Thought for the day: Organised crime sews up internet scams

Where do we start in defending ourselves against the ever growing internet scams, asks Simon Moores

Simon Moores  

Where do we start in defending ourselves against the ever growing internet scams, asks Simon Moores





Anything is possible on the internet. In this case the NHTCU have, with the help of the Russian Federation police, "bagged" 10 of the bad guys who have been attempting to extort money from online sports books, the online equivalent of the high street bookmaker.

These hackers have been plaguing British bookies since October 2003 by attacking their websites before major sporting events, such as the Cheltenham Festival, the Grand National and the Six Nations.

Illustrating the power of distributed denial-of-service attacks (DDOS), the Russian gang were reportedly demanding payments of up to $40,000 (£21,000) to go away. But such is the growing popularity of computer crime in the old Soviet Union, one can bet that for every gang that succeeds or ends up doing time in the Siberian Gulag, several more will spring up to take their place.

It’s just as bad in Nigeria with any attempt to halt the tide of 419 (advance fee) scams from bogus businessmen and dictators who claim that they would like to borrow your bank account because you are a trustworthy person.

A major attempt by the Dutch police to clamp down on the fraud collapsed in court this month with the defendants walking free and in Nigerian capital Abuja, the trial of three people, all accused of 86 counts of defrauding an employee of a Brazilian bank of $242m also collapsed after the judge said he had "no jurisdiction to hear it".

That said, I did find myself speaking with two leading international police officers this month, who both winced when I mentioned Nigeria and the problem of 419 scams.

It appears that nobody has ever been convicted for this kind of fraud and the most successful of the con men all cluster around a well-known private lake development in the country which is named after them, allegedly.

So there’s the problem. Each nationality appears to have its own style or favourite scam on the internet. The police hardly need to look at the IP addresses, they can take an educated guess and catch an EasyJet flight to the capital of the most likely country and hope that their government has some legislative framework for dealing with computer crime as it is described and defined by the Council of Europe Cybercrime Convention.

Until not so long ago, robbing the British of "Danegeld" on the present scale involved wearing a horned-helmet, having a small boat or perhaps an army and at least some kind of physical presence.

Today, however, looting and pillaging is an armchair sport with a minimal risk, with a cheap personal computer acting as a force multiplier that the Vikings could never have dreamed of.

Unfortunately, no country that I’m aware of has sufficient resources to do more than fight the fires as they break out. As an example, Interpol has three officers tasked with its computer crime remit in Europe, Africa and the Middle East.

Computer crime pays and it pay very well indeed for the organised criminal gangs that are busy buying-up properties across Europe and exotic locations such as Dubai.

All business, in particular bookies, can do is adopt an expensive defensive posture and wait for the next attack but with Spamhaus telling me that thanks to Trojan viruses as many as 50,000 new proxies are appearing each week.

How, I wonder, do we even attempt to defend ourselves against denial-of-service attacks and the other new and highly effective weapons that make up the new digital arsenal of organised crime? It’s not a question of whether we can win but more of a question of where do we start?

Setting the world to rights with the collected thoughts and opinions of leading industry analyst Dr Simon Moores of Zentelligence.

Acting globally, Zentelligence (Research) advises governments, suppliers, business and the media on the evolution, application and delivery of leading-edge technologies and specialises in the areas of eGovernment and information security.

For further information on Zentelligence and its research, presentation and analyst services visit


Read more on IT risk management