Just who are the people behind cybercrime? Well, perhaps unsurprisingly, the traditional picture of a hoodie-wearing youngster in a dark cellar surrounded by a few computer screens is far from the truth.
Cybercrime today is carried out by incredibly well-organised companies – businesses that, on the surface, appear to be legitimate organisations. They recruit, have HR departments, and have sales and onboarding teams – they’re even registered and have legitimate certificates to prove it.
Ken Gamble, a cyber investigator, knows this only too well – as he and his team at IFW Global spend every day getting behind the closed doors of these organisations to help bring them to task.
“It’s highly organised, that’s why it’s so successful,” Ken told Eftsure on the latest edition of our On The Defence podcast.
“Last year, we got inside an operation in Kyiv, Ukraine. We had a hidden video right through an operation with about 500 employees.
“Our undercover guy was able to get extensive footage, and it is so highly organised.
“This is an Israeli-run operation, and everything is run like an industrialised corporation – they have the HR department, the accounting and finance department, the sales department, the onboarding – these companies put legitimate companies to shame… They have the money to spend on recruiting the best people, so they bring in the best people with university degrees in accounting and even cyber security teams.
“They’re spending the money they’re making and investing it in establishing a multinational criminal organisation.”
While Ken’s example was a Ukraine-based operation, cybercrime’s origins certainly aren’t limited to Eastern Europe. A recent joint research study created the World Cybercrime Index, ranking countries on factors including cybercrime types, the level of technical skill of those involved, and the impact their activities have.
Scored out of 100, Ukraine was ranked as the country providing the world’s second-largest cybercrime threat (with a score of 38.44), behind Russia (58.39).
Also hitting double-digit ratings were China (27.86), the United States (25.01), Nigeria (21.28), Romania (14.83) and North Korea (10.61).
Ken says that six or seven groups internationally dominate global cybercrime, with different regions specialising in different types of scams.
“A lot of the hacking, ransomware, and phishing scams originate in Eastern Europe – some from Southeast Asia, and more recently in Nigeria and other parts of Africa.
“Whereas the investment scams, stocks and shares, securities – those high-level investments – you’re looking at the British. The British absolutely dominate the industry globally… they’ve mastered the art of making billions of dollars by selling non-existent shares.”
The ‘celebrity-endorsed’ investment and AI trading platform scams that target people from across the globe, including Australia, are, says Ken, dominated by Israeli criminal groups operating in Cyprus, Bulgaria, Serbia, Moldova, Georgia and Ukraine, while ‘pig butchering’ – love scams – are primarily controlled by the Chinese.
“These are Chinese organised crime groups that have set up compounds, and they’ve recruited tens of thousands of workers from China to come into Southeast Asia and set up compounds in the Philippines, Cambodia, Laos, Thailand, Myanmar, and now extensively in Dubai, in the UAE.”
Illustrating the size and scale of the operations behind cybercrime, Ken recalls a recent raid in Cebu, Philippines on what was – at face value anyway – a telemarketing and business processing company.
“We conducted a raid in February in Cebu and arrested 35 people who were scamming people with those celebrity adverts in Australia.
“This company was run immaculately. It was run with all the necessary business permits, it had everything. It was running as a telemarketing call centre, a business processing company, which essentially, that’s all that they were purporting to be doing.
“Of course, what they’re actually doing is running massive scams, getting people to sign up on websites and invest in cryptocurrency. But if someone had walked into that office to do an inspection, they’d have found everything above board. The staff are employed; everyone’s on employment contracts. It’s just like a legitimate corporation, except they’re secretly doing criminal work instead of the real work.”
Business email compromise (BEC) scams have long been a threat to businesses globally, and Ken warned of the difficulty in recovering money sent under false pretences.
“We worked on a large case where a well-known Australian company lost $3m to a business email compromise, and we tracked that particular one to a Nigerian group operating out of Malaysia,” he says.
“The money gets laundered through money mules – they have a separate industry for the money laundering element. The money goes straight into a mule’s account, and if we don’t freeze it immediately, it will flow to other accounts. It gets laundered by the launderer, whose job it is to get it to their partner, who’s the actual fraudster running the scam.
“These syndicates are subcontracting out the money laundering and keeping it at arm’s length, so if law enforcement pursues the money trail, they either hit a brick wall or arrest some low-level money mule.”
Crowdstrike outage aftermath: Government warnings, scam attempts, and essential steps to safeguard your business from cybercriminals.
See how a Rite Aid data breach compromised 2.2M customers’ data through an elaborate impersonation attack. Learn about the risks and preventive measures.
AT&T’s data breach exposes phone records of 110 million customers in Snowflake cyber incident, highlighting cloud security risks. Learn more.
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.
