|Voice of the Jaabc Editors|
The Cost of Cyber Crimes to Business and Society
Although, crime has been condemned in almost all societies, the world is adding a new kind of crime to its repertoire of illegal activities. A case in point is cyber crime. Currently, cyber crime consists of two main types of illegal activities: Internet Piracy and Computer Hacking. As you well know, piracy is illegally copying and distributing content and, in most cases, making a profit off of each transaction.
Hacking, on the other hand, is the act of breaking down and through a security measure to access information that would otherwise be inaccessible. It is sometimes done for bragging rights as opposed to profit. In this commentary, we shall focus on computer hacking rather than Internet piracy.
As you may have already read or heard, cyber crime has now surpassed illegal drug trafficking as a criminal moneymaker; somebody’s identity is stolen every three seconds as a result of cyber crime; and without a sophisticated security package, one's unprotected PC can become infected within four minutes of connecting to the Internet. The disturbing fact is that there is nothing in terms of hardware or software that is totally "unhackable".
One hears the term ‘cyber crime’ mentioned often these days, as it is a bigger risk now than ever before due to the sheer number of computer connected people and the proliferation of devices. The crime takes shape in a variety of different formats. Criminals committing cyber crime use a number of methods, depending on their skill-set and their goal. Here are some of the different ways cyber crime can be perpetrated: Theft of personal data; copyright infringement; fraud; child pornography; cyber stalking; and bullying.
As you can see, cyber crime covers a wide range of different attacks. Each type of strike deserves its own unique approach when it comes to improving one's computer's safety and protecting personal liberties and privacy. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime.
The crime may take place on the computer alone or in addition to other locations. The broad range of cyber crime can be better understood by dividing it into two overall categories for the purpose of better explanation as Type A and Type B cyber crime.
Type A cyber crime is usually a single event from the perspective of the victim. A common example would be where the unwary victim unknowingly downloads a Trojan horse virus, which installs a keystroke logger on his or her machine. The keystroke logger allows the hacker to steal private data such as Internet banking and e-mail passwords.
Another common form of Type A cyber crime is "phishing". This is where the victim receives a supposedly legitimate e-mail (quite often claiming to be a bank, credit card company or a university IT (Information Technology) department with a link that leads to a hostile website. Once the link is clicked, the PC can then be infected with a virus. Hackers often carry out Type A cyber crime by taking advantage of flaws in a web browser to place a Trojan horse virus onto the unprotected victim's computer. Any cyber crime that relates to theft or manipulation of data or services via hacking or viruses, identity theft, and bank or e-commerce fraud could be classified as Type A cyber crime.
As for Type B cyber crime tends to be much more serious and covers things such as cyber stalking and harassment, child predation, extortion, blackmail, stock market manipulation, complex corporate espionage, and planning or carrying out terrorist activities. It is generally an on-going series of events, involving repeated interactions with the chosen target. For example, the targeted victim is contacted in a chat room by someone who, over time, attempts to establish a relationship.
As the interaction grows, eventually the criminal exploits the relationship by committing a crime. Another example is when members of a terrorist cell or criminal organization may use hidden messages to communicate in a public forum to plan activities or, for example, discuss money laundering locations. More often than not, it is facilitated by programs that do not fit under the classification crime ware. For example, conversations may take place using IM (instant messaging) clients or files may be transferred using FTP.
Now that we have attempted to clarify the different dimensions of cyber crime, next we present some data regarding the cost of cyber crimes to all concerned --citizens, businesses as well as the government. For the sake of comparison, statistics on other crimes are included here:
Piracy $1 billion to $16 billion
Drug Trafficking $600 billion
Global cyber crime activity $300 billion to $1 trillion
United States only:
Car Crashes $99 billion to $168 billion
Pilferage $70 billion to $280 billion
US- cyber crime activity $24 billion to $120 billion
In terms of employment, hackers cost U.S. economy well over 500,000 jobs each year according to a study done in mid 2013. Beginning in 2000, reportedly Chinese hackers began spying on Nortel Networks as one of the world's largest telecom equipment makers. Chinese hackers broke into executives' computers to access business plans, reports, e-mails and other documents. Over the next decade, Chinese competitors supposedly used Nortel's secrets to offer competing products at lower prices, hence accelerating the company's eventual demise. In 2009, Nortel bellied up and had to file for bankruptcy.
Nortel's collapse and similar cases have prompted a new study that for the first time looked at the impact of computer hacking on the American workforce. As many as 500,000 U.S. jobs are lost each year from costs associated with cyber espionage (according to a recent report released by the security firm McAfee (an Intel company) and the Center for Strategic and International Studies). The authors of the study stated that the real threat to American workers was when a company stole information from a competitor, eventually driving that competitor out of business. The report concluded that hacking costs the overall U.S. economy as much as $100 billion each year. U.S. companies spend millions of dollars securing their networks, buying insurance and repairing their reputations after getting hacked.
American officials claim that hacking against U.S. companies has escalated in recent years, amounting to "the greatest transfer of wealth in history". A recent by the security firm Mandiant found that most of the attacks originate from an officer tower in Shanghai run by the Chinese military. U.S. officials blame China for supporting hackers who steal trade secrets from American companies, while the Chinese government vehemently denies the claims and points to new revelations about U.S. surveillance which show the Obama administration is, in fact, engaged in hacking.
The actual cost of hacking can be difficult to calculate, the report says. Companies often hide the fact that they've been attacked or are unaware their secrets have been pilfered for fear they would jinx their stock holders. It can also take several years for stolen intellectual property to appear in the form of a competing product. Furthermore, there is not always a clear link between a company getting hacked and that company laying off workers. Yet some companies still make the connection between hacking and employee layoffs.
In 2011, the Chinese wind turbine maker Sinovel suddenly stopped buying supplies from the U.S.-based American Superconductor Corp. Sinovel was its biggest customer and the decision cost the Massachusetts company (AMSC) about $700 million in lost contracts. American Superconductor later found e-mails between officials at Sinovel and one of its own employees who stole proprietary software and gave it to the Chinese company in exchange for a $1.5 million reward. The employee is now in prison.
Officials at American Superconductor say the employee's actions cost many others their jobs. Top management indicated that these criminal acts had led to significant financial harm to AMSC, its employees and their families as well as its shareholders. They also said that their company had lost within two years more than 500 staff members worldwide. These jobs were lost following Sinovel's unfair and unlawful behavior.
Nortel, for its part, was the world's second-largest maker of telecommunications equipment in the 1990s, with more than 90,000 employees around the world. After its bankruptcy, almost everyone was laid off and many employees lost their disability insurance as the company sold off its assets for nothing.
According to Nortel's former security adviser, the company's downfall was inevitable after Chinese hackers infiltrated its computers. It was impossible for Nortel to compete against Chinese telecom companies like Huawei, which has been linked by U.S. officials to hacking in China.
Hackers reverse strategic advantage from a decent company to a cyber criminal. How could the U.S. company survive when they have a competitor out there which knows all their moves, what they are doing, and what they plan to come up with future products. In such a situation, the U.S. company falters, fails and the cost to business would be prohibitive. The domino effect, would hurt society in terms of loss of investment and unemployment. The international community should join forces to mitigate, if not to eradicate, cyber crimes which touches us all regardless where we live and work.
Z. S. Demirdjian, Ph.D.
Senior Review Editor
California State University, Long Beach, CA