By Tim Johnson
McClatchy Washington Bureau
WWR Article Summary (tl;dr) A new report reveals more than 2 billion people worldwide may have had their personal data stolen or compromised. The amount of ransomware and other attacks is so large that law enforcement can confront only the cases involving the greatest damages.
WASHINGTON
The amount criminals earn off ID theft, hacking and other forms of cybercrime worldwide is approaching the levels of global drug trafficking, and rising rapidly, experts say.
Hackers display “shocking inventiveness” in leveraging technology for extortion as they cause losses of up to $600 billion a year from cybercrime, said James A. Lewis, senior vice president of the Center for Strategic & International Studies.
The Washington think tank and a global computer security company, McAfee, released a joint report Wednesday that described cybercrime as a business of unrelenting growth that floods the internet with a “staggering” amount of malicious activity.
“The situation is getting worse, not better. The trend line is not moving in the right direction,” Howard Marshall, deputy assistant director of the FBI’s cyber division, said in commenting on the report.
Cybercriminal gangs adopt technology so fast that “about five minutes after release, we’ll see it” in use, Marshall said. Moreover, gangs use anonymizing software and digital currencies that bedevil law enforcement officers trying to track those behind cyber extortions.
More than 2 billion people worldwide may have had their personal data stolen or compromised, the report said. The amount of ransomware and other attacks is so large that law enforcement can confront only the cases involving the greatest damages.
“We talked to one of the bigger (FBI) field offices in the U.S. and they said, ‘We have a million-dollar threshold.’ There’s just too much cybercrime for them to look at anything below a million dollars. That’s just wild. The tide of crime is so overwhelming,” Lewis said.
The report did not break down cybercrime cost estimates by country, rather by region. For North America, it estimated annual losses at between $140 billion and $175 billion.
The Council of Economic Advisers, a research arm under the White House, issued its own estimate last week, saying malicious cyber activity “cost the U.S. economy between $57 billion and $109 billion in 2016.”
Estimates diverge because little reliable data are collected and many victims do not come forward to police.
“Law enforcement has openly confirmed that they suspect that less than 5 percent of crimes are actually reported,” Raj Samani, chief scientist at McAfee, said in a telephone interview earlier in the week.
The scale of global drug trafficking is also the subject of some economic guesswork. A 2012 estimate from the United Nations Office on Drugs and Crime put the cost of transnational crime at $870 billion, with $600 billion coming from drug trafficking.
One retired U.S. brigadier general who was once involved in federal cybersecurity efforts, when asked about the $600 billion estimate of cybercrime losses, said, “I think it is low.”
McAfee and CSIS researchers said they pulled together data through interviews with law enforcement or intelligence officials, or other research, on 50 countries.
“Cybercrime is a growth industry,” Samani said, adding that hackers “very, very quickly and very, very simply have the ability to make huge sums of money, and target people outside of (the) jurisdiction of your law enforcement agency.”
Samani said his hope is that consumers will recognize that cybercrime “is not an IT issue. This is broader. This has an impact on economic growth. This has an impact a lot more than, ‘My computer had to be rebuilt.'”
The report identified an expanding array of countries as cybercrime hot spots, specifically Brazil, India, North Korea and Vietnam.
“One European intelligence official told us there are 20 to 30 European criminal gangs that are better than most nation states when it comes to hacking,” Lewis said, adding that researchers were told “there’s roughly 300 people in the world _ most of them Russian speaking _ who are at the epicenter of cybercrime.”
The encryption widely used by hackers has made the job of crime fighters worldwide “much more complex, much more difficult,” Marshall said.
But occasionally authorities have issued blows against major alleged cybercrime figures. Last July in Bangkok, Thailand, authorities arrested a 26-year-old Canadian, Alexandre Cazes, the suspected founder of AlphaBay, an infamous dark net marketplace for drugs, chemicals, weapons and fake IDs. Cazes was later found dead in his jail cell.
Unlike renowned drug traffickers like the Medellin Cartel kingpin Pablo Escobar, who maintained an army of bodyguards to protect him before his death in 1993, cybercrime figures often lurk in plain sight.
“You don’t necessarily have to have a cartel-like organization to support you if you can hide in the shadows and obfuscate who you are and where you are and what you do,” Marshall said.