Fri, 08/18/2017 – 12:00pm
Editor’s Note: Welcome to my weekly column, Virtual Case Notes, in which I interview industry experts for their take on the latest cybersecurity situation. Each week I will take a look at a new case from the evolving realm of digital crime and digital forensics. For previous editions, please type “Virtual Case Notes” into the search bar at the top of the site.
Cybercrime if often thought of as something that only happens within the generalized, invisible space of the internet. It is seen as virtual rather than physical, and those who commit cybercrime are thought of as anonymous individuals whose activities are all within the confines of the web. Run an image search for “hacker” or “cybercriminal” and you will see plenty of pictures of people with their faces hidden by hoods or masks, sitting alone in a dark room in front of a computer. But what if, instead of a hooded loner, the universal image of cybercrime was that of a group of neighbors in an impoverished part of the world, gathered together at a local cafe?
The latter is a new picture of cybercrime that researchers Jonathan Lusthaus and Federico Varese hope to make more people aware of in their recent paper “Offline and Local: The Hidden Face of Cybercrime.” The co-authors, working on the Human Cybercriminal Project out of the sociology department of the University of Oxford, traveled to Romania in 2014 and 2015 to study the oft-ignored real-world aspect of cybercrime in an area known to be a hub for one specific form of this crime—cyber fraud.
The town of Râmnicu Vâlcea, which has a population of around 100,000, has faced some economic setbacks in the last decade, including the loss of a major employer, a chemical plant; in addition, the average monthly salary in Romania as a whole (in 2014) was only €398 compared to €1,489 across the European Union. However, upon arriving in town, Lusthaus and Varese found themselves surrounded by luxury cars, “trendy” eateries, and shopping malls stocked with designer clothes and electronics. Though Râmnicu Vâlcea is poor “on paper,” the town seemed to be thriving, and interviews with Romanian law enforcement agents, prosecutors, cybersecurity professionals, a journalist, a hacker, and a former cybercriminal would soon give the researchers a clue as to why that might be.
“It was rumored that some 1,000 people (in Râmnicu Vâlcea) are involved almost full-time in internet fraud,” Varese told me, explaining why the town sometimes nicknamed “Hackerville” became a key target of their research (although the authors point out, in their paper, that the more accurate term would be “Fraudville,” as scams are focused more on the sale of fake goods than hacking or the spread of malware).
Varese said major findings from their interviews in Râmnicu Vâlcea as well as the Romanian cities of Bucharest and Alexandria were that cybercriminals knew each other and interacted with each other at local meeting spots offline, such as bars and cafes; that they operated in an organized fashion with different people filling different roles; that many in the town were aware of the organized crime but either didn’t say anything or sought to become involved themselves; and that there have been several cases throughout the years of corrupt officials, including police officers, who accepted bribes from the fraudsters and allowed them to perpetuate their schemes without interference.
“These are almost gangs,” Varese said. “They are not the individual, lonely, geeky guy in his bedroom that does the activities, but it’s a more organized operation that involves some people with technical skills and some people who are just basically thugs.”
The paper describes a culture of local complacency, often under threat of violence by a network of seasoned cybercriminals. This picture is far from that of the anonymous, faceless hacker many have come to envision, and instead reveals how internet crime can become embedded in specific populations.
“Most people think of cybercrime as being a global, international sort of liquid problem that could be anywhere and could come at you from anywhere,” Varese said. “In fact, the attacks—the cybercrime attacks or the cyber fraud—really come from very few places disproportionately. So cybercrime is not randomly distributed in the world. It’s located in hubs.”
Cultural and Human Factors
I asked Varese two major questions—why Romania and why cybercrime, as opposed to other forms of profitable crime? He responded that a look at the country’s history reveals why, instead of weapons or drugs, criminals in Romania might turn instead to their computers.
“Romania is a very special place. Mainly because, during the dictatorship of Nicolae Ceaușescu—that was the communist dictator that ruled Romania from the 60s to the 90s—he emphasized the importance of technical education, and especially IT,” Varese explained. “There was a very good technical basis among people. When the internet arrived, a lot of Romanians built up their own micro-networks. And so it turns out that when the regime fell, Romania turned out to be a country which was very, very well-connected.”
The high level of technical education, combined with a high level of poverty and a high level of corruption—as shown in the paper, which points out that Romania’s score on Transparency International’s 2016 Corruption Perceptions Index is only 48 out of possible 100—created a perfect storm for a culture of cybercrime to grown, Varese said.
But Romania is not the only place where cybercrime is highly concentrated and where online activities are strongly tied to offline factors. Varese identifies Vietnam in Asia, Nigeria in Africa and Brazil in the Americas as three other cybercrime hubs. Varese and his coauthor also plan to take their future research to Eastern Europe, where “corruption and the technical and economic of legacy of communism” have created “a highly conducive environment for cybercrime,” their paper states.
Varese hopes this sociological research will help authorities recognize and manage the human element of cybercrime that is often ignored in the fight against online threats.
“We have been seeing that there is a lot of technical expertise and a lot of emphasis is put on the technical solutions to cybercrime—we have to have better antivirus, better software, and so on and so forth, which obviously is very, very important,” Varese said. “But very little is said about the fact that cybercriminals are people. They live in a particular context, they are people like us and they of course commit crime, but they have the same sort of dilemmas that other criminals have got—who can I trust? How can I hide my identity? How can I get the money? All of these—these are human problems as opposed to technical problems.”
Varese says the solution is for nations to work together to quell the problem of cybercrime in specific locations.
“To withgo from international cooperation and from international security cooperation in Europe is extremely dangerous, because we leave ourselves more exposed to crime,” he said. “International cooperation, engagement with the countries where the criminals are mostly located, is absolutely crucial.”