news

Economy

Crime-as-a-Service

Petra Štogrová Jedličková
23/05/2019
news

In the 1920s, the modernization of organized crime was initiated, the mafia gangs of that time operated according to their own solid, elaborate rules, was well structured, globalized, hierarchical, using a sophisticated system of anonymization, thus erasing the possibility of tracing the real culprit. Only in this way was it possible that Lucky Luciano, the greatest American mafia boss, had escaped completely justice and Al Capone, the second most famous mafia, was convicted of the smallest of the crimes he had committed - tax evasion, even in the lower amount provable. The mafia did not use assassinations only to protect its own ranks and rules, but above all as a tool for growing business. One hundred years later, we are experiencing a globalization of cybermafia, which uses ransomware, phishing, or other weapons instead of a Lupara shotgun. Just like the mafia of the 1920s, it has a global network, hierarchy, rules, it works in an organized manner and uses a sophisticated system of anonymization. Rental cyber-criminals are given similar tasks as mafia pawns, either to dispose of someone or to rob individual or whole businesses while the motive is the same - a trade war. Liquidation of a competitor (e.g. by taking over a business or by sucking out its accounts), stealing trade secret by data breaking, transferring funds from bank accounts, or at least blackmailing with data encryption are unfair tools of business warfare. Moreover, such an attack can order your competitor completely anonymously over the Internet! I would call it a "Crime-as-a-Service" as a paraphrase of "Software-as-a-Service", where you have a service that is centrally managed and you only pay for its specific use, but you do not own neither the license nor the source code. Does it sound like a film theme "Al Capone after 100 years"? No, no! The issue of corporate security in cyberspace is very urgent, also the Crowe EMEA conference in Warsaw this April focused on this topical issue. Do you feel that this is not your concern, because

a) you are not so rich or

b) your company is not so much visible?

On the contrary! It's just "carpet raid", as I call it, for smaller businesses and ordinary people is what works best. Kaspersky's Cyber Map shows an attack on Microsoft every 7 seconds and an attack on Israeli authorities every 3 seconds, but it is rather just a training and advertising, the real achievements are in the attack on ordinary people and companies. On the one hand, they will not have strong cyber-security, and most importantly they will not have the means to defend themselves effectively. In my particular world (I am not rich and our company is SME), I have experienced a very sophisticated phishing focused on bank transfers, my friend's data were encrypted and hackers demanded money for their decryption, my friend was blackmailed so that if she does not pay her sensitive data will be sent to contacts from her e-mail, a friend lost his business when someone under false identity got overdraft with which he disappeared instantly and forever. At the moment, the Czech Republic is the 55th most cyber-attacked country in the world, and in 39th place in GDP per capita, I would not like it to be reversed!

Author