One in 10 people in England and Wales have been victims of cybercrime in past year, first official figures show

Police chiefs have called for a national campaign against online fraud and other cybercrime on the scale of last century’s seatbelt and drink-driving campaigns in the wake of figures showing that one in 10 adults have been victims of such offences in the past year.

Chris Greany, the City of London police’s economic command head, said that with around 1m cases reported to Action Fraud in the last year alone, it was not possible for all cases to be investigated.

On Thursday the Office for National Statistics said there had been more than 5.8m incidents of cybercrime in the past year, far more than previously thought and enough to nearly double the headline crime rate in England and Wales.

The first official estimate of the true scale of online shopping scams, virus attacks, thefts of bank details and other online offences was much higher than an initial ONS estimate in October last year, which put the annual figure at 3.8m, or 40% of all crimes.

Greany said fraud now cost an estimated £193bn a year and with half of all crimes against people in the UK being committed from abroad, it was becoming more challenging for police to tackle.

“Law enforcement agencies are becoming increasingly successful at targeting the most serious offenders; however, the scale of the challenge is such that prevention, and helping businesses and individuals protect themselves, is the only long-term way of combating the escalating threat,” he said. “That includes all industries taking proper steps to protect their customers from becoming victims of fraud.”

Greany endorsed a call for a national fraud and cybercrime campaign on a par with the seatbelt and drink-drive campaigns of the 1980s and 90s to create a more internet-savvy society.

Deputy chief constable Peter Goodman, the National Police Chiefs’ Council lead on cybercrime, said such offending was no longer a curiosity or a new specialism in policing. “The priorities for law enforcement are to make the UK a hostile place for cybercriminals to operate, improve the response to victims and develop capabilities in local forces. Transforming our response to these crimes is a challenge but it is a priority for investment in policing,” he said.

In March the Metropolitan police commissioner, Sir Bernard Hogan-Howe, was criticised for suggesting bank customers who were victims of online fraud should not be refunded by banks if they had failed to protect themselves from cybercrime.

Source: Cybercrime figures prompt police call for awareness campaign | UK news | The Guardian


The head of a U.S. banking regulator on Thursday said he was unaware of any efforts by his staff to cover up hacking of the agency’s computers by a foreign government in 2010 and 2011, as outlined by a congressional report.

Federal Deposit Insurance Corporation Chairman Martin Gruenberg told a hearing of the committee that published the report that he first learned of the security breach in 2011 when he was the FDIC’s acting chairman.

Lawmakers questioned Gruenberg about his knowledge of what the report described as a cover-up by a senior FDIC executive who ordered staff not to disclose the hacks for fear of endangering Gruenberg’s confirmation to the chairman’s post by the U.S. Senate.

“I can’t speak to the accuracy” of those allegations, Gruenberg said. He said repeatedly he did not know of staff efforts to conceal the intrusions.

The House of Representatives Committee on Science, Space and Technology report issued on Wednesday said the Chinese government appeared likely to have been behind the hacks. It cited an investigation by an internal watchdog of the FDIC, which is a major banking regulator that keeps confidential data on U.S. banks.

Gruenberg said he made personnel changes after receiving a report in 2013 informing him that he was not fully briefed about the hacks.

The Republican-led committee has been critical in recent months of the FDIC’s handling of cyber security incidents under Gruenberg, who was nominated by President Barack Obama and confirmed by the Senate in 2012.

“There is a culture of concealment at the FDIC,” said Lamar Smith, a Republican from Texas who heads the committee.

Asked what damage a foreign government could do with stolen FDIC information, the regulator’s inspector general pointed to details on bank contingency plans for bankruptcy, known as living wills, which could be used against U.S. financial institutions.

“That information could be extremely valued by an adversary,” FDIC Inspector General Fred Gibson told the hearing.

Gruenberg said the FDIC was updating cyber security policies after a subsequent 2015 data breach in which a former employee kept copies of living will information after leaving the regulator. Neither the FDIC nor lawmakers have said the hack by the foreign government was connected to the data breach involving the former employee.

Gruenberg said policy changes were being taken to address such “insider threats” with a governance structure to be finalized by Oct. 28.

Source: U.S. bank regulator chief unaware of any hacking cover-up: hearing | Reuters


For the last few years, American technology giants have been embroiled in a power struggle with the United States government over when authorities get to see and use the digital data that the companies collect.On Thursday, Microsoft won a surprise victory in one such legal battle against the government over access to data that is stored outside the United States.In the case, the United States Court of Appeals for the Second Circuit reversed a lower court’s ruling that Microsoft must turn over email communications for a suspect in a narcotics investigation stored in a Microsoft data center in Dublin. The case had attracted widespread attention in the technology industry and among legal experts because of its potential privacy implications for the growing cloud computing business, with implications for internet email and online storage, among other services.Had the United States government prevailed, Microsoft and others warned, it would set a dangerous precedent that would make it increasingly difficult to resist orders from foreign courts demanding data, such as email from human rights activists or political dissidents. Corporate and government customers abroad also might be unwilling to use cloud services from Microsoft if they thought their data could be seized by American courts, Microsoft said.The Justice Department, which brought the case, had argued that Microsoft’s status as a company based in the United States gave it authority to obtain its data, even if the data was stored outside the country.The case is part of the broader tussle between American technology companies and the United States government over digital data. While the companies have often invoked privacy rights to resist government interference with the data and to protect their business, law enforcement authorities have argued they need the data access for security reasons. Earlier this year, when Apple battled the F.B.I. over whether to help the agency break into a locked iPhone that had been used by a gunman in a mass shooting, the security and privacy of digital data was also invoked.On Thursday, Bradford L. Smith, Microsoft’s president, said the court’s ruling was a victory for digital privacy rights. He added that the adoption of cloud services by customers in some countries, especially in the public sector, had slowed as a result of the uncertainty around the privacy of their communications.

Source: Microsoft Wins Appeal on Overseas Data Searches – The New York Times


Two-Year Legal Saga Of Chinese Cyber Hack Of U.S. Military Aircraft May Be Ending.

On 28 June 2014, a Chinese businessman based in Canada was arrested on the charge of stealing information about a raft of U.S. military aircraft and weapon systems. This particular case of industrial espionage was described by the U.S. Justice Department as being “unusual for the tremendous amounts of data that is involved.” According to e-mails that were obtained by the U.S. Federal Bureau of Investigation (FBI), “tremendous amounts” came to more than 65 gigabytes over one specifically identified two-year period and involved “dozens of U.S. military projects.”

The businessman in question, Su Bin, finally agreed a plea deal with the U.S. government in March of this year in which he admitted using his company, Lode Technology, to steal data in U.S. military aircraft and weapons programs for years. Court documents also detail how he then collaborated with contacts inside of the People’s Republic of China (PRC) to sell this information to various Chinese military aircraft R&D and production centers.

The data is reported to have been stolen from different computer systems included detailed information on the Boeing C-17 Globemaster cargo lifter and two jet fighter programs for which Lockheed Martin is the prime contractor—the F-22A Raptor and F-35 Joint Strike Fighter (JSF).

Source: Cyber Warfare Episode Plays Out in Court Case | Defense News: Aviation International News


Information security leaders often defend against cyber threats by focusing on traditional IT tools and techniques — firewalls, intrusion detection and prevention systems, malware detection and analysis and the like. As organizations have locked down systems with more sophisticated defense-in-depth technical controls, adversaries have evolved to take advantage of information systems by impersonating regular users. While there are some similarities between cybersecurity and fraud, traditional cybersecurity monitoring and analytics must evolve in order to identify the fraudulent use of IT systems that may otherwise go unnoticed.

Source: Extending cybersecurity to fraud analytics — GCN