Welcome to lesson 35. In this lesson, we ask ourselves, why not go after the cyber criminals. As we learned in lesson nine, the 1984 counterfeit access device and Computer Fraud Abuse Act makes it illegal to access computer without permission from the owner. A 1986 amendment, made it further crime to distribute malicious code, traffic passwords or conduct denial of service attacks. As we mentioned previously, anyone who commits a crime in this country is subject to United States law whether they live in this country or not. Sadly, cyber crime is a growth industry. It is a growth industry because it is a low-risk, high-reward venture. A 2014 report by the Center for Strategic and International Studies estimates that somewhere between 375 and 575 billion dollars is lost at cyber crime globally each year. Of course this is only an estimate because most cyber crime goes unreported. Few companies come forward with information on losses. When Google announced it was hacked in 2010, another 34 Fortune 500 companies who were also hacked refused to step forward. Only one other company reported it had been hacked along with Google, but supplied no details of its losses. Similarly, when a major US bank lost several million dollars to a hacker, it publicly denied any losses even as law enforcement and intelligence officials confirmed it privately. The reluctance of companies to admit loss is encouraged by competing need to protect the reputation and stem further damages by loss of public confidence. This incentive towards remaining silent, unwittingly assists criminals with evading justice and encourages them onto more exploits. The two most common exploitation techniques are social engineering where users are tricked into granting access and vulnerability exploitation where programming or implementation failure may be leveraged to gain access or both surprisingly cheap. Moreover, few of the biggest cyber criminals have been caught or in many cases even identified. This combination of low cost and low risk makes cybercrime almost irresistible. The most important loss from cybercrime is the theft of intellectual property and confidential business information. Intellectual property is a major source of competitive advantage for companies and for countries. The loss of intellectual property means fewer jobs, fewer high paying jobs, less innovation and slower technological improvement. The U.S. Department of Commerce estimates that two hundred to two hundred and fifty billion dollars a year worth of intellectual property is lost each year to cybercrime. The European Organization for Economic Development, estimates higher losses at about six hundred and thirty eight billion dollars annually. Financial crime is the second largest source of direct loss to cybercrime. In Mexico, Banks lose up to ninety three million dollars annually. In Japan, It is estimated that banks lose about a hundred and ten million annually. The two thou- two thousand and thirteen hack against the U.S. retailer target cost banks more than two hundred million dollars. And retailers in Britain reported lo- losses more than eight hundred and fif- reported losing more than eight hundred and fifty million in two thousand and thirteen. These crimes are carried out by professional gangs, some with significant organizational abilities. Among the techniques employed by hackers, after gaining access to a bank account they will transfer the funds to a third party called a mule. He will launder or shuffle the money in some fashion to eliminate traces of its origin before forwarding it to an overseas bank where the hacker owns an account. The theft of forty five million dollars from two banks in the Middle East involved the recruitment and use of five hundred mules around the world. In this case by using cloned debit cards to withdraw money from ATMs keeping a portion for themselves, and sending the rest back to the hackers. It is estimated that there are twenty to thirty cybercrime groups in Eastern Europe with advanced capability to overcome almost any cyber defense. Financial crime in cyberspace occurs at industrial scale. Finally it is very difficult to trace a cybercrime back to a cyber criminal. Cyb- cyber criminals employ many techniques to hide their tracks and leave false indicators. Accordingly, criminal attribution is highly problematic. The same is true for state sponso- sponsored cyber espionage. Without incontrovertible proof, It is difficult to retaliate. And a wily cyber agent is sure to make any evidence questionable. Let us review the main points from this lesson. One somebody who commits a cyber crime in this country is subject to United States criminal law whether they live in this country or not. Two, Cybercrime is a growth industry because it is a low risk, high reward endeavor. Three one aspect of aspect of risk mitigation is that companies are reluctant to report cybercrime for fear of further losses due to the impact to their reputation. Four, moreover the two most common exploitation techniques, social engineering and vulnerability exploitation are very cheap. Five, the theft of intellectual property and confidential business information, is the most important loss from cybercrime because it affects jobs, competition and innovation. Six financial theft is the second largest form of cybercrime conducted on an almost industrial scale by gangs with advanced capabilities to overcome almost any cyber defense, and seven tracing a cybercrime back to a cyber criminal is very difficult. Making swift attribution and retaliation almost impossible. Join me next time as we take a look at the difficulties entailed in cyber surveillance. Thank you.
