Europol released its 2016 Internet Organized Crime Threat Assessment Report on cybercrime today and the results are more disturbing than last year’s report. The Report can be accessed here.
Generally, the Report findings were that the volume and scope of cybercrime has reached very high levels and now surpasses regular non-online crimes.
The Report made a number of key findings focussing especially on the threats from all digital currencies including Bitcoin, and the technology that runs them including Blockchain and distributed ledger technologies arising from its anonymous nature and use as a preferred payment method for cybercriminals.
Some of the key takeaways from the Report are as follows:
- Critical infrastructure (ports, railways, pipelines, financial services, bridges, electrical grid, air ports, dams, etc.) remains particularly vulnerable because those industries that build and maintain critical infrastructure have not done enough to design and implement against threats from cyber-criminality, leaving them open to attacks.
- Threats to banks remain significant, particularly from Trojan attacks.
- In terms of financial fraud, e-commerce is an ever-present threat with fraud and cyber-criminality occurring mostly from airline ticketing, car rentals and hotel accommodation. The threats are two-fold – stolen card numbers are used for payments from these services and identity theft from the databases online of these types of merchants that are unprotected.
- NFC card systems, thought to be more secure, are now being used for cybercrime by transnational criminal organizations.
- Cybercriminals are increasingly targeting what are called high value targets of large corporations, high profile lawyers and judges and high-ranking members of government. According to the Report, tens of thousands of high value targets are defrauded annually, mostly CEOs for their banking information, or are extorted for payments over personal details that cybercriminals have obtained about them (e.g., the most common anecdotally appears to be CEOs who are engaged in extra-marital relationships).
- Bitcoin and other digital currencies, and the Blockchain and distributed ledger technologies that power them, remain the number one concern for cybercriminality because they continue to be the payment of choice for cybercriminals who engage in all varieties of cybercrime from child pornography, extortion and attacks on critical infrastructure and businesses. Users of digital currencies continue to be able to conduct financial transactions anonymously because, among other things, wallets are anonymous, and that has spawned the payment phenomena of P2P C2C payments (peer-to-peer criminal-to-criminal payments) which are not part of the financial system and undetectable by law enforcement.
- Ethereum’s smart contracts ability will act as a reinforcement of the crime-as-a-service model for the digital underground and will be used for payments to criminals for criminal acts committed.
- The increased use of mobile phones around the world correspondingly increases the risks of cybercrime because criminals are moving attacks and hacks to the mobile environment, which is a concern because mobile phone devices are less secured by the end user than desktop systems.
- The anonymitity of digital currencies on the Blockchain or distributed ledger technologies have resulted in the increase of the live-streaming of child sexual exploitation involving children from poor countries because digital currencies allows this industry to flourish with anonymous subscribers who cannot be easily traced through traditional payment methods, as is historically done.
- A new target for cybercriminality is the hacking of stored medical records online or through mobile phone apps arising from the new practice of consumers uploading their medical records online without realizing the risks to them of doing so of, among other things, the waivier of privilege over their medical records, the disclosure of medical records and the risks of extortion by cybercriminals.
- Canada ranks 7th place in the world in terms of destinations where law enforcement identify online criminality.
Among the many recommendations from Europol was that governments devote financial resources to ensure that its law enforcement personnel have expertise on, inter alia, Blockchain and distributed ledger technology and the relevant law applicable to this area in order to fight cybercriminality.
All cybercriminal activities general proceeds of crime to the extent there is a financial transaction connected therewith and therefore, there are money laundering risks with all cyber-criminal activities that must be reported as suspicious activities.