PREVIOUSLY: THE STATE OF CYBER CRIME TODAY
Patrick Gray (PG): Now one of the trends that you outline in your book is concerns cyber crime could start originating out of Africa in a big way - it doesn't seem to be a real hotbed for criminal activity at the moment, but you say that it could be in the future. Can you explain why that is?
Nigel Phair (NP): There has been plenty of criminal activity generally come out of Africa in recent years and from a technology and cyber perspective I suppose you'd look at the use of the traditional 419 letters going online. Unfortunately people still get sucked into those and that goes back to my earlier comment of people changing their behaviour. But certainly they're building more Internet connectivity in those regions and the people are getting more savvy with technology. There's some really good criminal minds over there that hide behind state barriers and it will be a good place to base yourself to do some serious cyber criminal activity in the future.
PG: Now also we often hear that organised crime is very much involved in criminal activity conducted over the Internet in things like phishing and that type of fraud. Do these criminal organisations have tendrils, do they have people on the ground within Australia or is it purely a type of crime that is conducted from beyond our shores?
NP: I think the important thing in answering that question is what you talk about with organised crime. I don't believe that there is organised crime groups per se on the Internet and by that I mean your traditional hierarchical of groups that you might have had with Mafia people; people historically taking over the garbage in New York City for example or certain organised crime groups doing certain drug importations and they control every part of it. What we're seeing with the Internet and with crime on it, is organised criminal networks as opposed to groups. This is where you've got people forming an alliance to conduct and exploit -- whether it be a zero day attack or a phishing scam or something similar -- and they get together, they pool their resources of skills and expertise and they'll buy in the product they need, whether they need a botnet or something like that. They will do it and then go their own ways.
PG: So it's not so much a hierarchical organisational structure; you are looking more at a distributed organisation structure in these cases?
NP: Absolutely. The great thing is that because of the phenomenon of the net, they never need to meet. All they've got to do is distribute the money somehow because that's what crime is all about. They never need to meet so they anonymise themselves at all steps and it makes it obviously very difficult for law enforcement.
This interview originally ran on ITRadio.com.au's Risky Business podcast, which can be downloaded here.