The FBI Internet Crime Complaint Centre's (IC3's) latest report reveals a fourth African country has been added to the top 10 cyber crime perpetrator list.
“This year, SA ranked number seven, moving down a place from number six last year, and Cameroon entered the rankings for the first time at number nine,” says Information Security Group chairman Craig Rosewarne. “This begs the question, are attacks from African countries on the increase? Or are these countries, including SA, being used as a launch pad to target other countries?”
Either way, Rosewarne believes attacks from Africa are on the increase. “Do the maths; 336 655 complaints received, with African countries accounting for roughly 10%. This equates to about 36 000 complaints from Africa. If $559 million was lost in total, roughly $56 million would be thanks to African cyber criminals. In addition, bear in mind that these were only the crimes reported to the FBI. What about the majority that were swept under the carpet?”
Rosewarne says in SA, the majority of crimes go unreported, due partly to ineffective policing systems, and partly because it is not yet required by law to report crimes of this nature.
Ghana was on the IC3 perpetrator list in 2008 at number seven, and this year has moved to sixth place. Nigeria is the fourth African country on the list at third place for the last two years.
Skewed statistics?
However, Dominic White, a consultant for Sensepost, says it needs to be borne in mind that the perpetrator location is based on what an attacker told the victim. “It's quite possible that Africans were using SA as a fake location to appear legitimate, or because international shipping or banking in SA is better. However, the criminal is, in fact, located elsewhere.”
He says the report cautions readers to note that throughout the document, perpetrator demographics represent information provided to the victim by the perpetrator so actual perpetrator statistics may vary greatly.
In addition, he says the fact that the vast majority of cyber crime is not reported would impact all these statistics, as a clear picture cannot be given without all the information. He adds that, although SA is ranked number seven, only 0.15% of the total complaints were from SA, and only 0.7% of perpetrators were said to be from SA. “Compared to the US's 92.02% of complainants and 65.4% of perpetrators, we are less than small fry.”
Costin Raiu, chief security expert, EMEA, global research and analysis team at Kaspersky Lab, believes that, when it comes to SA, the report takes a few factors into consideration, such as the final destination of the money as reported by the banking institution. “Therefore, I do think the statistics reflect the reality. In addition, even if Nigerian scammers, for example, used intermediaries in SA to receive the parcels, I think that can be considered as SA-related, since at least one criminal gang member was located there.”
Criminal intent
Speaking of cyber crime growth, which the report claims has doubled in 2009 from the previous year, White says the report does not provide a reliable indicator of this.
“The large increase in reporting this year is quite possibly due to the first FBI-themed scams that appeared in 2009. The IC3, which accepts online Internet crime complaints, is a partnership between the FBI, the National White Collar Crime Centre and the Bureau of Justice Assistance. Due to its involvement, FBI scams would have led to public awareness and publicity around the IC3's complaint mechanism.”
He says this was reflected in the statistics with reported FBI scams topping the list. “They make up 16% of the reported numbers, but in no way represent 16% of actual online fraud and are skewing the results. An increase in reporting does not necessarily imply an increase in crime.”
In addition, White says the big misnomer in looking at the IC3 stats as a whole is that they include money lost from merchandise ordered over the Internet that is not delivered, which according to the report, accounts for the biggest cyber crime losses. “This, together with other non-technical 'scams', makes the report more about criminals who use the Internet as a medium, and less about rampant botnets and Chinese super hackers.”
Raiu, however, is of the opinion that numbers aside, there is a clear indication that cyber crime exploded in 2009.
“For obvious reasons, no one knows what percentage of cyber crime goes unreported; however, I'm sure the increased numbers reflect both an increase in cyber crime itself, and an increased awareness from the users, who are more willing to report these to the FBI IC3. Yet, I believe the growth in events is mainly due to a growth of the cyber crime business itself, not because users are complaining more.”
To read the full IC3 report, click here.
Share