Scammers known, but not arrested: ex-cop

Scammers known, but not arrested: ex-cop

Summary: It's no secret that international scammers are targeting high-profile Australian banks, but not enough is being done to catch these black hats red-handed, according to Macquarie University's Centre for Policing, Intelligence and Counter Terrorism lecturer Stephen McCombie.

SHARE:
TOPICS: Security, Banking
1

It's no secret that international scammers are targeting high-profile Australian banks, but not enough is being done to catch these black hats red-handed, according to Macquarie University's Centre for Policing, Intelligence and Counter Terrorism lecturer Stephen McCombie.

(Credit theft image by Don Hankins, CC2.0)

Speaking at Informa's inaugural Cybercrime Symposium late last week, McCombie said that Australia's financial industry developed into a perfect storm in its early years, with Commonwealth Bank customers falling victim to the world's first online banking phishing scam in 2003.

He said one of the reasons that Australia was targeted first was because our banks were one of the first to allow third-party payments.

"We're just the perfect environment, where we're advanced in internet banking technology to allow the frauds to occur, and also the [ideal] concentration of customers."

Due to the fact that there are far fewer banks than customers, the probability for a phisher to guess which bank a victim belongs to is quite high.

From McCombie's own experience — including a 14-year stint with NSW Police as a detective, and a former role with National Australia Bank's IT security assessment and response team — scammers are more likely to come from eastern parts of Europe, and countries like Russia and Ukraine, rather than from China.

He said that by following the money trail, it is easy to see which parts of the world scammers are coming from. He added, however, that law-enforcement organisations aren't doing enough to make arrests, or at least make life difficult for scammers.

"I don't see that being done today. The data's all available ... all that stuff's reported. It's not a complicated profile to identify, but, as far as I know, they're not proactively doing that."

The data that McCombie referred to is from the Australian Transaction Reports and Analysis Centre (AusTRAC), which receives reports from organisations that transfer funds of $10,000 or more. This includes members of the public who are obliged to notify authorities when they are carrying more than $10,000 while travelling overseas.

McCombie states that scammers using services like Western Union can easily be tracked, since these transactions would be picked up by AusTRAC in its normal operations, and that scammers can even be located.

"There's a lot of data in the hands of AusTRAC. All international transactions are captured by AusTRAC. All of this data is sitting there. You don't have to do a lot of work to identify transactions going to Eastern Europe of certain amounts. The profiling ... wouldn't be too hard. The suspect locations are pretty clear, if you look at the data."

He said that typically, scammers come from St Petersburg, Russia, and they tend to be the result of a society that has higher incidences of corruption, but also very high levels of education.

"Russia, I think, has the highest number of science graduates, second highest number of engineering graduates in the world, so a lot of technical, high-level education being provided in those countries, but at the same time, a very corrupt society, high level of organised crime, combined together with this internet access."

Topics: Security, Banking

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Hmmm

    If the Police are unwilling or unable (Hands tied by legislation and lack of treaties), then perhaps the "Cyber Posse" may not be such a bad thing.

    http://www.zdnet.com/the-dawn-of-the-cyber-posse-1339338618/
    Tonydid