Cyber crime is racing ahead, and we need to keep up

Thirty years have passed since I attended my first International Symposium on Economic Crime at Jesus College, Cambridge.

Then, some 40 of us met in a room over the college bar. Those present were mostly prosecutors and enforcement officials drawn from all over the world by Dr Barry Rider, Cambridge law don and expert in the pursuit of white collar crime.

I was allowed to go because Barry had lectured me in law, subsequently helped me in my work, and became a friend.

This year’s Symposium, held from 2 – 9 September, attracted more than 1,500 delegates, and was based in giant marquees spread over Jesus’ lawns. Accommodation was provided in not one, but two colleges.

The event is still hosted by Barry, now a professor, and the audience continues to come from a cadre of lawyers, regulators, investigators (public and private) and academics who devote their working lives to arresting and obstructing fraudsters. There is nothing like it anywhere else.

A keynote speaker this year was the new boss of the UK’s Serious Fraud Office, Lisa Osofsky. The former FBI lawyer used her first speech in her new role to warn fraudsters hoping to take advantage of the computer failures of banks, explaining that she will make the UK an “inhospitable” place for them to conduct any crime.

She declared that an occurrence like this year's IT meltdown at TSB, which saw many customers exposed to potential fraud, should not happen under her watch.

“As head of a crime fighting agency, I am committed to making our country an inhospitable place for criminals like these,” she said. “My goal is to make sure our country is a high-risk place for the world’s most sophisticated criminals to operate.”

Quite what those dangers are, were spelled out in dramatic fashion by a senior UK cyber expert. I can’t say who he was because he asked not to be named. But he’s a leading figure in the battle to combat the fast-growing threat.

Listening to him, I was reminded just how much economic crime has changed since I sat in the same college at the same conference all those years ago. Back then we were concerned with pieces of paper baring faking signatures and documents; false accounting involving detailed sets of figures; setting up bogus companies, often hiding behind real brass plates and doors; counterfeiting coins and notes, and goods. Computers for everyday use were in their infancy, and the internet as well as email had not even been conceived.

Those crimes survive, but they seem distinctly crude and old-fashioned, compared with today’s remote, at-a-distance, instantaneous scams.

Like the Symposium itself, the criminals have exploded in number, grown in sophistication, become truly international, and, by and large, anonymous. Consider what the expert said: every day, 145 billion emails are sent around the world; of those, one in 131 are trying to seed malware or ransomware or some form of data theft; 65 per cent are engaged in spamming.

The speed at which an attack can take place and an account, or accounts, can be drained, is truly frightening. Shipping giant Maersk lost $300m (£232m) in no time at all, in a NotPetya malware assault.

And, for the criminal sitting at a faraway keyboard, the risk of getting caught versus other crimes, is negligible. In the US, said the UK official, one in five armed robbers are caught and end up in jail. In the cyber world, the rate for being identified is a mere one in 50.

Another shift from 30-odd years ago is the nature of the assailant. It may be an individual working alone or a gang or just as likely, a terrorist group or a rogue state seeking to spread economic chaos among their enemies. Tracking and defeating hackers who can shelter behind the protection of a country, with all its state-of-the-art apparatus, is doubly difficult.

What’s to be done? Educate, invest, back-up, act quickly. Education-wise, the more levels of protection we adopt, the safer we are. Similarly, the more aware we are, the more cautious we will be. In a nutshell, if something seems suspicious, is unexpected and out of the ordinary, then it probably is. Avoid opening, at all costs.

Spend money on the very latest IT security software and hardware, on IT staff who know what they are doing and are completely up to speed.

And back up. If data is backed up, being held to ransom until it is returned ceases to have meaning.

Be prepared to move ferociously quickly. In Maersk’s case, once their systems were breached, they acted with breathless speed. In just 10 days they reinstalled 4,000 new servers, 45,000 new PCs, and 2,500 applications - or, as the company’s boss described it, “a complete infrastructure”.

It’s not just the bad guys who are availing themselves of the very latest digital weaponry. In her speech, Osofsky stressed how she wants to use technology to help crack cases.

“With the new eDiscovery platform we’re starting to use across all of our new cases, we’ll soon bring a range of machine-learning and AI-based technology assisted review features to our investigations,” she said.

What will the next 30 years bring? It’s impossible to tell. But the message from Jesus College this past week was clear: standing still and doing nothing is not an option.

Chris Blackhurst is a former editor of The Independent, and director of C|T|F Partners, the campaigns and strategic communications advisory firm.