Gangsters.com BBC Scotland Investigates

It's known as the dark side of the web.

A world with no rules, where the criminal is king.

Money was just haemorrhaging out of the account.

It's taken us 20 years to save, ten minutes to go.

Our investigation takes us from the foot soldiers of fraud...

I can rob you now without ever having to meet you.

..to the heart of international cybercrime.

They can sell drugs,

they can assassinate people or order an assassination.

And we explore a world growing more toxic by the hour.

A lot of businesses may not recover from a cyber attack.

It is a question of when you will get infected, not if.

Tonight, we investigate the world of online gangsters.

In the UK we spend half a billion pounds via the internet every week.

But exactly how safe is our money?

Cybercrime is on the rise,

and so too is the sophistication of the criminal networks targeting us.

This growing underworld is determined to part us

from our hard-earned cash.

But in this most anonymous of crimes,

exactly who are the criminals, and are they winning?

"...So the next day, he set out at sunrise.

"But he couldn't see a star anywhere..."

Last year head teacher Jennie King was the victim of a cyber attack

which cleared out her bank account.

I think I'm quite savvy

and quite banking savvy.

I have banked with the same bank for 30-odd years.

I thought that this is the kind of thing that would never happen to me.

Here's how the attack worked.

Jennie received a call saying there had been some unusual activity

on her credit card.

She hung up and called her bank

using the number on the back of the card.

I picked up the phone, checked there was a dial tone

because that's what you do, dialled the number on the back of my card.

It rang for three or four rings and a woman picked up the phone.

She asked me for all the normal security information.

Jennie was told that her account had been hacked and money stolen.

Her best bet, said the woman,

was to transfer whatever money was left into a separate safe account.

She gave me account details, I transferred it all in.

And then I hung up.

So then what you did was,

you transferred everything from your accounts

-into this new, safe secure account?

-That's right.

How much did you transfer?

£15,500.

A criminal gang, having already obtained Jennie's personal details,

had successfully tricked her into handing over her hard-earned cash.

When she had called her bank back the scammers had simply

stayed on the line, feeding in a fake dialling and then ringing tone.

As Jennie had transferred the money herself, the bank refused a refund.

We'd saved over 22 years, our money in a jar,

pennies in a jar, which is ridiculous. And that had gone.

What, your life savings?

Taken us 20 years to save, ten minutes to go.

To somebody who stole it.

One phone call, ten minutes, and thousands of pounds gone.

One in five internet users says that last year

someone tried fraudulently to get hold of their banking details.

The criminals behind these attacks are after two things -

your money, and your personal information for future attacks.

So how much is our money really under threat?

Well, one clue might be in the explosion of language

to cover the various cybercrimes.

More than three-quarters of households in Scotland

now have internet access.

Keeping pace with this is the rise in cybercrime,

thought to be costing the UK economy more than £80 billion a year.

Such is its growth that an entire new industry has been born.

I've come to the heart of Oxfordshire where I've managed

to get access to the head of global security

for one of the world's top software companies.

-Hey. How are you? Welcome to Sophos.

-Thank you.

James Lyne is 27.

His knowledge of data technology and hacking saw him recruited

as a teenager to help the government with computer security.

He is now regarded as one of the world's foremost experts.

There are lots of cybercriminals out there

who are very, very interested in stealing information about you,

and in particular your finances.

So going after your credit card number, your banking information,

those are very valuable to cybercriminals for purposes of frankly

good, old traditional fraud. But of course, the internet has opened up

new opportunities to scale that up to thousands of people, rather than

hitting people on the high street as traditionally they may have done.

'What he shows me next is shocking.

'A hacking kit you can download which targets your victims for you,

'sending out spam e-mails with hidden viruses on your behalf.

'That's right, a ready-made kit for everything a criminal needs

'to hack a computer.

'When your victim clicks on the e-mail,

'the virus infects the computer, allowing you access

'to their data, such as bank account details and passwords.'

Here we've got a copy of Crimepack.

This is one of my personal favourites, and I love it

because the graphics are just... They're very criminal, aren't they?

I know. We've got the money, the guns, we've got the cocaine.

Some drugs, yeah, exactly. It's quite a nice image really,

they've really invested in the user interface.

So let me show you how one of these exploit packs actually works.

These are the tools that the cybercriminals use

to distribute their malicious code and then control it.

So this shows how many people have hit this particular crime pack

as well as the exploitation rate,

how many people have they successfully infected.

Down here you can see the different methods that they're using

to infect the computers

and the different operating systems that they're hitting as well.

Now, this is very easy to use.

-You don't have to be an expert at all.

-Is this illegal?

Depends on the cybercrime laws of the country.

The interesting thing is, very often it's not illegal to make this

software, but it's illegal to use it to infect the system

and gain unauthorised access.

In the UK, it's legal to buy, illegal to use.

If you put the law aside, though, you can make an awful lot of money.

£30,000 to £40,000 a day with some of the criminal gangs

that we have actually found and located and tracked.

No-one really knows the full size of the global cybercrime market.

Everyone keeps making up statistics,

but a figure into billions of pounds is certainly credible.

Changing account passwords, updating software,

'avoiding spam e-mails can all help to keep our money safe online.

'But sometimes, there is absolutely nothing you can do to prevent

'an attack from a determined cybercriminal.'

You wouldn't imagine this man a typical victim of cybercrime.

Foreign editor of a national newspaper, traveller to the world's

danger hot spots, a healthy cynic of all he sees and reads.

But high fliers like this

are exactly who the criminals are hunting.

You've connections with security services, you have connections

with embassies, with diplomats, with all kinds of people,

drug enforcement agencies, these are all stories that I've worked on.

'So, you know, you are super sensitive,'

and highly aware of the material you're dealing with,

and the online scenario, because after all that is the main vehicle

that we're using day-in, day-out.

One day David logged on to his bank account

and noticed some strange transactions. He called his bank.

They could see other transactions pending.

In other words, money was just haemorrhaging out of the account.

Hearing this woman on the phone constantly saying to me,

"Yeah, there's another one going out now, another five pending.

"They're just leaving your account as we speak."

David's account was closed,

but not before hundreds had been stolen -

money he was later refunded.

Last year the banking industry says it lost £44 million

due to online fraud, a 10% jump from the previous year.

David later discovered a research website he subscribed to

had been hacked by the criminals.

Just because someone's not standing in front of you with a ski mask,

or holding you at knife-point,

doesn't mean to say that you're not being robbed.

You are being robbed. You are being confronted by criminals, by thieves.

They just happen to be thousands and thousands of miles away,

anonymous, behind the computer console in some back room, wherever.

But they are thieves nonetheless.

'For the criminals,

'the dark side of the internet offers a web of anonymity,

'allowing them to target their victims

'with little fear of being caught.

'I want to talk to someone, a cybercriminal

'who will give me an insight into how it works.

'I speak to a series of contacts.

'People are reluctant to talk but, after much negotiation,

'I have a lead.'

'One of the foot soldiers in this criminal trade agrees

'to meet with me, if we hide his identity.

'A former drug dealer,

'he says he turned to online fraud for an easier, more lucrative life.

'His job? To buy victim's data, called profiles, from the hackers

'and then to rob those victims blind.'

I can earn more in, for instance, sometimes in a day

than I could earn in a month selling drugs.

You know, on a good week you can be talking up to £35,000,

you know what I mean?

-And this is literally from buying profiles on people, buying data?

-Mm.

-Buying data.

-My information.

Having somebody's date of birth, address is enough.

Yeah, date of birth, postcode, and all that information.

It's just... It's so... You know, it's so valuable.

People don't realise.

Half the country or even more wouldn't realise what people

can do with this information.

'He tells me he's at the bottom of an organised criminal network.'

It's like an army.

You've got your generals, you've got your majors

and your soldiers as such.

And then you, and guys like you, are the ones

who are on the ground committing the final act of the fraud?

That's exactly right.

So, bank accounts being emptied, that's guys like you?

Yeah, unless... A lot of time that will firstly be a bank account

and it will be money that will be moved you see from one account

into a safe account.

OK, so when we hear about these telephone banking frauds,

and people are asked to move their money from one account into this

secure account which is actually a criminal account, and the money...

Somebody goes in and takes the money, that's you?

-People like myself, yeah.

-Wow. And you make good money doing this?

There is days you come back and you can't believe it.

You're sitting there looking at your money, thinking,

"Yeah, I can't believe I've even got this, what did I do?"

Yeah. So the most cash you've sat down at the end of the day

and looked at has been what?

Probably about 20,000.

He is simply the man at the bottom of these criminal gangs.

I want to get to the top.

I heard about a man who has been described as

one of Britain's biggest fraudsters.

He spent more than a decade robbing people's identities,

and using them to amass a criminal fortune.

'I had a team of 50 guys that worked for me.'

It's been said that we were taking upwards of a million pounds a week

out of the system.

And probably, yeah, that's about right, I would say.

I had a whole collection of nice watches,

and I'm not just talking Rolexes.

Then you get into nice clothes, so I'd have Versace, Dolce & Gabbana.

I probably had 20 cars at one point.

-I had two Jags, I

-had

-two Jags!

Yeah, we had a pool car that was a Ferrari.

There was loads.

There was so much stuff that you just couldn't list everything.

I'd be here all day going,

"Oh, yeah, and there was that, and this...."

The rise of online hacking websites was a game-changer

for guys like Tony and his gang.

They were able to buy thousands of ready-made profiles and use the

information to defraud the victims, such as taking out store cards,

loans, buying cars, re-mortgaging the victim's own homes.

The hackers had even done the hard work,

grading the information they had stolen before it was bought by Tony.

If you have a grade 1 for instance,

that means that the information, the likelihood is it's not been

sold to anyone else, and you would pay more for that information.

This was data that you were dealing with?

But for every piece of data, that represented a person,

that was a victim?

It's a fresh victim, exactly. Whereas if you get a grade 3,

the likelihood is it's been sold to ten or 15 people.

Which means the person has been stung?

Which means the person's been stung, correct.

You can steal someone's house from them.

You can steal it from underneath them. There's nothing

they can do about it. Data is an amazing thing,

and it's taken us till now for people to start talking about data.

Does anyone really realise what data is

and what criminals do with it, you know?

It's the new currency.

Tony's luck eventually ran out and, after six years on the run,

he was caught and jailed.

'He agrees to show me one of the tricks being used by cybercriminals

'and fraudsters to get hold of our valuable information.

'And it revolves around free Wi-Fi.'

Ultimately it's all about getting someone's password

-and log-in details.

-OK.

So the first thing you would need to do is to set up a Wi-Fi hotspot.

All I'm doing is cloning the Wi-Fi signal in the place, I'm just

making it look and giving it the same name, there's no difference.

-Let's say for instance we're in Sam's Cafe.

-OK.

I'm going to actually call the Wi-Fi hotspot Sam's Cafe.

'Tony uses an identical password to the cafe so that an unsuspecting

'customer like me wouldn't be able to tell the difference

'when I log on.'

I'm going into my Wi-Fi, turning my Wi-Fi on,

it's choosing a network, and Sam's Cafe has just come up.

Sam's Cafe is there, yeah?

And that allows you now to do what?

Now I've got your IP address,

I run it through a piece of password-cracking kit

-called

-BLEEP

-that's legal to download, you can use it anywhere.

I'll be able to see all your passwords

and log-in information that's coming through easily on my computer.

'In fact, every single key I now press on my phone

'will also appear on Tony's computer screen,

'giving him my data which would allow him

'to hack into my online life and possibly steal my money.'

I have now met several links in a massive criminal chain in the UK.

But just as the internet has no borders, neither do the criminals.

Back in Oxford, and James Lyne shows me

how they are able to understand the sheer scale of cybercrime.

'These giant screens track and record all reported global spam

'and malware attacks almost in real time.'

You can see lots of activity throughout Europe

but also a few interesting sites in Russia.

You can see, each of these dots represents

a new fresh spam campaign.

So for example, here...

A DHL or FedEx delivery,

so that's a note saying "We're trying to deliver a package

"but we need some information from you,"

and no-one can ever remember what they ordered from Amazon

so they assume it's true, go to the website,

type in their personal information, get infected.

'It's clear from James's map

'where much of the criminal activity is coming from.'

Russia is a huge player in the global network

of malicious code and spam.

Russian criminal gangs, Russian developers,

and frankly just hosting services in Russia are often

used as a major part of many of the campaigns that we see online today.

Moscow's a city home to more billionaires

than anywhere else in the world.

It's fair to say that business here is doing rather well,

but it's also a city with a darker side.

For the last 20 years or so, Russia has been a safe haven

for hackers, scammers and cyber fraudsters.

'It means the country's become the second-largest home

'to the world's cybercriminals.'

If you've got the skill, or actually more importantly the cash,

then you can commission anything, from a cyberattack

on a competitor's business to a full-on Trojan programme

designed to steal personal data and money from millions of people

around the world.

I want to get a sense of the scale of cybercrime here.

If anyone would know it would be Kaspersky lab, the makers

of anti-virus software who keep track of the world's cyber threats.

This is our virus lab, this is the place where our virus analysts,

they're working in shifts, and they analyse the malware.

They're working 24 hours a day, seven days a week, 365 days a year.

The second a malware attack happens somewhere in the world,

this is where it's reported.

350,000 unique malware per day.

Which is an incredible number.

-350,000?

-Exactly.

-Unbelievable. Wow.

-Just here?

-Just here in the lab, yeah, yeah.

They are moving their attention from infecting simple home users

to infecting and attacking corporations.

The UK is one of the hot spots in terms of attacks.

Nobody is protected, nobody is safe.

If someone wants to steal information from this concrete

organisation inside the United Kingdom for example, it is possible.

Russia has invested heavily

in technology education in recent years,

producing some of the world's most skilled computer graduates.

Yet, against a backdrop of unemployment and poverty,

'many are tempted to the dark side

'by the big money salaries offered by criminal gangs.'

Notoriously secretive, I am surprised

when the Ministry of Interior agrees to tell me

about its efforts to crack down on these gangs.

I'm just on my way to meet a man, he's a policeman.

In fact, I think I can spot him out the corner of my eye.

He is the man I am told who is in charge of Russia's fight back

against the cybercriminals, That's him. Alexander?

I thought that was you, nice to meet you.

Will we walk? It's freezing.

'Alexander Vurasko is the head of Department K,

'a team of police investigators charged with tackling cybercrime.'

How serious a problem is cybercrime now in Russia for you guys?

Oh, the problem, it is serious

because in Russia

the number of hi-tech crimes...

..is growing every year.

We are principally talking about

organised groups from different countries

working together because there are no borders in the internet.

Who's winning the war at the moment, government or the criminals?

I think every year we have 10% more crimes.

-So the criminals?

-Yes.

From what the police are saying,

one could be forgiven for thinking that the battle against

cybercrime being fought over here on our behalf is already partly lost.

The police tell me they are now using private companies

to help hunt down some of the country's

highly sophisticated criminal networks.

Tucked away in the back streets of Moscow, I arrange to meet

one of the teams of investigators - an IT security company.

So this is the heart of the investigating,

this is our forensics lab.

It's the biggest forensics lab in Eastern Europe.

-Is it?

-Yes, that's true.

-Wow.

So the guys that we can see at the moment working,

they're actually working on live cases of the criminal gangs?

Yes. That's correct.

When something happens, we need to understand what happened

so these people are analysing both hardware and software.

Usually we are going after the top men,

after the boss who organises everything.

Some people act on their own but a bigger threat we see from gangs,

organised crime, and it's really important to follow the money,

to follow all these people in the field and try to find

the big guy, the person who's behind everything.

It's estimated that last year,

the world's cybercriminals made more than £15 billion dollars.

Russian cybercriminals were responsible for almost a third.

The majority of the money going into the pockets

of organised crime gangs.

How much money can you make as a cybercriminal in Russia?

Individually.

You can earn a tremendous amount of money a day.

You can earn millions of dollars by stealing them

from someone's account.

You can do that easily.

And how serious are they?

Very serious. They are indeed criminals.

They can sell drugs,

they can assassinate people or order an assassination.

Very bad things like that.

From what I saw and heard in Russia, it's clear our stolen profiles

are feeding into a massive organised-criminal network

making those at the top end of it billions.

And one of its newest targets?

British business.

This is Police Scotland's specialist cybercrime unit based in Govan.

Their figures show a peak in cybercrimes at the end of last year,

with Scotland's business community specifically being targeted.

We have seen a large number of businesses being targeted

across Scotland in a multitude of sectors.

Certainly the financial sector and agriculture,

but predominantly in the small and medium enterprises,

up to 200 employees.

A lot of businesses may not recover from a cyberattack

simply because it's stolen personal data, they've stolen customer data

and it can cause real problems for the viability of that business

in the long term.

Some British businesses

and big banks are now turning to the criminals for help.

Since leaving prison, Tony Sales has been hired

to test defences and highlight their vulnerabilities.

Banks, financial institutions,

retailers, insurance companies.

Lots of different companies use my services to go in

and point out the weaknesses.

Tony tells me that many companies he assesses take action

if the effect on profit is significant.

But if the weakness he points out is simply a data breach,

then many companies call it "acceptable loss" and write it off.

I am stunned when they don't do anything about it -

they shake my hand at the end of the meeting, say thanks

and six months later at the company

nothing has changed, it's exactly the same as how it was.

The British Bankers' Association is the voice of banking,

'representing more than 240 organisations.

'It says it's taken robust measures to counter the cybercriminals.'

The evidence is clear that the criminals have

changed their techniques quickly in response to bank controls

and activity by public authorities.

The British banking industry has some of the strongest controls

anywhere in the world to address financial crimes

and some of the most safe and secure banking arrangements.

We're not resting on our laurels.

We do need to constantly update these measures and make sure we're one step

ahead of the criminals, and that's what we're trying to do.

I wonder whether the actions now being taken

by big business and banking to try and protect their systems

from cybercrime are making any inroads.

In terms of the amount of data,

the amount of profiles that are available on the market,

-there are as many as there ever were?

-Of course.

-So...

-There are sites that are dedicated just to that.

And you've not noticed a kind of drop-off in the amount

of data that's available on these sites?

Businesses haven't tightened themselves up so much

that guys like you are getting less profiles?

I could go today, I could see my friend today

and I could literally buy ten profiles off him.

How safe is our money online?

Me personally, I don't even have any money in any banks.

Like, if I went out and earned £25,000 today,

I would never go to a bank and put my money in the bank.

Because of people like you?

Because of people like myself.

Cybercrime is called the dark side of the web for a reason -

activity committed behind closed doors,

on anonymous browsers with the nameless, targeting the faceless.

Whilst the fight to catch the criminals goes on, though,

we don't have to sit and do nothing.

To protect ourselves against even the most basic of attacks

really isn't that difficult.

Just remember, in today's fast-moving cyber-world,

it's not just your computer you need to worry about.

Your life's in your phone, so I can now take over your life.

I can see your life, I can talk to people on Facebook as you,

I can talk to people on LinkedIn as you, I can tweet as you,

I can send tweets out with malware in them as you,

that will then infect everyone that you know.

I can send videos out on Facebook with malware in them

that will infect all your friends.

People will share your videos and they will move on and on and on,

and so by just getting one person's phone,

you can actually destroy millions of lives just by malware.