Identity theft is on the lips of many concerned Australians. It is also discussed in length amongst Governments, business and the Police who attempt to not only unravel the workings of cyber-crime, but in turn are (albeit often unsuccessfully) attempting to stay one step ahead of it.

On Wednesday, British newspaper The Guardian, featured organised crime expert Misha Glenny in an article, titled Cybercrime: is it out of control? Anyone who is even slightly curious about the cyber-underworld should at the very least read this article.

It features Glenny’s new book, titled ‘DarkMarket: CyberThieves, CyberCops and You’. This book follows Glenny’s international bestseller ‘McMafia’.

The book’s promo says:

“DarkMarket explores the three fundamental threats facing us in the 21st century: cyber crime, cyber warfare and cyber industrial espionage. The Governments and the private sector are losing billions of dollars each year, fighting an ever-morphing, often invisible, often super-smart new breed of criminal: the hacker.”

The workings of the underworld will astound any reader interested in how internet scams are perpetrated, and how we as individuals can fit in as pieces of the cyber-crime puzzle at many levels.

Glenny gives an example of how criminals can hack into computer systems of companies, and use people power of ‘mules’ on the ground, to steal millions of dollars. Here’s how they did it in Canada:

“The scam was impressive in its simplicity and effectiveness. The gang bought a number of pre-paid debit cards in different locations and placed $15 on each card. Once they had broken into the computer system of the company that issued them, they found the network area that dealt with the limits placed on each card. They sought out the cards they had purchased and, using the control they had established over the company’s networked system, they electronically raised the spending limit on the cards from $15 to tens of thousands of dollars. Over one weekend, they extracted around $1m (£640,000) using the affected cards in ATM machines around the world,” the article says.

U.S. company, Fidelity National Information Services, which is one of the biggest providers of technology and card services to the banking industry worldwide recently had US$13million stolen in the same way.

“Traditional bank robbers must be absolutely gobsmacked when they hear sums like this being hoovered up by cyber criminals week in, week out… The Mr Big who orchestrated the whole operation, I was told, kept 70% of those profits for himself – only 30% went to the hackers and the so-called “cash-out” team – that is, the people who have somewhat laboriously to go from ATM to ATM and extract up to $500 each time (before, of course, transferring 70% back to Mr Big),” Glenny says.

Glenny says that while there are no precise figures out there, the White House suggested in 2009 that cybercime and industrial espionage inflicts damage of around U.S.$1tn per year, which is almost 1.75% of the worlds GDP.

He says that Britain, the US, Canada, Western Europe, Australia and New Zealand are top targets for cyber criminals from across the world. He says in today’s world any business that is computer-based is vulnerable to attack.

Glenny describes in great detail the nature of the cyber-crime underworld. He says up until recently criminals could shop at “carder” sites, designed for hackers to deal in credit card or card details – effectively a department store for criminals.

“The first and the most celebrated among thieves was CarderPlanet. Members would come to this website, run out of Odessa in Ukraine, to buy and sell stolen credit card details, to purchase viruses, trojans and worms with which they could compromise victims’ computers, to take tutorials in how to deploy the latest cyber weapons, or to hire a botnet – a network comprising thousands of zombie computers – to use in an attack against your enemies,” the article says.

Glenny says these sites set up ‘Escrow’, which is similar to PayPal, using legitimate channels such as Western Union, and allowed criminals to trade with one another – without being ripped off by each other.

“Carder” sites such as DarkMarket have slipped out of fashion because they were too easily infiltrated by law enforcement agencies such as the FBI and the Serious Organised Crime Agency here in Britain. Instead, the lone wolves have started to form packs with trusted friends and these look more like traditional organised crime groups with a clear hierarchy and division of labour,” Glenny says.

He gives one example of the new cyber-criminals and the infiltration of malicious software called “scareware”, which played on the fear of virus infection. The company, ‘Innovative Marketing’ made so much money selling fake virus software they established three call centres in England, Germany and France.

“The structure acts as a mask that obscures the real money-makers: the people who assemble the zombie networks and the Mr Bigs who use their services. The mules are easy to catch but they are very small cogs in a more ruthless machine. The next challenge for law enforcement is not unlike that facing the Untouchables in Al Capone’s Chicago. Capone, of course, was eventually busted for tax evasion. But how can you track down a digital Al Capone when you don’t know who he is or where he is?” he says.

This illustrates the importance for people to report any instance of identity theft to the Police, no matter how small we may think the matter is. It could be a drop in the ocean to big amounts like the $13m stolen from FIS, but who knows – it could all be drops in the ocean from the same source.

Cyber-crime with the purpose of idenitty theft can take many forms. It can be perpetrated by stealing the personal information of individuals, generally through obtaining it via virus software known as ‘malware’ or by phishing scams which appear to be genuine companies asking for personal details which can then be used to generate fake identification. Then the fraudster will go about taking out credit in the victim’s name.

If the theft goes undetected, the fraudster can be racking up thousands of dollars in debt in the person’s name. This is when identity fraud affects the victim’s credit file. When this happens, it is not only the victim’s bank accounts that can be affected, but more importantly their ability to obtain credit in the future.

In Australia, if a credit file holder fails to make repayments on credit past 60 days, then a default can be placed on their credit file by the creditor. This default shows on the credit rating for 5 years, and can severely hinder their chances of getting credit once it is placed. For the identity theft victim, this can leave them severely disadvantaged for 5 years, and unable to take out legitimate credit. The only way they may be able to restore their good name is through lots of hard work proving to creditors they did not initiate the credit.

For information on preventing identity theft, and help with repairing a credit rating following fraud, contact MyCRA Credit Repairs, or call tollfree 1300 667 218.

Image: Salvatore Vuono /