There’s greater likelihood of Canadians being victims of cyber crime than of them getting mugged on the streets, experts say.
Despite its pervasiveness, most cybercrimes here go unpunished.
Canadian law enforcement officials striving to combat online crime say now, more than ever, they need the right training and tools.
Police departments here admit it’s tough just trying to keep up with the new technologies being used by the bad guys, and acquiring the resources to do that.
“It’s a big struggle,” said Ian Wilms, chair of the Canadian Association of Police Boards. (CAPB)
He said police priorities at the municipal level are – for the most part – determined by talking to the community.
The problem with many cybercrimes – such as child exploitation on the Internet – is many people aren’t aware of the gravity of the problem.
“The vast majority of Canadians don’t see that stuff, but that doesn’t mean we can ignore it,” Wilms said.
Because it’s more widespread than people may be aware of.
Then, of course, there’s identity theft – which is the fastest growing cyber crime.
It affects even those who don’t use a computer regularly, because so much information – whether government or financial – is held on computer databases nowadays, the CAPB chair said.
“You have no idea who’s got [that information] and you’re hoping they’re following good security protocols, but you don’t know.”
Adding to the ID theft menace is the fact that there are no laws in Canada that require companies to notify customers if a breach has taken place.
“We’re so successful in Canada with our policing because of our relationship with the community – for the most part the communities trust the police and will come forward,” he said.
“We need to get there on the Internet as well.”
Wilms said a virtual “neighbourhood watch” hasn’t been built up yet, so cyber criminals operate with impunity.
The antidote – a big part of it, at least – lies in setting up cross-jurisdictional task forces, he said.
Such fusion centres, he said, should include representatives from different sectors working together – the police, the legal community, the private sector, and academics.
The problem is many people don’t actually report cyber crimes. Maybe they’re embarrassed – they’ve been taken in by a Nigerian e-mail scam – or they don’t think anything is going to be done anyway.
“It’s up to us to change that mentality by building up capacity to say we can take a cyber case end-to-end and prosecute these people.”
But given the sheer magnitude of the problem that’s not an easy task.
For instance, Wilms said while Cybertip.ca – Canada’s national tipline for reporting the online sexual exploitation of children – is doing a great job, there are so many reports coming in that officers are overwhelmed.
As a result, few of those cases are actually prosecuted.
In Canada – for example – 24,000 reports of child exploitation on the Internet have only produced 30 arrests over several years.
“We need to put more resources [in place] to act on these cases, start getting results, and shut these guys down,” he said. “We need to change the whole environment of reporting to build up capacity to deal with these crimes, so we can demonstrate we’re actually going to do something with it.”
The good news is alliances between tech companies and law enforcement bodies to address cybercrime are already being forged in Canada.
For instance, the RCMP is working with Mississauga, Ont.-based Microsoft Canada Corp. as part of a global initiative to combat cyber crime.
Some areas of focus include the compromise of open wireless networks for illicit purposes, as well as the increase in social engineering attacks.
“They’re increasing in sophistication, and a lot of them are going across borders, which makes it very hard for law enforcement to deal with,” said Bruce Cowper, security lead for Microsoft Canada.
Canadians are also a big target for phishing scams aimed at pulling on the heart strings, such as disaster relief efforts.
The six-month Microsoft Security Intelligence Report (July to December 2007) found phishing attempts are increasingly being made via social networks, exploiting the trust that users place in these networks and in the social contacts developed through them.
Another big trend is around botnets – networks of compromised computers (or bots) controlled by a cybercriminal (in this case called a bot master).
While traditional botnets were used mainly to send out spam and junk mail, Cowper said these compromised compute networks are now being used for far more complex attacks.
“That makes tracking those and dealing with them much harder when you’ve got to deal with distribution across multiple borders,” said Cowper.
The Microsoft report indicated that only 13 per cent of breaches were the result of hacking, viruses and traditional threats.
Fifty-three per cent came about through the loss and theft of mobile devices.
A recent poll conducted by Harris/Decima in seven Canadian cities came up with some rather unsettling information. The poll was sponsored by Cupertino, Calif.-based security firm, Symantec Corp.
While most respondents claimed to have up-to-date security software, they were not taking the necessary precautions to acquire the latest versions once a year. 29 per cent had not bought newer versions since purchasing their PC.
Almost a quarter of city dwellers have fallen victim – or know someone who had fallen victim – to online fraud and identity theft.
Vancouver ranks highest in this category at 32 per cent
While major Canadian metros are hot spots for identity theft, social engineering and fraud, there’s also an increase of such activities in smaller cities – such as Regina and Saskatoon – as well as suburbs of large cities, said Claudiu Popa, security expert and president Informatica Corp. in Redwood City, Calif., a provider of data integration software and services.
This underlines that such attacks are being targeted geographically, Popa said. even though it seems they’re being sent out to the entire world.
“The fact is these things are targeted and they’re making their way to smaller cities,” he said. We’re also seeing an increase in more audacious types of crimes in suburbs of large cities – such as fake-front ATMs – because there’s less of a police presence there.
Popa, however, is witnessing greater collaboration between law enforcement and private sector organizations.
“Law enforcement in general needs to be constantly trained to stay on top of emerging risks and the changing landscape of cyber crime threats,” he said, especially as the line begins to blur between cyber crime and street crime.
“Suddenly there’s not going to be a line.”