Forget notions that physical crime today somehow operates in a separate sphere from cybercrime. That's because many criminals have become experts at embracing online attack techniques, thanks in part to a thriving cybercrime ecosystem that enables criminals to hire specialists with skills or acquire attack tools on an as-needed basis.
"What we're really witnessing today is a real evolution of traditional crime to be either cyber-dependent or cyber-enabled in some way, shape or form," cybercrime expert Raj Samani says in an interview with Information Security Media Group.
That transition has been aided by the ease and affordability with which cybercrime attack capabilities can be procured. "The technical skills required to become a cybercriminal are almost zero. All you need is a means to pay, and even that payment mechanism doesn't have to be your own card," says Samani, who's the Europe, Middle East and Africa chief technology officer for Intel Security - formerly known as McAfee. "The risk of physical harm is almost eliminated as well. No longer do you have to walk into a bank with a [mask] and the potential of being shot, but actually you can do this over a computer."
Of course, criminals are going online to do more than just perpetrate fraud. For starters, via sites on the so-called darknet, criminals can also buy and sell illegal narcotics and firearms and distributed denial-of-service attacks.
But many criminals continue to prey on victims online through simple social-engineering techniques. And such trickery can prove to be quite difficult to resist. Indeed, psychologist Robert Cialdini says there are six different psychological levers that can be used to appeal to people's subconscious, as Samani has detailed in a white paper on "Hacking the Human Operating System." These levers include appeals to reciprocation - people are naturally inclined to repay perceived favors - as well as exploiting people's tendency to comply with requests that appear to come from an authority figure. That's why criminals, for example, often add an FBI logo to their ransomware shakedown notices.
In this interview, Samani also discusses:
- The "perverse set of incentives" driving criminals to embrace online attack techniques;
- The societal challenge posed by the low technical barrier to launching cyber-attacks;
- Techniques for combatting the rise in online attacks;
- The need for better collaboration among law enforcement agencies, as well as between law enforcement and the private sector.
Samani is Intel Security's vice president and EMEA chief technical officer. He's also a cybersecurity adviser to Europol's European Cybercrime Center and the chief innovation officer for the Cloud Security Alliance. He has previously worked at the U.K. chapter of the Information Systems Security Association, consultancies CapGemini and Deloitte, and technology vendor Qualys.