is almost certainly attempting to manipulate his readers too.