Pirate's Cove: The western havens

The long view of security strategies for your network.

This is the second in a set (see part 1) of four articles by Kathleen E. Hayman, Michael Miora, CISSP-ISSMP, FBCI and Allen P. Forbes that examines the threat of cybercrime in business-to-business activities. This part presents some top-level findings and analyses about the environment or climate affecting the activities of pirates and privateers in North America, Europe and the former Soviet Union.

* * *

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

This is the second in a set (see part 1) of four articles by Kathleen E. Hayman, Michael Miora, CISSP-ISSMP, FBCI and Allen P. Forbes that examines the threat of cybercrime in business-to-business activities. This part presents some top-level findings and analyses about the environment or climate affecting the activities of pirates and privateers in North America, Europe and the former Soviet Union.

* * *

Where Are the Havens?

Misha Glenny states in McMafia: A Journey Through the Global Criminal Underworld that three factors are essential to fostering growth of cybercrime in a country. These are, "…steep levels of poverty and unemployment; a high standard of basic education for a majority of the population; and a strong presence of more traditional organized crime forms." (p 273)

Glenny continues, "Nobody fits the bill better than the so-called BRIC nations —Brazil, Russia, India, and China. These are the leading countries among the emerging markets, the second tier of global power after the G8 (though politically Russia straddles the two)." All of these nations are attractive to corporations attempting to diversify their markets to continue or enhance their corporate competitiveness in the global market.

North America

Much of the cybercrime in North America appears to originate from within North America. According to the 2008 IC3 Annual Report, released in March 2009 by the Internet Fraud Complaint Center (IFCC), now called the Internet Crime Complaint Center (IC3), Internet fraud in the U.S. has been increasing as the global economy worsens. Most attacks on U.S. entities are based out of the U.S. itself, Canada, the United Kingdom, Nigeria and China. In 2008, the most common complaints the organization received were the non-delivery of promised merchandise, auction fraud, credit card fraud and investment scams. Perhaps non-delivery, auction fraud and investment scams require a slightly higher degree of cultural savvy than other cybercrimes, though there is insufficient evidence to draw solid conclusions.

The IC3 report over half of known Internet fraud perpetrators resided in California, Florida, New York, Texas, District of Columbia or Washington. These are, however, the most populous areas of the U.S. On a per capita basis, the District of Columbia, Nevada, Washington, Montana, Florida and Delaware have the most perpetrators of Internet fraud.

However, organized cyber-gangs based in Eastern Europe have also been increasingly targeting small to midsized U.S. companies' financial holdings, according to an alert released by the Financial Services and Information Sharing and Analysis Center (FS-ISAC). Since these attacks are on smaller, lesser-known companies, they do not receive the degree of media attention as the larger-scale attacks have seen. Many of these "cyber-gangs" use scamming, phishing and the more precise "spear-phishing," a highly targeted phishing attack, in their methods.

Within the North American context, U.S. and Canadian cyber law enforcement resources are gaining ground. Despite the controversy surrounding the creation and appointment of a U.S. cyber security czar, the fact that such experimentation with cybersecurity strategies is even occurring is heartening. North America generally appears to have law enforcement entities generally sympathetic to the cybersecurity needs of the private sector.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.