That's still down on the 1995 peak of 19 million
offences - but it's an awful lot higher than
statisticians thought a year ago.
Crime figures: 'Five million' fraud
cases in past year
15 October 2015
Many experts will now be having a "told you so"
moment. Crime statistics sceptics say there's
just not enough police and policy focus on 21st
Century offending.
As June Kelly reports, the figures show the scale
of cyber crime
There were more than five million incidents of
fraud in England and Wales in the last year,
estimates suggest.
Criminality is rapidly changing - and the real
question is 'Are the police in a good place to
combat it?'
The Office for National Statistics has published
an estimate of fraud for the first time, based on
its Crime Survey.
Just over half of the 5.1 million frauds included
in the Crime Survey data involved some
financial loss, the ONS said.
There were also 2.5 million cyber crime
offences, such as computer hacking, the ONS
estimated.
Where losses were reported, 78% got some
form of compensation, with 62% reimbursed in
full.
The Crime Survey indicated an 8% fall in crimes
it covers. Separate data, based on reports to
police, shows an overall rise in offending of 5%.
Frauds included card fraud and frauds
committed over the phone and online. The
fraud data was based on a sample of 2,000
people.
Official figures are drawn from two sources:
The two sets of figures have been published
together for many years to give a more rounded
impression of crime levels.
An ONS spokesman said: "Although we estimate
that there were more than seven million fraud
and computer misuse incidents in the past year,
this does not necessarily imply a recent rise in
crime as the new measures bring into scope a
large volume of offences not previously
included in the Crime Survey."
The police figures suggest a 25% increase in
violence, with murders at their highest level for
four years.
In the 12 months to the end of June there were
569 homicides, up 44 on the same period the
year before.
He added: "These new estimates should be
seen in the context of a reduction over the past
20 years in the more traditional forms of crime,
from 19 million incidents a year in 1995 to
under seven million a year today."
For years traditional crimes have been falling
right across the Western world, irrespective of
who's in government and how many police are
on the beat.
The most common cyber crimes - committed
under the Computer Misuse Act - were those
where a victim's device was infected by a virus.
But today's figures have captured for the first
time an awful lot of criminality that, quite
simply, looks like it has been missed.
The category also includes the hacking of
people's emails or social media accounts.
If you add the official data for traditional crimes
to the provisional figures for cyber and fraud,
the number of offences breaches 14 million.
1
Overall, the Crime Survey estimated 6.5 million
offences had taken place in England and Wales down 8% from last year.
US undercover agent jailed for
six years for Silk Road Bitcoin
theft
That figure does not include the fraud and cyber
crime estimates.
Virtual currency Bitcoin allowed Silk Road users
to remain anonymous
If they were added, it would mean a total of
14.1 million crimes, but the ONS cautioned
against combining the two sets of figures,
saying the fraud and cyber data are
"experimental" and based on a much smaller
sample.
A former undercover policeman has been
sentenced to six and half years in prison for
stealing $700,000 of the virtual currency
bitcoin.
Agent, Carl Force was part of the Drug
Enforcement Administration (DEA) investigation
into the black market website Silk Road.
A spokesman said: "One is a proven set of
national statistics and the other is not."
The most common cyber crimes involved a
victim's device being infected by a virus
Silk Road allowed its users to buy and sell illicit
good including drugs and weapons
anonymously using Bitcoin.
Crime Minister Mike Penning said crime rates
were falling because of police reforms.
Force pled guilty to extortion, money
laundering and obstruction of justice.
And he said the rise in violent and sexual crimes
being reported was due to changes in how
offences were recorded.
Force was posing as a drug dealer with
connections to hit men to establish contact with
Silk Road's founder, Ross Ulbricht. His code
name for the assignment was "Nob".
"Crime is falling and it is also changing, and we
are committed to tackling fraud and cyber
crime," he added.
Once he reached Ulbricht, Force sold him
information about the investigation.
A spokesman for the National Police Chiefs'
Council said the fall in crime estimated by the
Crime Survey figures was "encouraging".
Ulbricht is a serving life sentence for conspiracy
to traffic narcotics, money laundering and
computer hacking, all associated with his
creation of Silk Road.
Meanwhile, the increase in crime reported to
police, he said, "reflects the efforts being made
by forces to improve consistency in crime
recording".
The judge in the case said Force's "betrayal of
public trust is quite simply breathtaking".
He added: "There is still a gap in what the public
are experiencing and what is being reported to
the police. However, it is extremely encouraging
that the gap between the CSEW public survey
and the recording of crime by the police
continues to narrow."
A former Secret Service agent who was also
charged pleaded guilty and will be sentenced
separately in December.
Bitcoin is digital currency not controlled by any
government. Users can buy and sell goods using
a unique code that allows users to remain
anonymous, something that has made Bitcoin a
popular choice for funding criminal activity.
2
but criminals are adopting patterns that are not
flagged up," said Prof Woodward.
Online attackers steal £20m
from UK bank accounts
"With thousands of computers infected, they
only need to take a small amount from each
bank account and suddenly they've got
millions."
14 October 2015
The UK's National Crime Agency is hunting
cyber-attackers who stole more than £20m
from British bank accounts.
The NCA said it was trying to "sinkhole" the
Trojan - working with internet service providers
to divert the software's attempts to "phone
home" with stolen bank account details.
Malware called Dridex harvested victims' online
banking details so the attackers could siphon off
funds.
The US Department of Justice said on Tuesday
that a Moldovan man, Andrey Ghinkul, had
been arrested in Cyprus in August and the
United States was seeking his extradition.
The NCA said it was working with the FBI and
other authorities to limit the malware's
usefulness to criminals and one man had
already been arrested.
The FBI encouraged people to use anti-virus
software to help protect their computers.
One expert told the BBC the attackers had been
particularly cunning to avoid being detected.
"All the usual advice applies," said Prof
Woodward. "Don't open unexpected email
attachments, even if they appear to be from the
bank.
"This is very sneaky software that relied on
people not being vigilant with their online
banking," said Prof Alan Woodward, a
cybersecurity expert who advises Europol.
"And check your bank statement for suspicious
transactions. Query anything you don't
understand, even if it's a small amount, as
criminals may be taking a small amount from
millions of other people."
"If you imagine thieves making lots of little
transactions, rather than one big one, it is more
likely to go unnoticed."
People were tricked into installing malware
The Dridex Trojan infected computers through a
malicious Microsoft Office document, typically
disguised as an invoice and emailed to victims.
US dismantles 'massive' cyber
crime syndicate
The malware relied on tricking people into
installing it on their machines, rather than
exploiting a security hole in the operating
system.
10 November 2011
The FBI alleges that infected computers would
be re-directed to sites that rewarded the gang
Cyber criminals who are alleged to have made
$14m (£9m) from advertising fraud have been
arrested in Estonia.
It would then eavesdrop on people entering
their bank account details and send the
information back to the attackers.
The FBI alleged that the gang infected more
then four million computers in 100 countries
with code that redirected users to online ads.
"Banks have software running constantly in the
background looking for suspicious transactions,
3
The six arrested are Estonian nationals while
the seventh member of the gang, a Russian,
remains at large.
The FBI has produced a software tool that
people can download and run to see if they had
been hit by the gang and were being redirected. The gang reportedly tricked people
into installing the malicious code that hijacked
their PC by disguising it as a codec required to
watch adult movies.
Security firms hailed the arrests as the "biggest
cyber criminal take down in history".
About 500,000 of the affected computers were
in the US and many of the millions inadvertently
enrolled in the fraud scheme were in
government offices, schools, and corporates.
More than 100 computers were seized in raids
conducted at the same time as the arrests. The
rogue address books have now been switched
for servers that direct people to where they
wanted to go.
Aiding the investigation into the scale of the
scheme was US space agency Nasa which first
discovered the malicious software on 130 of its
computers. Security firm Trend Micro also
provided key intelligence during the long
investigation.
Domestic ISPs are also being told about the
people that were infected to give them a
chance to clean up.
The defendants have been charged with five
counts of wire fraud and computer intrusion
crimes. If found guilty they face heavy jail
sentences.
The FBI claimed that the "massive and
sophisticated internet fraud scheme" revolved
around servers set up to surreptitiously reroute
traffic to websites where the gang would get a
cut of the advertising revenue.
Victims would start out trying to visit sites such
as Amazon, Netflix and ESPN but instead end up
on sites displaying adverts put together by the
gang, said the FBI in a statement.
James Bond cyber crime
expectations 'unrealistic'
By Sian Grzeszczyk
"These defendants gave new meaning to the
term, 'false advertising'," said Manhattan US
attorney Preet Bharara in a statement detailing
the take down which the FBI dubbed
"Operation Ghost Click".
8 April 2013
The public may have "unrealistic" expectations,
the report found
Being "brought up on a diet of James Bond, CSI
and Mission Impossible" may have given the
public "unrealistic expectations" when it comes
to solving cyber crimes, according to police.
Describing the gang as "cyber bandits", Mr
Bharara alleged they collected "millions in
undeserved commissions for all the hijacked
computer clicks and internet ads they
fraudulently engineered".
Public perception is listed as one of five
challenges representing the "greatest issues" in
tackling cyber crime, and crime in general, in
the future, in a Warwickshire Police report.
FBI documents detail the scheme the gang is
accused of running which employed rogue
copies of the net's address books to re-direct
people to the fraudulent sites.
Other issues highlighted by Det Insp Mark
Glazzard include the availability of technology
and challenges to police resources.
4
In the report, Mr Glazzard said: "The public
have been brought up on a diet of James Bond,
CSI and Mission Impossible films and
programmes. Their expectations with regard to
complex, international crime investigation may
be unrealistic."
employ techniques such as encryption and
steganography to hide their trail.
Warwickshire Chief Constable Andy Parker was
due to present the report's findings to the
county's Police and Crime Commissioner Ron
Ball.
Other future problems in tackling cyber crime,
he said, would include the difficulty of
international cyber crime crossing different
jurisdictions, and also fewer police resources
being dedicated to investigations because of
budget cuts.
It reveals there were more than 250 reports of
cyber "fraud" in Warwickshire in January and
February. The most-reported category of fraud
in January was connected to online shopping
and auctions.
He said the increase in use of "cloud storage"
could complicate investigations with
information, intelligence and evidence
contained within the internet itself.
The category of cyber crime includes fraudulent
online shopping activity, computer software
service fraud, computer misuse crime, offences
linked to computer viruses and spyware and
computer hacking.
Mr Glazzard said the sheer number of handheld
devices which could be used to access the
internet could mean a potential increase in
online crime.
Action Fraud, the national reporting centre for
fraud and internet crimes, said it had received
more than 46,000 complaints over the past 12
months from members of the public across the
UK about "cyber-enabled crime".
Regardless of how good the investigators on CSI
look, or how flashy their cars and music are,
crimes are not solved by iconic imagery, nor the
latest hi-tech see-through monitors.
It said that amounted to attempted levels of
fraud of £292m.
Brian Moore, senior lecturer in ethical hacking
and network security at Coventry University,
said the general perception of how cyber
criminals operated had been "glamourised and
completely falsified by the likes of shows like
CSI and NCIS".
Law enforcement relies on good old fashioned
detective work, which is aided by forensic and
IT specialists, who provide the technical and
procedural skills in recovering data, identifying
movements from mobile phones and other
digital devices.
Criminals are not generally experts in the use of
IT, so in many cases, the evidence can be
identified, selected and used to prosecute or
help corroborate other non-digital evidence or
testimony.
He added: "The criminals may always be one
step ahead, and the biggest barrier may be that,
as time passes, more and more knowledge and
tools of how to hack, crack and carry out
identity crime have been proliferated across the
internet.
In saying this, many more criminals are
becoming aware of the dangers of leaving a
digital trail and as such have become much
more IT-wise than they had previously, and now
"The next wave of hackers may be the first true
data terrorists, as we, perhaps, ain't seen
nothing yet."
5