0:00:02 > 0:00:04It's known as the dark side of the web.
0:00:04 > 0:00:07A world with no rules, where the criminal is king.
0:00:07 > 0:00:10Money was just haemorrhaging out of the account.
0:00:10 > 0:00:13It's taken us 20 years to save, ten minutes to go.
0:00:13 > 0:00:16Our investigation takes us from the foot soldiers of fraud...
0:00:16 > 0:00:18I can rob you now without ever having to meet you.
0:00:18 > 0:00:21..to the heart of international cybercrime.
0:00:21 > 0:00:23They can sell drugs,
0:00:23 > 0:00:26they can assassinate people or order an assassination.
0:00:31 > 0:00:34And we explore a world growing more toxic by the hour.
0:00:34 > 0:00:37A lot of businesses may not recover from a cyber attack.
0:00:37 > 0:00:41It is a question of when you will get infected, not if.
0:00:41 > 0:00:45Tonight, we investigate the world of online gangsters.
0:01:03 > 0:01:08In the UK we spend half a billion pounds via the internet every week.
0:01:08 > 0:01:10But exactly how safe is our money?
0:01:12 > 0:01:15Cybercrime is on the rise,
0:01:15 > 0:01:19and so too is the sophistication of the criminal networks targeting us.
0:01:19 > 0:01:23This growing underworld is determined to part us
0:01:23 > 0:01:25from our hard-earned cash.
0:01:25 > 0:01:26But in this most anonymous of crimes,
0:01:26 > 0:01:30exactly who are the criminals, and are they winning?
0:01:33 > 0:01:36"...So the next day, he set out at sunrise.
0:01:36 > 0:01:39"But he couldn't see a star anywhere..."
0:01:39 > 0:01:43Last year head teacher Jennie King was the victim of a cyber attack
0:01:43 > 0:01:45which cleared out her bank account.
0:01:45 > 0:01:47I think I'm quite savvy
0:01:47 > 0:01:49and quite banking savvy.
0:01:49 > 0:01:52I have banked with the same bank for 30-odd years.
0:01:52 > 0:01:56I thought that this is the kind of thing that would never happen to me.
0:01:56 > 0:01:58Here's how the attack worked.
0:01:58 > 0:02:01Jennie received a call saying there had been some unusual activity
0:02:01 > 0:02:02on her credit card.
0:02:02 > 0:02:05She hung up and called her bank
0:02:05 > 0:02:07using the number on the back of the card.
0:02:07 > 0:02:09I picked up the phone, checked there was a dial tone
0:02:09 > 0:02:12because that's what you do, dialled the number on the back of my card.
0:02:12 > 0:02:16It rang for three or four rings and a woman picked up the phone.
0:02:16 > 0:02:20She asked me for all the normal security information.
0:02:20 > 0:02:24Jennie was told that her account had been hacked and money stolen.
0:02:24 > 0:02:26Her best bet, said the woman,
0:02:26 > 0:02:31was to transfer whatever money was left into a separate safe account.
0:02:31 > 0:02:34She gave me account details, I transferred it all in.
0:02:34 > 0:02:38And then I hung up.
0:02:38 > 0:02:40So then what you did was,
0:02:40 > 0:02:45you transferred everything from your accounts
0:02:45 > 0:02:49- into this new, safe secure account? - That's right.
0:02:49 > 0:02:51How much did you transfer?
0:02:51 > 0:02:54£15,500.
0:02:54 > 0:02:58A criminal gang, having already obtained Jennie's personal details,
0:02:58 > 0:03:03had successfully tricked her into handing over her hard-earned cash.
0:03:03 > 0:03:06When she had called her bank back the scammers had simply
0:03:06 > 0:03:10stayed on the line, feeding in a fake dialling and then ringing tone.
0:03:10 > 0:03:14As Jennie had transferred the money herself, the bank refused a refund.
0:03:17 > 0:03:22We'd saved over 22 years, our money in a jar,
0:03:22 > 0:03:26pennies in a jar, which is ridiculous. And that had gone.
0:03:26 > 0:03:27What, your life savings?
0:03:27 > 0:03:30Taken us 20 years to save, ten minutes to go.
0:03:30 > 0:03:32To somebody who stole it.
0:03:37 > 0:03:43One phone call, ten minutes, and thousands of pounds gone.
0:03:48 > 0:03:51One in five internet users says that last year
0:03:51 > 0:03:56someone tried fraudulently to get hold of their banking details.
0:03:56 > 0:03:59The criminals behind these attacks are after two things -
0:03:59 > 0:04:04your money, and your personal information for future attacks.
0:04:04 > 0:04:08So how much is our money really under threat?
0:04:08 > 0:04:11Well, one clue might be in the explosion of language
0:04:11 > 0:04:15to cover the various cybercrimes.
0:04:32 > 0:04:35More than three-quarters of households in Scotland
0:04:35 > 0:04:37now have internet access.
0:04:37 > 0:04:40Keeping pace with this is the rise in cybercrime,
0:04:40 > 0:04:45thought to be costing the UK economy more than £80 billion a year.
0:04:45 > 0:04:50Such is its growth that an entire new industry has been born.
0:04:54 > 0:04:57I've come to the heart of Oxfordshire where I've managed
0:04:57 > 0:04:59to get access to the head of global security
0:04:59 > 0:05:03for one of the world's top software companies.
0:05:03 > 0:05:06- Hey. How are you? Welcome to Sophos.- Thank you.
0:05:06 > 0:05:07James Lyne is 27.
0:05:07 > 0:05:11His knowledge of data technology and hacking saw him recruited
0:05:11 > 0:05:15as a teenager to help the government with computer security.
0:05:15 > 0:05:20He is now regarded as one of the world's foremost experts.
0:05:23 > 0:05:25There are lots of cybercriminals out there
0:05:25 > 0:05:28who are very, very interested in stealing information about you,
0:05:28 > 0:05:31and in particular your finances.
0:05:31 > 0:05:34So going after your credit card number, your banking information,
0:05:34 > 0:05:38those are very valuable to cybercriminals for purposes of frankly
0:05:38 > 0:05:41good, old traditional fraud. But of course, the internet has opened up
0:05:41 > 0:05:45new opportunities to scale that up to thousands of people, rather than
0:05:45 > 0:05:50hitting people on the high street as traditionally they may have done.
0:05:50 > 0:05:53'What he shows me next is shocking.
0:05:53 > 0:05:57'A hacking kit you can download which targets your victims for you,
0:05:57 > 0:06:02'sending out spam e-mails with hidden viruses on your behalf.
0:06:02 > 0:06:06'That's right, a ready-made kit for everything a criminal needs
0:06:06 > 0:06:09'to hack a computer.
0:06:09 > 0:06:11'When your victim clicks on the e-mail,
0:06:11 > 0:06:14'the virus infects the computer, allowing you access
0:06:14 > 0:06:18'to their data, such as bank account details and passwords.'
0:06:18 > 0:06:22Here we've got a copy of Crimepack.
0:06:22 > 0:06:25This is one of my personal favourites, and I love it
0:06:25 > 0:06:29because the graphics are just... They're very criminal, aren't they?
0:06:29 > 0:06:32I know. We've got the money, the guns, we've got the cocaine.
0:06:32 > 0:06:35Some drugs, yeah, exactly. It's quite a nice image really,
0:06:35 > 0:06:37they've really invested in the user interface.
0:06:37 > 0:06:41So let me show you how one of these exploit packs actually works.
0:06:41 > 0:06:43These are the tools that the cybercriminals use
0:06:43 > 0:06:46to distribute their malicious code and then control it.
0:06:46 > 0:06:50So this shows how many people have hit this particular crime pack
0:06:50 > 0:06:53as well as the exploitation rate,
0:06:53 > 0:06:56how many people have they successfully infected.
0:06:56 > 0:06:59Down here you can see the different methods that they're using
0:06:59 > 0:07:00to infect the computers
0:07:00 > 0:07:03and the different operating systems that they're hitting as well.
0:07:03 > 0:07:05Now, this is very easy to use.
0:07:05 > 0:07:09- You don't have to be an expert at all.- Is this illegal?
0:07:09 > 0:07:11Depends on the cybercrime laws of the country.
0:07:11 > 0:07:15The interesting thing is, very often it's not illegal to make this
0:07:15 > 0:07:20software, but it's illegal to use it to infect the system
0:07:20 > 0:07:22and gain unauthorised access.
0:07:22 > 0:07:25In the UK, it's legal to buy, illegal to use.
0:07:25 > 0:07:29If you put the law aside, though, you can make an awful lot of money.
0:07:29 > 0:07:33£30,000 to £40,000 a day with some of the criminal gangs
0:07:33 > 0:07:36that we have actually found and located and tracked.
0:07:36 > 0:07:41No-one really knows the full size of the global cybercrime market.
0:07:41 > 0:07:42Everyone keeps making up statistics,
0:07:42 > 0:07:46but a figure into billions of pounds is certainly credible.
0:07:50 > 0:07:53Changing account passwords, updating software,
0:07:53 > 0:07:58'avoiding spam e-mails can all help to keep our money safe online.
0:07:58 > 0:08:02'But sometimes, there is absolutely nothing you can do to prevent
0:08:02 > 0:08:05'an attack from a determined cybercriminal.'
0:08:10 > 0:08:13You wouldn't imagine this man a typical victim of cybercrime.
0:08:13 > 0:08:17Foreign editor of a national newspaper, traveller to the world's
0:08:17 > 0:08:21danger hot spots, a healthy cynic of all he sees and reads.
0:08:21 > 0:08:23But high fliers like this
0:08:23 > 0:08:27are exactly who the criminals are hunting.
0:08:27 > 0:08:30You've connections with security services, you have connections
0:08:30 > 0:08:33with embassies, with diplomats, with all kinds of people,
0:08:33 > 0:08:36drug enforcement agencies, these are all stories that I've worked on.
0:08:36 > 0:08:39'So, you know, you are super sensitive,'
0:08:39 > 0:08:42and highly aware of the material you're dealing with,
0:08:42 > 0:08:45and the online scenario, because after all that is the main vehicle
0:08:45 > 0:08:47that we're using day-in, day-out.
0:08:49 > 0:08:52One day David logged on to his bank account
0:08:52 > 0:08:56and noticed some strange transactions. He called his bank.
0:08:56 > 0:08:59They could see other transactions pending.
0:08:59 > 0:09:02In other words, money was just haemorrhaging out of the account.
0:09:02 > 0:09:04Hearing this woman on the phone constantly saying to me,
0:09:04 > 0:09:07"Yeah, there's another one going out now, another five pending.
0:09:07 > 0:09:10"They're just leaving your account as we speak."
0:09:10 > 0:09:12David's account was closed,
0:09:12 > 0:09:15but not before hundreds had been stolen -
0:09:15 > 0:09:17money he was later refunded.
0:09:17 > 0:09:20Last year the banking industry says it lost £44 million
0:09:20 > 0:09:25due to online fraud, a 10% jump from the previous year.
0:09:25 > 0:09:29David later discovered a research website he subscribed to
0:09:29 > 0:09:32had been hacked by the criminals.
0:09:32 > 0:09:35Just because someone's not standing in front of you with a ski mask,
0:09:35 > 0:09:37or holding you at knife-point,
0:09:37 > 0:09:39doesn't mean to say that you're not being robbed.
0:09:39 > 0:09:42You are being robbed. You are being confronted by criminals, by thieves.
0:09:42 > 0:09:46They just happen to be thousands and thousands of miles away,
0:09:46 > 0:09:51anonymous, behind the computer console in some back room, wherever.
0:09:51 > 0:09:53But they are thieves nonetheless.
0:09:55 > 0:09:56'For the criminals,
0:09:56 > 0:10:00'the dark side of the internet offers a web of anonymity,
0:10:00 > 0:10:02'allowing them to target their victims
0:10:02 > 0:10:05'with little fear of being caught.
0:10:05 > 0:10:08'I want to talk to someone, a cybercriminal
0:10:08 > 0:10:11'who will give me an insight into how it works.
0:10:12 > 0:10:14'I speak to a series of contacts.
0:10:14 > 0:10:17'People are reluctant to talk but, after much negotiation,
0:10:17 > 0:10:19'I have a lead.'
0:10:26 > 0:10:29'One of the foot soldiers in this criminal trade agrees
0:10:29 > 0:10:32'to meet with me, if we hide his identity.
0:10:36 > 0:10:37'A former drug dealer,
0:10:37 > 0:10:42'he says he turned to online fraud for an easier, more lucrative life.
0:10:42 > 0:10:46'His job? To buy victim's data, called profiles, from the hackers
0:10:46 > 0:10:49'and then to rob those victims blind.'
0:10:49 > 0:10:52I can earn more in, for instance, sometimes in a day
0:10:52 > 0:10:54than I could earn in a month selling drugs.
0:10:54 > 0:10:57You know, on a good week you can be talking up to £35,000,
0:10:57 > 0:10:58you know what I mean?
0:10:58 > 0:11:04- And this is literally from buying profiles on people, buying data?- Mm.
0:11:04 > 0:11:06- Buying data.- My information.
0:11:06 > 0:11:09Having somebody's date of birth, address is enough.
0:11:09 > 0:11:11Yeah, date of birth, postcode, and all that information.
0:11:11 > 0:11:13It's just... It's so... You know, it's so valuable.
0:11:13 > 0:11:14People don't realise.
0:11:14 > 0:11:18Half the country or even more wouldn't realise what people
0:11:18 > 0:11:19can do with this information.
0:11:19 > 0:11:23'He tells me he's at the bottom of an organised criminal network.'
0:11:23 > 0:11:25It's like an army.
0:11:25 > 0:11:27You've got your generals, you've got your majors
0:11:27 > 0:11:29and your soldiers as such.
0:11:29 > 0:11:31And then you, and guys like you, are the ones
0:11:31 > 0:11:34who are on the ground committing the final act of the fraud?
0:11:34 > 0:11:36That's exactly right.
0:11:36 > 0:11:39So, bank accounts being emptied, that's guys like you?
0:11:39 > 0:11:44Yeah, unless... A lot of time that will firstly be a bank account
0:11:44 > 0:11:46and it will be money that will be moved you see from one account
0:11:46 > 0:11:48into a safe account.
0:11:48 > 0:11:52OK, so when we hear about these telephone banking frauds,
0:11:52 > 0:11:56and people are asked to move their money from one account into this
0:11:56 > 0:12:00secure account which is actually a criminal account, and the money...
0:12:00 > 0:12:02Somebody goes in and takes the money, that's you?
0:12:02 > 0:12:05- People like myself, yeah.- Wow. And you make good money doing this?
0:12:05 > 0:12:07There is days you come back and you can't believe it.
0:12:07 > 0:12:10You're sitting there looking at your money, thinking,
0:12:10 > 0:12:13"Yeah, I can't believe I've even got this, what did I do?"
0:12:13 > 0:12:15Yeah. So the most cash you've sat down at the end of the day
0:12:15 > 0:12:17and looked at has been what?
0:12:17 > 0:12:18Probably about 20,000.
0:12:21 > 0:12:26He is simply the man at the bottom of these criminal gangs.
0:12:26 > 0:12:27I want to get to the top.
0:12:30 > 0:12:32I heard about a man who has been described as
0:12:32 > 0:12:35one of Britain's biggest fraudsters.
0:12:35 > 0:12:38He spent more than a decade robbing people's identities,
0:12:38 > 0:12:42and using them to amass a criminal fortune.
0:12:42 > 0:12:45'I had a team of 50 guys that worked for me.'
0:12:45 > 0:12:50It's been said that we were taking upwards of a million pounds a week
0:12:50 > 0:12:52out of the system.
0:12:52 > 0:12:56And probably, yeah, that's about right, I would say.
0:12:59 > 0:13:01I had a whole collection of nice watches,
0:13:01 > 0:13:05and I'm not just talking Rolexes.
0:13:05 > 0:13:08Then you get into nice clothes, so I'd have Versace, Dolce & Gabbana.
0:13:11 > 0:13:15I probably had 20 cars at one point.
0:13:15 > 0:13:20- I had two Jags, I- had- two Jags!
0:13:20 > 0:13:22Yeah, we had a pool car that was a Ferrari.
0:13:24 > 0:13:25There was loads.
0:13:25 > 0:13:28There was so much stuff that you just couldn't list everything.
0:13:28 > 0:13:30I'd be here all day going,
0:13:30 > 0:13:33"Oh, yeah, and there was that, and this...."
0:13:33 > 0:13:36The rise of online hacking websites was a game-changer
0:13:36 > 0:13:38for guys like Tony and his gang.
0:13:38 > 0:13:42They were able to buy thousands of ready-made profiles and use the
0:13:42 > 0:13:47information to defraud the victims, such as taking out store cards,
0:13:47 > 0:13:51loans, buying cars, re-mortgaging the victim's own homes.
0:13:51 > 0:13:53The hackers had even done the hard work,
0:13:53 > 0:13:58grading the information they had stolen before it was bought by Tony.
0:13:58 > 0:14:00If you have a grade 1 for instance,
0:14:00 > 0:14:03that means that the information, the likelihood is it's not been
0:14:03 > 0:14:06sold to anyone else, and you would pay more for that information.
0:14:06 > 0:14:08This was data that you were dealing with?
0:14:08 > 0:14:11But for every piece of data, that represented a person,
0:14:11 > 0:14:13that was a victim?
0:14:13 > 0:14:16It's a fresh victim, exactly. Whereas if you get a grade 3,
0:14:16 > 0:14:18the likelihood is it's been sold to ten or 15 people.
0:14:18 > 0:14:20Which means the person has been stung?
0:14:20 > 0:14:22Which means the person's been stung, correct.
0:14:22 > 0:14:24You can steal someone's house from them.
0:14:24 > 0:14:26You can steal it from underneath them. There's nothing
0:14:26 > 0:14:30they can do about it. Data is an amazing thing,
0:14:30 > 0:14:35and it's taken us till now for people to start talking about data.
0:14:35 > 0:14:38Does anyone really realise what data is
0:14:38 > 0:14:41and what criminals do with it, you know?
0:14:41 > 0:14:43It's the new currency.
0:14:43 > 0:14:47Tony's luck eventually ran out and, after six years on the run,
0:14:47 > 0:14:49he was caught and jailed.
0:14:49 > 0:14:52'He agrees to show me one of the tricks being used by cybercriminals
0:14:52 > 0:14:57'and fraudsters to get hold of our valuable information.
0:14:57 > 0:15:00'And it revolves around free Wi-Fi.'
0:15:00 > 0:15:02Ultimately it's all about getting someone's password
0:15:02 > 0:15:05- and log-in details.- OK.
0:15:05 > 0:15:09So the first thing you would need to do is to set up a Wi-Fi hotspot.
0:15:09 > 0:15:13All I'm doing is cloning the Wi-Fi signal in the place, I'm just
0:15:13 > 0:15:17making it look and giving it the same name, there's no difference.
0:15:17 > 0:15:20- Let's say for instance we're in Sam's Cafe.- OK.
0:15:20 > 0:15:24I'm going to actually call the Wi-Fi hotspot Sam's Cafe.
0:15:24 > 0:15:29'Tony uses an identical password to the cafe so that an unsuspecting
0:15:29 > 0:15:32'customer like me wouldn't be able to tell the difference
0:15:32 > 0:15:35'when I log on.'
0:15:35 > 0:15:37I'm going into my Wi-Fi, turning my Wi-Fi on,
0:15:37 > 0:15:41it's choosing a network, and Sam's Cafe has just come up.
0:15:41 > 0:15:43Sam's Cafe is there, yeah?
0:15:43 > 0:15:45And that allows you now to do what?
0:15:45 > 0:15:47Now I've got your IP address,
0:15:47 > 0:15:53I run it through a piece of password-cracking kit
0:15:53 > 0:15:58- called- BLEEP- that's legal to download, you can use it anywhere.
0:15:58 > 0:16:00I'll be able to see all your passwords
0:16:00 > 0:16:04and log-in information that's coming through easily on my computer.
0:16:04 > 0:16:08'In fact, every single key I now press on my phone
0:16:08 > 0:16:12'will also appear on Tony's computer screen,
0:16:12 > 0:16:14'giving him my data which would allow him
0:16:14 > 0:16:19'to hack into my online life and possibly steal my money.'
0:16:22 > 0:16:27I have now met several links in a massive criminal chain in the UK.
0:16:27 > 0:16:32But just as the internet has no borders, neither do the criminals.
0:16:34 > 0:16:37Back in Oxford, and James Lyne shows me
0:16:37 > 0:16:41how they are able to understand the sheer scale of cybercrime.
0:16:41 > 0:16:45'These giant screens track and record all reported global spam
0:16:45 > 0:16:49'and malware attacks almost in real time.'
0:16:49 > 0:16:52You can see lots of activity throughout Europe
0:16:52 > 0:16:56but also a few interesting sites in Russia.
0:16:56 > 0:16:59You can see, each of these dots represents
0:16:59 > 0:17:02a new fresh spam campaign.
0:17:02 > 0:17:03So for example, here...
0:17:03 > 0:17:06A DHL or FedEx delivery,
0:17:06 > 0:17:09so that's a note saying "We're trying to deliver a package
0:17:09 > 0:17:11"but we need some information from you,"
0:17:11 > 0:17:14and no-one can ever remember what they ordered from Amazon
0:17:14 > 0:17:17so they assume it's true, go to the website,
0:17:17 > 0:17:20type in their personal information, get infected.
0:17:20 > 0:17:22'It's clear from James's map
0:17:22 > 0:17:25'where much of the criminal activity is coming from.'
0:17:25 > 0:17:30Russia is a huge player in the global network
0:17:30 > 0:17:32of malicious code and spam.
0:17:32 > 0:17:35Russian criminal gangs, Russian developers,
0:17:35 > 0:17:39and frankly just hosting services in Russia are often
0:17:39 > 0:17:44used as a major part of many of the campaigns that we see online today.
0:17:58 > 0:18:01Moscow's a city home to more billionaires
0:18:01 > 0:18:03than anywhere else in the world.
0:18:03 > 0:18:06It's fair to say that business here is doing rather well,
0:18:06 > 0:18:09but it's also a city with a darker side.
0:18:12 > 0:18:15For the last 20 years or so, Russia has been a safe haven
0:18:15 > 0:18:19for hackers, scammers and cyber fraudsters.
0:18:19 > 0:18:23'It means the country's become the second-largest home
0:18:23 > 0:18:25'to the world's cybercriminals.'
0:18:26 > 0:18:29If you've got the skill, or actually more importantly the cash,
0:18:29 > 0:18:32then you can commission anything, from a cyberattack
0:18:32 > 0:18:36on a competitor's business to a full-on Trojan programme
0:18:36 > 0:18:40designed to steal personal data and money from millions of people
0:18:40 > 0:18:42around the world.
0:18:43 > 0:18:48I want to get a sense of the scale of cybercrime here.
0:18:48 > 0:18:52If anyone would know it would be Kaspersky lab, the makers
0:18:52 > 0:18:56of anti-virus software who keep track of the world's cyber threats.
0:18:59 > 0:19:03This is our virus lab, this is the place where our virus analysts,
0:19:03 > 0:19:07they're working in shifts, and they analyse the malware.
0:19:07 > 0:19:11They're working 24 hours a day, seven days a week, 365 days a year.
0:19:11 > 0:19:15The second a malware attack happens somewhere in the world,
0:19:15 > 0:19:18this is where it's reported.
0:19:18 > 0:19:21350,000 unique malware per day.
0:19:21 > 0:19:25Which is an incredible number.
0:19:25 > 0:19:30- 350,000?- Exactly.- Unbelievable. Wow.
0:19:30 > 0:19:32- Just here?- Just here in the lab, yeah, yeah.
0:19:34 > 0:19:39They are moving their attention from infecting simple home users
0:19:39 > 0:19:42to infecting and attacking corporations.
0:19:42 > 0:19:46The UK is one of the hot spots in terms of attacks.
0:19:46 > 0:19:48Nobody is protected, nobody is safe.
0:19:48 > 0:19:51If someone wants to steal information from this concrete
0:19:51 > 0:19:55organisation inside the United Kingdom for example, it is possible.
0:19:57 > 0:19:59Russia has invested heavily
0:19:59 > 0:20:01in technology education in recent years,
0:20:01 > 0:20:06producing some of the world's most skilled computer graduates.
0:20:06 > 0:20:09Yet, against a backdrop of unemployment and poverty,
0:20:09 > 0:20:11'many are tempted to the dark side
0:20:11 > 0:20:15'by the big money salaries offered by criminal gangs.'
0:20:15 > 0:20:18Notoriously secretive, I am surprised
0:20:18 > 0:20:20when the Ministry of Interior agrees to tell me
0:20:20 > 0:20:23about its efforts to crack down on these gangs.
0:20:24 > 0:20:27I'm just on my way to meet a man, he's a policeman.
0:20:27 > 0:20:29In fact, I think I can spot him out the corner of my eye.
0:20:29 > 0:20:33He is the man I am told who is in charge of Russia's fight back
0:20:33 > 0:20:35against the cybercriminals, That's him. Alexander?
0:20:35 > 0:20:38I thought that was you, nice to meet you.
0:20:38 > 0:20:40Will we walk? It's freezing.
0:20:40 > 0:20:44'Alexander Vurasko is the head of Department K,
0:20:44 > 0:20:48'a team of police investigators charged with tackling cybercrime.'
0:20:48 > 0:20:52How serious a problem is cybercrime now in Russia for you guys?
0:20:52 > 0:20:57Oh, the problem, it is serious
0:20:57 > 0:20:58because in Russia
0:20:58 > 0:21:02the number of hi-tech crimes...
0:21:04 > 0:21:06..is growing every year.
0:21:06 > 0:21:11We are principally talking about
0:21:11 > 0:21:14organised groups from different countries
0:21:14 > 0:21:19working together because there are no borders in the internet.
0:21:19 > 0:21:24Who's winning the war at the moment, government or the criminals?
0:21:24 > 0:21:28I think every year we have 10% more crimes.
0:21:28 > 0:21:29- So the criminals?- Yes.
0:21:33 > 0:21:35From what the police are saying,
0:21:35 > 0:21:38one could be forgiven for thinking that the battle against
0:21:38 > 0:21:44cybercrime being fought over here on our behalf is already partly lost.
0:21:49 > 0:21:53The police tell me they are now using private companies
0:21:53 > 0:21:56to help hunt down some of the country's
0:21:56 > 0:21:59highly sophisticated criminal networks.
0:21:59 > 0:22:02Tucked away in the back streets of Moscow, I arrange to meet
0:22:02 > 0:22:06one of the teams of investigators - an IT security company.
0:22:06 > 0:22:09So this is the heart of the investigating,
0:22:09 > 0:22:11this is our forensics lab.
0:22:11 > 0:22:13It's the biggest forensics lab in Eastern Europe.
0:22:13 > 0:22:16- Is it?- Yes, that's true.- Wow.
0:22:16 > 0:22:19So the guys that we can see at the moment working,
0:22:19 > 0:22:22they're actually working on live cases of the criminal gangs?
0:22:22 > 0:22:24Yes. That's correct.
0:22:24 > 0:22:27When something happens, we need to understand what happened
0:22:27 > 0:22:33so these people are analysing both hardware and software.
0:22:33 > 0:22:36Usually we are going after the top men,
0:22:36 > 0:22:40after the boss who organises everything.
0:22:40 > 0:22:47Some people act on their own but a bigger threat we see from gangs,
0:22:47 > 0:22:51organised crime, and it's really important to follow the money,
0:22:51 > 0:22:54to follow all these people in the field and try to find
0:22:54 > 0:22:57the big guy, the person who's behind everything.
0:22:59 > 0:23:01It's estimated that last year,
0:23:01 > 0:23:05the world's cybercriminals made more than £15 billion dollars.
0:23:05 > 0:23:10Russian cybercriminals were responsible for almost a third.
0:23:10 > 0:23:13The majority of the money going into the pockets
0:23:13 > 0:23:15of organised crime gangs.
0:23:15 > 0:23:19How much money can you make as a cybercriminal in Russia?
0:23:19 > 0:23:20Individually.
0:23:20 > 0:23:23You can earn a tremendous amount of money a day.
0:23:23 > 0:23:26You can earn millions of dollars by stealing them
0:23:26 > 0:23:28from someone's account.
0:23:28 > 0:23:29You can do that easily.
0:23:29 > 0:23:31And how serious are they?
0:23:31 > 0:23:34Very serious. They are indeed criminals.
0:23:34 > 0:23:36They can sell drugs,
0:23:36 > 0:23:41they can assassinate people or order an assassination.
0:23:41 > 0:23:43Very bad things like that.
0:23:45 > 0:23:50From what I saw and heard in Russia, it's clear our stolen profiles
0:23:50 > 0:23:54are feeding into a massive organised-criminal network
0:23:54 > 0:23:58making those at the top end of it billions.
0:24:02 > 0:24:05And one of its newest targets?
0:24:05 > 0:24:07British business.
0:24:07 > 0:24:13This is Police Scotland's specialist cybercrime unit based in Govan.
0:24:13 > 0:24:17Their figures show a peak in cybercrimes at the end of last year,
0:24:17 > 0:24:21with Scotland's business community specifically being targeted.
0:24:21 > 0:24:24We have seen a large number of businesses being targeted
0:24:24 > 0:24:26across Scotland in a multitude of sectors.
0:24:26 > 0:24:28Certainly the financial sector and agriculture,
0:24:28 > 0:24:31but predominantly in the small and medium enterprises,
0:24:31 > 0:24:33up to 200 employees.
0:24:33 > 0:24:36A lot of businesses may not recover from a cyberattack
0:24:36 > 0:24:40simply because it's stolen personal data, they've stolen customer data
0:24:40 > 0:24:43and it can cause real problems for the viability of that business
0:24:43 > 0:24:44in the long term.
0:24:44 > 0:24:46Some British businesses
0:24:46 > 0:24:50and big banks are now turning to the criminals for help.
0:24:50 > 0:24:54Since leaving prison, Tony Sales has been hired
0:24:54 > 0:24:58to test defences and highlight their vulnerabilities.
0:24:58 > 0:25:01Banks, financial institutions,
0:25:01 > 0:25:05retailers, insurance companies.
0:25:05 > 0:25:09Lots of different companies use my services to go in
0:25:09 > 0:25:11and point out the weaknesses.
0:25:11 > 0:25:14Tony tells me that many companies he assesses take action
0:25:14 > 0:25:17if the effect on profit is significant.
0:25:17 > 0:25:21But if the weakness he points out is simply a data breach,
0:25:21 > 0:25:25then many companies call it "acceptable loss" and write it off.
0:25:25 > 0:25:29I am stunned when they don't do anything about it -
0:25:29 > 0:25:32they shake my hand at the end of the meeting, say thanks
0:25:32 > 0:25:34and six months later at the company
0:25:34 > 0:25:39nothing has changed, it's exactly the same as how it was.
0:25:42 > 0:25:46The British Bankers' Association is the voice of banking,
0:25:46 > 0:25:49'representing more than 240 organisations.
0:25:49 > 0:25:54'It says it's taken robust measures to counter the cybercriminals.'
0:25:54 > 0:25:56The evidence is clear that the criminals have
0:25:56 > 0:25:59changed their techniques quickly in response to bank controls
0:25:59 > 0:26:02and activity by public authorities.
0:26:02 > 0:26:06The British banking industry has some of the strongest controls
0:26:06 > 0:26:09anywhere in the world to address financial crimes
0:26:09 > 0:26:16and some of the most safe and secure banking arrangements.
0:26:16 > 0:26:18We're not resting on our laurels.
0:26:18 > 0:26:23We do need to constantly update these measures and make sure we're one step
0:26:23 > 0:26:26ahead of the criminals, and that's what we're trying to do.
0:26:26 > 0:26:29I wonder whether the actions now being taken
0:26:29 > 0:26:33by big business and banking to try and protect their systems
0:26:33 > 0:26:35from cybercrime are making any inroads.
0:26:35 > 0:26:37In terms of the amount of data,
0:26:37 > 0:26:40the amount of profiles that are available on the market,
0:26:40 > 0:26:43- there are as many as there ever were?- Of course.
0:26:43 > 0:26:47- So...- There are sites that are dedicated just to that.
0:26:47 > 0:26:50And you've not noticed a kind of drop-off in the amount
0:26:50 > 0:26:52of data that's available on these sites?
0:26:52 > 0:26:54Businesses haven't tightened themselves up so much
0:26:54 > 0:26:56that guys like you are getting less profiles?
0:26:56 > 0:26:58I could go today, I could see my friend today
0:26:58 > 0:27:01and I could literally buy ten profiles off him.
0:27:01 > 0:27:03How safe is our money online?
0:27:03 > 0:27:06Me personally, I don't even have any money in any banks.
0:27:06 > 0:27:09Like, if I went out and earned £25,000 today,
0:27:09 > 0:27:11I would never go to a bank and put my money in the bank.
0:27:11 > 0:27:13Because of people like you?
0:27:13 > 0:27:15Because of people like myself.
0:27:23 > 0:27:27Cybercrime is called the dark side of the web for a reason -
0:27:27 > 0:27:29activity committed behind closed doors,
0:27:29 > 0:27:33on anonymous browsers with the nameless, targeting the faceless.
0:27:33 > 0:27:36Whilst the fight to catch the criminals goes on, though,
0:27:36 > 0:27:39we don't have to sit and do nothing.
0:27:39 > 0:27:42To protect ourselves against even the most basic of attacks
0:27:42 > 0:27:45really isn't that difficult.
0:27:48 > 0:27:51Just remember, in today's fast-moving cyber-world,
0:27:51 > 0:27:55it's not just your computer you need to worry about.
0:27:55 > 0:27:59Your life's in your phone, so I can now take over your life.
0:27:59 > 0:28:03I can see your life, I can talk to people on Facebook as you,
0:28:03 > 0:28:06I can talk to people on LinkedIn as you, I can tweet as you,
0:28:06 > 0:28:09I can send tweets out with malware in them as you,
0:28:09 > 0:28:12that will then infect everyone that you know.
0:28:12 > 0:28:16I can send videos out on Facebook with malware in them
0:28:16 > 0:28:17that will infect all your friends.
0:28:17 > 0:28:20People will share your videos and they will move on and on and on,
0:28:20 > 0:28:25and so by just getting one person's phone,
0:28:25 > 0:28:28you can actually destroy millions of lives just by malware.