Cyber crime is costing the UK an estimated ÂŁ27bn a year, and UK businesses are hit hardest owing to high levels of intellectual property theft and industrial espionage, according to a new report from consultancy Detica and the Office of Cyber Security and Information Assurance. Skip related content
The Cost of Cybercrime study found that the cost to businesses of cyber crime runs to at least ÂŁ21bn a year, and that intellectual property theft accounts for the largest chunk at ÂŁ9.2bn, followed by industrial espionage at ÂŁ7.6bn and extortion at ÂŁ2.2bn.
Interestingly, direct online theft accounts for just ÂŁ1.3bn, while loss or theft of customer data represents just ÂŁ1.1bn, despite usually garnering the biggest headlines.
The government is said to be hit with a ÂŁ2.2bn annual bill thanks to cyber crime, while taxpayers lose ÂŁ3.1bn mainly through identity theft (ÂŁ1.7bn) or other online scams (ÂŁ1.4bn). Scareware and fake anti-virus scams are said to account for ÂŁ30m.
The report highlights the need for a more strategic approach to cyber crime, but warned that current estimates of the scale of the problem are being undermined by “a lack of a clear reporting mechanism and the perception that, even if crimes were reported, little can be done”.
Businesses should have access to a “government-sponsored, authoritative, online and interactive service”, according to the report, which would help to raise awareness and promote best practice in cyber defence, as well as provide a centralised reporting mechanism.
Security minister Pauline Neville-Jones argued that cyber crime is a ” national security and commercial priority”, and that the public and private sectors need to co-operate.
“This report is an important example of how government and industry are working together to tackle specific threats posed by criminal use of the internet, and highlights the opportunity we have to turn this to our advantage and get ahead of the curve to drive our economic growth and prosperity,” she added.
However, the figures dwarf the amount that the government is currently spending on cyber security. Just ÂŁ63m is likely to end up supporting cyber crime prevention out of the ÂŁ650m pledged to the government’s cyber security strategy.
Some security experts have also called into question the huge figures estimated by Detica in the report, especially given that there is little evidence of how the figures were arrived at.
Sophos senior technology consultant Graham Cluley pointed out in a blog post that the ÂŁ27bn figure easily smashes the estimated ÂŁ13.9 billion cost to the UK per year of drug related crime.
There needs to be a proper mechanism for reporting cybercrime (both for home users and businesses) before we can begin to whisk up grand totals like this, he said.
Once we know the true scale of the problem, and can produce reports that aren’t dealt with scepticism, we can fund the computer crime authorities appropriately, and we can begin to measure if the UK’s attempts to fight the problem are really working or not.
Mikko Hyppönen, chief research officer at F-Secure, agreed that ÂŁ27bn is an incredibly large sum, especially given that most of it seems to have come from IP theft and espionage, which he admitted was “very hard to quanitfy”.
During the shadow of Communist Russia, Estonia was once home to a major contingent of KGB secret police. Now free, the Estonians are taking the opportunity to display Soviet hardware used by the KGB to monitor transmissions and eavesdrop.
The exhibition – called “Viru Hotel and the KGB” – remembers a time when the hotel was a hub for eavesdropping on foreigners.
The exhibition shows in a once-secret “radio room” where operatives relayed information from the hotel in Tallinn, Estonia to Helsinki, Finland across the Baltic Sea. From there, the intel would go to Moscow.
“All we have here now is the room as they left it one night in 1991 when Estonia was getting close to restoring its independence,” said Peep Ehasalu, spokesman for the Viru, now run by Finnish hotel chain Sokos.
In 1975, the radio room became a hotline for Soviet leaders between Moscow and Helsinki during the European Security and Disarmament Conference held in Helsinki. Again the room went into high use in 1980 when Tallinn was the venue for the yachting competition for the Olympic Games hosted by the Soviet Union.
“In the Soviet times I was not afraid of losing my job because of my professional skills, and jobs were available for everybody and no one was sacked even if they came to work drunk,” said Enn Palmets, the hotel’s technical manager, who has been at the Viru since it opened.
“There was a threat of getting dismissed because of telling the wrong kind of stories or talking to foreigners. In fact, everybody was forced to sign a document saying that they promise not to contact foreigners.”
One visitor, Tiia Raudma, who visited Estonia frequently in the 70s said that foreigners weren’t allowed to stay anywhere else.
“Everyone knew the Viru was bugged and that the KGB people sat on the second and third floors near the hard currency bar, so people would just be careful in what they said on the telephone or while in the hotel.”
Â
It’s hard to imagine, but roughly 10 years ago as VoIP was being rolled out corporate networkers were quite concerned about the security of VoIP. As we faced a move from voice going over a traditional (and, by the way, unencrypted) network, there was concern
that VoIP would be much too easy to eavesdrop on – especially if it traversed the Internet.
We’ll leave the question of whether “legal intercepts” as a political and civil liberty question. Indeed, virtually any “good” technology can also have a dark side. Nevertheless,
“wiretaps” have been a part of voice communications essentially forever. Sometimes for the good of all. Sometimes not.
And “tapping” a traditional voice call, whether in analog or digital (PCM) format is trivial. Additionally, as discussed in
an excellent interview, “Web Wiretaps Raise Security, Privacy Concerns” on All Things Considered, as cellular technology was rolled out, there were provisions made for “lawful intercept.”
The issue that was discussed by FBI General Counsel Valerie Caproni is that with VoIP solutions – and Web-based VoIP in particular
– the individual conversations can be quite difficult to intercept and decode. Further, while at one time Internet-based voice
conversations were largely limited to “major” applications like Skype, there is rapid and widespread proliferation of “voice chat” capabilities. For instance, you can do a voice chat,
a video chat, or even call an external phone from Gmail. And this only covers voice-like capabilities, and doesn’t include
other messaging.
Interestingly, and in a move that makes sense, the government is not specifying exactly which services need to be modified
so that they can be more easily modified. As pointed out in the above-referenced interview, if the systems that were difficult
to monitor were identified, then this would make it obvious which ones could be best used for less-than-honorable purposes.
The implications for this for the corporate enterprise network are yet to be identified since we’re just on the leading edge
of the issue. But it is clear that we’ve come a long way from the days when VoIP was a “toy.” And the fact that it’s “just
another application” is making the task of lawful intercept even more difficult.
Steve Taylor is president of Distributed Networking Associates and publisher/editor-in-chief of Webtorials. Jim Metzler is vice president of Ashton, Metzler Associates.
He also indicated he would like to see Australian media outlets consider abstaining from publishing material if it was considered against the country’s interests. ”If [the media] receive representations from national security or law enforcement authorities that material could be prejudicial, they will often refrain from publishing the material. And certainly it may well be that that sort of discussion might need to take place.”
The actions of the US have not discouraged all countries from expressing their support for Mr Assange and WikiLeaks. Ecuador has seemingly opened its arms, and invited it to establish a home base there.
The invitation came through a comment by Ecuador’s Deputy Foreign Minister, Kintto Lucas, on a website on Monday. ”We are ready to give him [Mr Assange] residence in Ecuador, with no problems and no conditions. We are going to invite him to come to Ecuador so he can freely present the information he possesses and all the documentation, not just over the internet but in a variety of public forums.”
Even though it was not Ecuador’s policy to involve itself in the affairs of other countries, the worrying nature of the cables – particularly the references to Latin America – had compelled it to offer safe haven, Mr Lucas said.
In an interview in Forbes magazine, Mr Assange indicated that the next target of WikiLeaks would be a big US bank, and said he had tens of thousands of documents that would be published early next year.
The bank leak would ”give a true and representative insight into how banks behave at the executive level in a way that will stimulate investigations and reforms, I presume”.
While in a local coffee shop waiting to meet a friend recently, a group of people nearby was engaged in a conversation. Now I don’t make it a habit to eavesdrop, but they were so loud you couldn’t help overhearing them. And they clearly weren’t overly concerned that virtually everyone inside was within earshot.
I was especially interested because their conversation was financial in nature. Frankly, it took all my willpower to sit still and keep my mouth shut.
 Their conversation reminded me that too many people are simply not paying attention to financial details the way I believe they should. In other words, when it comes to financial matters, it’s important that you pay attention to more than just the large print.
 One animated gentleman complained that taxes must have been increased in 2010 because his refund was going to be much smaller this year than last year. I obviously didn’t know his personal tax information, but my guess is that he totally forgot what happened to payroll withholdings earlier in 2010.
 They were adjusted lower in an attempt to get dollars into consumers’ hands sooner, with the hopes that additional dollars in the pocketbook would help jumpstart the economy.
 Other than that and the Roth IRA conversion option, the income tax code had no real significant changes last year. I have a feeling a lot of people will be surprised when their tax refund this year is smaller than in years past. More than likely, the reason is they took more money home every pay period.
 Automobile leasing was the other financial topic discussed. I was alarmed at the lack of understanding about how it works. Everyone wants our auto industry to thrive, but I think you need to understand all terms and responsibilities, whether you buy or lease.       Â
 Because leasing is generally more complex than buying and because it’s estimated that nearly 20 percent of new autos driven off the lot this year will be leases, it’s especially important to understand leasing terms.
 The good news is that financing is beginning to loosen up. But that doesn’t mean you should run out and get it just because you can.
 In the coffee shop, the patrons were describing leases as purchases that ended on a predetermined date. In reality, leasing is simply renting a car for a specified period of time, with certain limitations.
 For example, a vehicle may be advertised as $199 for 36 months. But as anyone who has ever leased a car knows, there are penalties for things like damage and excess mileage.
 In the past, many lease prices were based on 12,000 miles per year. These days, many of them are based on 10,500 miles per year.
So, what does it matter? Well, typically, there’s a 15 cents per mile charge for excess mileage.
 If you drove 12,000 miles a year for 3 years, there would be 4,500 excess miles. At 15 cents per mile, you’d be charged an extra $675 at the end of the lease. That’s why understanding all the terms and conditions is so critical.
 So in the future, control your speaking volume at the coffee shop or any public place. And make a commitment to be smart about your finances. That means carefully scrutinize all the fine print and details.
Fax your questions to Ken Morris at 248-952-1848 or e-mail to ken [dot] morris [at] investfinancial [dot] com. Ken is a registered representative of INVEST Financial, member FINRA, SIPC and is Vice-President of the Society for Lifetime Planning in Troy.
