Cyber crime will soon be a billion rupee business in Sri Lanka, if no legislative measures are introduced to penalize culprits using the means of others to make a good living, cyber security experts said.
Computer data hacking today, is a trillion dollar crime the world over, with the number rising at a rapid pace due to inadequate laws to curb crime and bring the fraudsters to book.
“Even if laws are enforced, hackers would be smart enough to get off the hook due to loopholes in legislation,” experts said.
Hackers move faster than the law enforcement, which has stopped short of measures to combat the crime wave which is getting out of control, and turning out to be a lucrative business across the world.
A profitable venture
Cyber crimes are found to be a profitable venture in Russia and Mexico, enabling criminals to make a quick buck, more profitable than the narcotic trade which has spread its tentacles throughout the globe.
‘Ransom ware’ attacks, the largest and popular computer attack in 2016 , ‘Bot’ the shorter form for robot and ‘botnet,’ traded in international markets are money spinners for cyber criminals, today.
“Ransom ware attacks which was found in Sri Lanka last year, is a methodology used by hackers to take possession of another’s computer data and demand a ransom to release the data. However, there is no guarantee that the data will be returned,” CICRA Holdings Director/CEO Boshan Dayaratne said.
Hackers use this method to compel email users to click a site in the mail which links him or her to a fraudulent website that enables the hacker to possess the private information.
Bot uses computer IP addresses to attack another party. The collection of all these individual computers is termed Botnet.
“Income from Botnets ranges from USD 5 to USD 11 per computer per week. Such computers are sold in millions through the internet, across the world,” Dayaratne said.
Cyber crime experts said, what is unfortunate is that there is no concerted effort as a country to minimize the spate of computer crimes, which includes stealing personal information of credit cards through skimmers and other sophisticated devices to capture private data for illegal transactions.
“Being a member of the Budapest Convention on Cyber crime is a good move for Sri Lanka to seek global support to address the issue,” experts said.
Sri Lanka is a signatory to the Budapest Convention on Cyber crime since September 2015. The Convention is aimed at addressing internet and computer crimes by harmonizing national laws, improving investigative technique and enhancing cooperation among nations.
Cyber security experts hailed the role played by the Information Communication Technology Agency (ICTA) and Computer Emergency Readiness Team (CERT) to train and educate the public on mitigating cyber crimes.
However, the absence of stringent legislation and a sustained effort at national level, has been a major drawback to check the crime rate and minimize colossal damage to the state, corporates and individuals.
CICRA has trained over 300 ethical hackers during the past four years on computer hacking forensic investigations . Besides, it has over 200 corporate members doing the Master’s degree on Information Security.
“We conduct training programs to school students, and the corporate on the method of securing computer data. The annual cyber security summit which gathers global experts on cyber security to speak on the latest trends, bringing cyber security to the Boardroom and encouraging CEOs to focus on the issue, are some of the initiatives of the company,” Dayaratne said.
Proactive measure
Experts said, cyber security should be a proactive and not a reactive measure to combat cyber crimes. Awareness and training are vital to minimize the damage of cyber crimes.
Cyber security should be looked at, not only as a compliance method, but beyond. There has to be professionals to check computer tools to ensure that they are not vulnerable to hacking. The software should be continually upgraded.
“Credit card companies have drawn attention to minimize credit card scams. Several measures have been introduced to educate card users and prevent siphoning off personal information to carry out fraudulent transactions,” experts said.
VISA and MASTER, global brands have implemented the Payment Card Industry Data Security Standard (PCIDSS), a widely accepted set of policies and procedures to optimize the security of credit, debit and cash card transactions, and protect cardholders against the misuse of their personal information.
Banks have to comply with the standard which provides security to the cardholder. With the number of large scale credit card scams increasing, experts said, credit card users should check their monthly statement against the receipts, to examine any unauthorized transactions.
The card, if out of sight is prone to risk. The golden rule is, never keep your card out of sight, which will help prevent tampering with or carrying out any illegal transaction.
Hackers use skimmers attached to the card reader at stores and fuel stations to steal data, clone credit cards and make withdrawals from customer accounts.
Cash desk staff can swipe another’s card through a hand held device capable of capturing card details.
Card users have been advised to check that no camera is stuck at ATMs to capture PIN numbers and not to lose concentration when using a whole in the wall machine. Scan artists work in pairs. While one observes the PIN number the other taps on your shoulder to tell you have dropped some money and when you look down, the former steals the card.
‘Many credit card frauds could be prevented if the signature of the card holder is verified against the card, to ensure that the transactions is legitimate.
The password should be a complicated one and the signature should be one that cannot be easily forged,” Dayaratne said.
“Laws to combat credit card crimes is long overdue,” cyber security experts say.
Lack of awareness and professionals to check computer crimes are impediments to curb the rising crime wave. Organizations have experts, but do they have the right expertise to probe and investigate hacking in the organization. It is a problem that the corporate grapple with.
Cyber security specialists
Statistics reveal, there is a shortage of around one million cyber security specialists in the world today, and by 2020, the number would rise to over 16 million. Studies note that G 20 countries lose around one percent of the GDP a year, due to cyber crimes.
USA, UK, Australia, Singapore and Malaysia are among the countries that have adopted strategies to curb cyber crime. Australia has a partnership between the government and the industries to tackle possible threats.
The FTC in the United States protects consumers against unscrupulous billings. It has set up a 900 number call which has procedures in settling billing disputes.
The Dedicated Cheque and Platic Crime Unit in the UK was set up in 2004 to focus on counterfeit credit card fraud.
The Unit comprises police officers from the London Police, Metropolitan Police officers and support from the banking sector. The Bank Negara of Malaysia passed a mandate in 2005 that all credit card transactions through Malaysian banks must be encrypted and Europay, MasterCard and Visa (EMV) compliant.
The use of credit cards has increased over the years due to its convenience. However, the danger of it being used by others for illegal transactions is high, hence, requiring card users to be vigilant.