Browse content similar to Gangsters.com. Check below for episodes and series from the same categories and more!
Line | From | To | |
---|---|---|---|
It's known as the dark side of the web. | 0:00:02 | 0:00:04 | |
A world with no rules, where the criminal is king. | 0:00:04 | 0:00:07 | |
Money was just haemorrhaging out of the account. | 0:00:07 | 0:00:10 | |
It's taken us 20 years to save, ten minutes to go. | 0:00:10 | 0:00:13 | |
Our investigation takes us from the foot soldiers of fraud... | 0:00:13 | 0:00:16 | |
I can rob you now without ever having to meet you. | 0:00:16 | 0:00:18 | |
..to the heart of international cybercrime. | 0:00:18 | 0:00:21 | |
They can sell drugs, | 0:00:21 | 0:00:23 | |
they can assassinate people or order an assassination. | 0:00:23 | 0:00:26 | |
And we explore a world growing more toxic by the hour. | 0:00:31 | 0:00:34 | |
A lot of businesses may not recover from a cyber attack. | 0:00:34 | 0:00:37 | |
It is a question of when you will get infected, not if. | 0:00:37 | 0:00:41 | |
Tonight, we investigate the world of online gangsters. | 0:00:41 | 0:00:45 | |
In the UK we spend half a billion pounds via the internet every week. | 0:01:03 | 0:01:08 | |
But exactly how safe is our money? | 0:01:08 | 0:01:10 | |
Cybercrime is on the rise, | 0:01:12 | 0:01:15 | |
and so too is the sophistication of the criminal networks targeting us. | 0:01:15 | 0:01:19 | |
This growing underworld is determined to part us | 0:01:19 | 0:01:23 | |
from our hard-earned cash. | 0:01:23 | 0:01:25 | |
But in this most anonymous of crimes, | 0:01:25 | 0:01:26 | |
exactly who are the criminals, and are they winning? | 0:01:26 | 0:01:30 | |
"...So the next day, he set out at sunrise. | 0:01:33 | 0:01:36 | |
"But he couldn't see a star anywhere..." | 0:01:36 | 0:01:39 | |
Last year head teacher Jennie King was the victim of a cyber attack | 0:01:39 | 0:01:43 | |
which cleared out her bank account. | 0:01:43 | 0:01:45 | |
I think I'm quite savvy | 0:01:45 | 0:01:47 | |
and quite banking savvy. | 0:01:47 | 0:01:49 | |
I have banked with the same bank for 30-odd years. | 0:01:49 | 0:01:52 | |
I thought that this is the kind of thing that would never happen to me. | 0:01:52 | 0:01:56 | |
Here's how the attack worked. | 0:01:56 | 0:01:58 | |
Jennie received a call saying there had been some unusual activity | 0:01:58 | 0:02:01 | |
on her credit card. | 0:02:01 | 0:02:02 | |
She hung up and called her bank | 0:02:02 | 0:02:05 | |
using the number on the back of the card. | 0:02:05 | 0:02:07 | |
I picked up the phone, checked there was a dial tone | 0:02:07 | 0:02:09 | |
because that's what you do, dialled the number on the back of my card. | 0:02:09 | 0:02:12 | |
It rang for three or four rings and a woman picked up the phone. | 0:02:12 | 0:02:16 | |
She asked me for all the normal security information. | 0:02:16 | 0:02:20 | |
Jennie was told that her account had been hacked and money stolen. | 0:02:20 | 0:02:24 | |
Her best bet, said the woman, | 0:02:24 | 0:02:26 | |
was to transfer whatever money was left into a separate safe account. | 0:02:26 | 0:02:31 | |
She gave me account details, I transferred it all in. | 0:02:31 | 0:02:34 | |
And then I hung up. | 0:02:34 | 0:02:38 | |
So then what you did was, | 0:02:38 | 0:02:40 | |
you transferred everything from your accounts | 0:02:40 | 0:02:45 | |
-into this new, safe secure account? -That's right. | 0:02:45 | 0:02:49 | |
How much did you transfer? | 0:02:49 | 0:02:51 | |
£15,500. | 0:02:51 | 0:02:54 | |
A criminal gang, having already obtained Jennie's personal details, | 0:02:54 | 0:02:58 | |
had successfully tricked her into handing over her hard-earned cash. | 0:02:58 | 0:03:03 | |
When she had called her bank back the scammers had simply | 0:03:03 | 0:03:06 | |
stayed on the line, feeding in a fake dialling and then ringing tone. | 0:03:06 | 0:03:10 | |
As Jennie had transferred the money herself, the bank refused a refund. | 0:03:10 | 0:03:14 | |
We'd saved over 22 years, our money in a jar, | 0:03:17 | 0:03:22 | |
pennies in a jar, which is ridiculous. And that had gone. | 0:03:22 | 0:03:26 | |
What, your life savings? | 0:03:26 | 0:03:27 | |
Taken us 20 years to save, ten minutes to go. | 0:03:27 | 0:03:30 | |
To somebody who stole it. | 0:03:30 | 0:03:32 | |
One phone call, ten minutes, and thousands of pounds gone. | 0:03:37 | 0:03:43 | |
One in five internet users says that last year | 0:03:48 | 0:03:51 | |
someone tried fraudulently to get hold of their banking details. | 0:03:51 | 0:03:56 | |
The criminals behind these attacks are after two things - | 0:03:56 | 0:03:59 | |
your money, and your personal information for future attacks. | 0:03:59 | 0:04:04 | |
So how much is our money really under threat? | 0:04:04 | 0:04:08 | |
Well, one clue might be in the explosion of language | 0:04:08 | 0:04:11 | |
to cover the various cybercrimes. | 0:04:11 | 0:04:15 | |
More than three-quarters of households in Scotland | 0:04:32 | 0:04:35 | |
now have internet access. | 0:04:35 | 0:04:37 | |
Keeping pace with this is the rise in cybercrime, | 0:04:37 | 0:04:40 | |
thought to be costing the UK economy more than £80 billion a year. | 0:04:40 | 0:04:45 | |
Such is its growth that an entire new industry has been born. | 0:04:45 | 0:04:50 | |
I've come to the heart of Oxfordshire where I've managed | 0:04:54 | 0:04:57 | |
to get access to the head of global security | 0:04:57 | 0:04:59 | |
for one of the world's top software companies. | 0:04:59 | 0:05:03 | |
-Hey. How are you? Welcome to Sophos. -Thank you. | 0:05:03 | 0:05:06 | |
James Lyne is 27. | 0:05:06 | 0:05:07 | |
His knowledge of data technology and hacking saw him recruited | 0:05:07 | 0:05:11 | |
as a teenager to help the government with computer security. | 0:05:11 | 0:05:15 | |
He is now regarded as one of the world's foremost experts. | 0:05:15 | 0:05:20 | |
There are lots of cybercriminals out there | 0:05:23 | 0:05:25 | |
who are very, very interested in stealing information about you, | 0:05:25 | 0:05:28 | |
and in particular your finances. | 0:05:28 | 0:05:31 | |
So going after your credit card number, your banking information, | 0:05:31 | 0:05:34 | |
those are very valuable to cybercriminals for purposes of frankly | 0:05:34 | 0:05:38 | |
good, old traditional fraud. But of course, the internet has opened up | 0:05:38 | 0:05:41 | |
new opportunities to scale that up to thousands of people, rather than | 0:05:41 | 0:05:45 | |
hitting people on the high street as traditionally they may have done. | 0:05:45 | 0:05:50 | |
'What he shows me next is shocking. | 0:05:50 | 0:05:53 | |
'A hacking kit you can download which targets your victims for you, | 0:05:53 | 0:05:57 | |
'sending out spam e-mails with hidden viruses on your behalf. | 0:05:57 | 0:06:02 | |
'That's right, a ready-made kit for everything a criminal needs | 0:06:02 | 0:06:06 | |
'to hack a computer. | 0:06:06 | 0:06:09 | |
'When your victim clicks on the e-mail, | 0:06:09 | 0:06:11 | |
'the virus infects the computer, allowing you access | 0:06:11 | 0:06:14 | |
'to their data, such as bank account details and passwords.' | 0:06:14 | 0:06:18 | |
Here we've got a copy of Crimepack. | 0:06:18 | 0:06:22 | |
This is one of my personal favourites, and I love it | 0:06:22 | 0:06:25 | |
because the graphics are just... They're very criminal, aren't they? | 0:06:25 | 0:06:29 | |
I know. We've got the money, the guns, we've got the cocaine. | 0:06:29 | 0:06:32 | |
Some drugs, yeah, exactly. It's quite a nice image really, | 0:06:32 | 0:06:35 | |
they've really invested in the user interface. | 0:06:35 | 0:06:37 | |
So let me show you how one of these exploit packs actually works. | 0:06:37 | 0:06:41 | |
These are the tools that the cybercriminals use | 0:06:41 | 0:06:43 | |
to distribute their malicious code and then control it. | 0:06:43 | 0:06:46 | |
So this shows how many people have hit this particular crime pack | 0:06:46 | 0:06:50 | |
as well as the exploitation rate, | 0:06:50 | 0:06:53 | |
how many people have they successfully infected. | 0:06:53 | 0:06:56 | |
Down here you can see the different methods that they're using | 0:06:56 | 0:06:59 | |
to infect the computers | 0:06:59 | 0:07:00 | |
and the different operating systems that they're hitting as well. | 0:07:00 | 0:07:03 | |
Now, this is very easy to use. | 0:07:03 | 0:07:05 | |
-You don't have to be an expert at all. -Is this illegal? | 0:07:05 | 0:07:09 | |
Depends on the cybercrime laws of the country. | 0:07:09 | 0:07:11 | |
The interesting thing is, very often it's not illegal to make this | 0:07:11 | 0:07:15 | |
software, but it's illegal to use it to infect the system | 0:07:15 | 0:07:20 | |
and gain unauthorised access. | 0:07:20 | 0:07:22 | |
In the UK, it's legal to buy, illegal to use. | 0:07:22 | 0:07:25 | |
If you put the law aside, though, you can make an awful lot of money. | 0:07:25 | 0:07:29 | |
£30,000 to £40,000 a day with some of the criminal gangs | 0:07:29 | 0:07:33 | |
that we have actually found and located and tracked. | 0:07:33 | 0:07:36 | |
No-one really knows the full size of the global cybercrime market. | 0:07:36 | 0:07:41 | |
Everyone keeps making up statistics, | 0:07:41 | 0:07:42 | |
but a figure into billions of pounds is certainly credible. | 0:07:42 | 0:07:46 | |
Changing account passwords, updating software, | 0:07:50 | 0:07:53 | |
'avoiding spam e-mails can all help to keep our money safe online. | 0:07:53 | 0:07:58 | |
'But sometimes, there is absolutely nothing you can do to prevent | 0:07:58 | 0:08:02 | |
'an attack from a determined cybercriminal.' | 0:08:02 | 0:08:05 | |
You wouldn't imagine this man a typical victim of cybercrime. | 0:08:10 | 0:08:13 | |
Foreign editor of a national newspaper, traveller to the world's | 0:08:13 | 0:08:17 | |
danger hot spots, a healthy cynic of all he sees and reads. | 0:08:17 | 0:08:21 | |
But high fliers like this | 0:08:21 | 0:08:23 | |
are exactly who the criminals are hunting. | 0:08:23 | 0:08:27 | |
You've connections with security services, you have connections | 0:08:27 | 0:08:30 | |
with embassies, with diplomats, with all kinds of people, | 0:08:30 | 0:08:33 | |
drug enforcement agencies, these are all stories that I've worked on. | 0:08:33 | 0:08:36 | |
'So, you know, you are super sensitive,' | 0:08:36 | 0:08:39 | |
and highly aware of the material you're dealing with, | 0:08:39 | 0:08:42 | |
and the online scenario, because after all that is the main vehicle | 0:08:42 | 0:08:45 | |
that we're using day-in, day-out. | 0:08:45 | 0:08:47 | |
One day David logged on to his bank account | 0:08:49 | 0:08:52 | |
and noticed some strange transactions. He called his bank. | 0:08:52 | 0:08:56 | |
They could see other transactions pending. | 0:08:56 | 0:08:59 | |
In other words, money was just haemorrhaging out of the account. | 0:08:59 | 0:09:02 | |
Hearing this woman on the phone constantly saying to me, | 0:09:02 | 0:09:04 | |
"Yeah, there's another one going out now, another five pending. | 0:09:04 | 0:09:07 | |
"They're just leaving your account as we speak." | 0:09:07 | 0:09:10 | |
David's account was closed, | 0:09:10 | 0:09:12 | |
but not before hundreds had been stolen - | 0:09:12 | 0:09:15 | |
money he was later refunded. | 0:09:15 | 0:09:17 | |
Last year the banking industry says it lost £44 million | 0:09:17 | 0:09:20 | |
due to online fraud, a 10% jump from the previous year. | 0:09:20 | 0:09:25 | |
David later discovered a research website he subscribed to | 0:09:25 | 0:09:29 | |
had been hacked by the criminals. | 0:09:29 | 0:09:32 | |
Just because someone's not standing in front of you with a ski mask, | 0:09:32 | 0:09:35 | |
or holding you at knife-point, | 0:09:35 | 0:09:37 | |
doesn't mean to say that you're not being robbed. | 0:09:37 | 0:09:39 | |
You are being robbed. You are being confronted by criminals, by thieves. | 0:09:39 | 0:09:42 | |
They just happen to be thousands and thousands of miles away, | 0:09:42 | 0:09:46 | |
anonymous, behind the computer console in some back room, wherever. | 0:09:46 | 0:09:51 | |
But they are thieves nonetheless. | 0:09:51 | 0:09:53 | |
'For the criminals, | 0:09:55 | 0:09:56 | |
'the dark side of the internet offers a web of anonymity, | 0:09:56 | 0:10:00 | |
'allowing them to target their victims | 0:10:00 | 0:10:02 | |
'with little fear of being caught. | 0:10:02 | 0:10:05 | |
'I want to talk to someone, a cybercriminal | 0:10:05 | 0:10:08 | |
'who will give me an insight into how it works. | 0:10:08 | 0:10:11 | |
'I speak to a series of contacts. | 0:10:12 | 0:10:14 | |
'People are reluctant to talk but, after much negotiation, | 0:10:14 | 0:10:17 | |
'I have a lead.' | 0:10:17 | 0:10:19 | |
'One of the foot soldiers in this criminal trade agrees | 0:10:26 | 0:10:29 | |
'to meet with me, if we hide his identity. | 0:10:29 | 0:10:32 | |
'A former drug dealer, | 0:10:36 | 0:10:37 | |
'he says he turned to online fraud for an easier, more lucrative life. | 0:10:37 | 0:10:42 | |
'His job? To buy victim's data, called profiles, from the hackers | 0:10:42 | 0:10:46 | |
'and then to rob those victims blind.' | 0:10:46 | 0:10:49 | |
I can earn more in, for instance, sometimes in a day | 0:10:49 | 0:10:52 | |
than I could earn in a month selling drugs. | 0:10:52 | 0:10:54 | |
You know, on a good week you can be talking up to £35,000, | 0:10:54 | 0:10:57 | |
you know what I mean? | 0:10:57 | 0:10:58 | |
-And this is literally from buying profiles on people, buying data? -Mm. | 0:10:58 | 0:11:04 | |
-Buying data. -My information. | 0:11:04 | 0:11:06 | |
Having somebody's date of birth, address is enough. | 0:11:06 | 0:11:09 | |
Yeah, date of birth, postcode, and all that information. | 0:11:09 | 0:11:11 | |
It's just... It's so... You know, it's so valuable. | 0:11:11 | 0:11:13 | |
People don't realise. | 0:11:13 | 0:11:14 | |
Half the country or even more wouldn't realise what people | 0:11:14 | 0:11:18 | |
can do with this information. | 0:11:18 | 0:11:19 | |
'He tells me he's at the bottom of an organised criminal network.' | 0:11:19 | 0:11:23 | |
It's like an army. | 0:11:23 | 0:11:25 | |
You've got your generals, you've got your majors | 0:11:25 | 0:11:27 | |
and your soldiers as such. | 0:11:27 | 0:11:29 | |
And then you, and guys like you, are the ones | 0:11:29 | 0:11:31 | |
who are on the ground committing the final act of the fraud? | 0:11:31 | 0:11:34 | |
That's exactly right. | 0:11:34 | 0:11:36 | |
So, bank accounts being emptied, that's guys like you? | 0:11:36 | 0:11:39 | |
Yeah, unless... A lot of time that will firstly be a bank account | 0:11:39 | 0:11:44 | |
and it will be money that will be moved you see from one account | 0:11:44 | 0:11:46 | |
into a safe account. | 0:11:46 | 0:11:48 | |
OK, so when we hear about these telephone banking frauds, | 0:11:48 | 0:11:52 | |
and people are asked to move their money from one account into this | 0:11:52 | 0:11:56 | |
secure account which is actually a criminal account, and the money... | 0:11:56 | 0:12:00 | |
Somebody goes in and takes the money, that's you? | 0:12:00 | 0:12:02 | |
-People like myself, yeah. -Wow. And you make good money doing this? | 0:12:02 | 0:12:05 | |
There is days you come back and you can't believe it. | 0:12:05 | 0:12:07 | |
You're sitting there looking at your money, thinking, | 0:12:07 | 0:12:10 | |
"Yeah, I can't believe I've even got this, what did I do?" | 0:12:10 | 0:12:13 | |
Yeah. So the most cash you've sat down at the end of the day | 0:12:13 | 0:12:15 | |
and looked at has been what? | 0:12:15 | 0:12:17 | |
Probably about 20,000. | 0:12:17 | 0:12:18 | |
He is simply the man at the bottom of these criminal gangs. | 0:12:21 | 0:12:26 | |
I want to get to the top. | 0:12:26 | 0:12:27 | |
I heard about a man who has been described as | 0:12:30 | 0:12:32 | |
one of Britain's biggest fraudsters. | 0:12:32 | 0:12:35 | |
He spent more than a decade robbing people's identities, | 0:12:35 | 0:12:38 | |
and using them to amass a criminal fortune. | 0:12:38 | 0:12:42 | |
'I had a team of 50 guys that worked for me.' | 0:12:42 | 0:12:45 | |
It's been said that we were taking upwards of a million pounds a week | 0:12:45 | 0:12:50 | |
out of the system. | 0:12:50 | 0:12:52 | |
And probably, yeah, that's about right, I would say. | 0:12:52 | 0:12:56 | |
I had a whole collection of nice watches, | 0:12:59 | 0:13:01 | |
and I'm not just talking Rolexes. | 0:13:01 | 0:13:05 | |
Then you get into nice clothes, so I'd have Versace, Dolce & Gabbana. | 0:13:05 | 0:13:08 | |
I probably had 20 cars at one point. | 0:13:11 | 0:13:15 | |
-I had two Jags, I -had -two Jags! | 0:13:15 | 0:13:20 | |
Yeah, we had a pool car that was a Ferrari. | 0:13:20 | 0:13:22 | |
There was loads. | 0:13:24 | 0:13:25 | |
There was so much stuff that you just couldn't list everything. | 0:13:25 | 0:13:28 | |
I'd be here all day going, | 0:13:28 | 0:13:30 | |
"Oh, yeah, and there was that, and this...." | 0:13:30 | 0:13:33 | |
The rise of online hacking websites was a game-changer | 0:13:33 | 0:13:36 | |
for guys like Tony and his gang. | 0:13:36 | 0:13:38 | |
They were able to buy thousands of ready-made profiles and use the | 0:13:38 | 0:13:42 | |
information to defraud the victims, such as taking out store cards, | 0:13:42 | 0:13:47 | |
loans, buying cars, re-mortgaging the victim's own homes. | 0:13:47 | 0:13:51 | |
The hackers had even done the hard work, | 0:13:51 | 0:13:53 | |
grading the information they had stolen before it was bought by Tony. | 0:13:53 | 0:13:58 | |
If you have a grade 1 for instance, | 0:13:58 | 0:14:00 | |
that means that the information, the likelihood is it's not been | 0:14:00 | 0:14:03 | |
sold to anyone else, and you would pay more for that information. | 0:14:03 | 0:14:06 | |
This was data that you were dealing with? | 0:14:06 | 0:14:08 | |
But for every piece of data, that represented a person, | 0:14:08 | 0:14:11 | |
that was a victim? | 0:14:11 | 0:14:13 | |
It's a fresh victim, exactly. Whereas if you get a grade 3, | 0:14:13 | 0:14:16 | |
the likelihood is it's been sold to ten or 15 people. | 0:14:16 | 0:14:18 | |
Which means the person has been stung? | 0:14:18 | 0:14:20 | |
Which means the person's been stung, correct. | 0:14:20 | 0:14:22 | |
You can steal someone's house from them. | 0:14:22 | 0:14:24 | |
You can steal it from underneath them. There's nothing | 0:14:24 | 0:14:26 | |
they can do about it. Data is an amazing thing, | 0:14:26 | 0:14:30 | |
and it's taken us till now for people to start talking about data. | 0:14:30 | 0:14:35 | |
Does anyone really realise what data is | 0:14:35 | 0:14:38 | |
and what criminals do with it, you know? | 0:14:38 | 0:14:41 | |
It's the new currency. | 0:14:41 | 0:14:43 | |
Tony's luck eventually ran out and, after six years on the run, | 0:14:43 | 0:14:47 | |
he was caught and jailed. | 0:14:47 | 0:14:49 | |
'He agrees to show me one of the tricks being used by cybercriminals | 0:14:49 | 0:14:52 | |
'and fraudsters to get hold of our valuable information. | 0:14:52 | 0:14:57 | |
'And it revolves around free Wi-Fi.' | 0:14:57 | 0:15:00 | |
Ultimately it's all about getting someone's password | 0:15:00 | 0:15:02 | |
-and log-in details. -OK. | 0:15:02 | 0:15:05 | |
So the first thing you would need to do is to set up a Wi-Fi hotspot. | 0:15:05 | 0:15:09 | |
All I'm doing is cloning the Wi-Fi signal in the place, I'm just | 0:15:09 | 0:15:13 | |
making it look and giving it the same name, there's no difference. | 0:15:13 | 0:15:17 | |
-Let's say for instance we're in Sam's Cafe. -OK. | 0:15:17 | 0:15:20 | |
I'm going to actually call the Wi-Fi hotspot Sam's Cafe. | 0:15:20 | 0:15:24 | |
'Tony uses an identical password to the cafe so that an unsuspecting | 0:15:24 | 0:15:29 | |
'customer like me wouldn't be able to tell the difference | 0:15:29 | 0:15:32 | |
'when I log on.' | 0:15:32 | 0:15:35 | |
I'm going into my Wi-Fi, turning my Wi-Fi on, | 0:15:35 | 0:15:37 | |
it's choosing a network, and Sam's Cafe has just come up. | 0:15:37 | 0:15:41 | |
Sam's Cafe is there, yeah? | 0:15:41 | 0:15:43 | |
And that allows you now to do what? | 0:15:43 | 0:15:45 | |
Now I've got your IP address, | 0:15:45 | 0:15:47 | |
I run it through a piece of password-cracking kit | 0:15:47 | 0:15:53 | |
-called -BLEEP -that's legal to download, you can use it anywhere. | 0:15:53 | 0:15:58 | |
I'll be able to see all your passwords | 0:15:58 | 0:16:00 | |
and log-in information that's coming through easily on my computer. | 0:16:00 | 0:16:04 | |
'In fact, every single key I now press on my phone | 0:16:04 | 0:16:08 | |
'will also appear on Tony's computer screen, | 0:16:08 | 0:16:12 | |
'giving him my data which would allow him | 0:16:12 | 0:16:14 | |
'to hack into my online life and possibly steal my money.' | 0:16:14 | 0:16:19 | |
I have now met several links in a massive criminal chain in the UK. | 0:16:22 | 0:16:27 | |
But just as the internet has no borders, neither do the criminals. | 0:16:27 | 0:16:32 | |
Back in Oxford, and James Lyne shows me | 0:16:34 | 0:16:37 | |
how they are able to understand the sheer scale of cybercrime. | 0:16:37 | 0:16:41 | |
'These giant screens track and record all reported global spam | 0:16:41 | 0:16:45 | |
'and malware attacks almost in real time.' | 0:16:45 | 0:16:49 | |
You can see lots of activity throughout Europe | 0:16:49 | 0:16:52 | |
but also a few interesting sites in Russia. | 0:16:52 | 0:16:56 | |
You can see, each of these dots represents | 0:16:56 | 0:16:59 | |
a new fresh spam campaign. | 0:16:59 | 0:17:02 | |
So for example, here... | 0:17:02 | 0:17:03 | |
A DHL or FedEx delivery, | 0:17:03 | 0:17:06 | |
so that's a note saying "We're trying to deliver a package | 0:17:06 | 0:17:09 | |
"but we need some information from you," | 0:17:09 | 0:17:11 | |
and no-one can ever remember what they ordered from Amazon | 0:17:11 | 0:17:14 | |
so they assume it's true, go to the website, | 0:17:14 | 0:17:17 | |
type in their personal information, get infected. | 0:17:17 | 0:17:20 | |
'It's clear from James's map | 0:17:20 | 0:17:22 | |
'where much of the criminal activity is coming from.' | 0:17:22 | 0:17:25 | |
Russia is a huge player in the global network | 0:17:25 | 0:17:30 | |
of malicious code and spam. | 0:17:30 | 0:17:32 | |
Russian criminal gangs, Russian developers, | 0:17:32 | 0:17:35 | |
and frankly just hosting services in Russia are often | 0:17:35 | 0:17:39 | |
used as a major part of many of the campaigns that we see online today. | 0:17:39 | 0:17:44 | |
Moscow's a city home to more billionaires | 0:17:58 | 0:18:01 | |
than anywhere else in the world. | 0:18:01 | 0:18:03 | |
It's fair to say that business here is doing rather well, | 0:18:03 | 0:18:06 | |
but it's also a city with a darker side. | 0:18:06 | 0:18:09 | |
For the last 20 years or so, Russia has been a safe haven | 0:18:12 | 0:18:15 | |
for hackers, scammers and cyber fraudsters. | 0:18:15 | 0:18:19 | |
'It means the country's become the second-largest home | 0:18:19 | 0:18:23 | |
'to the world's cybercriminals.' | 0:18:23 | 0:18:25 | |
If you've got the skill, or actually more importantly the cash, | 0:18:26 | 0:18:29 | |
then you can commission anything, from a cyberattack | 0:18:29 | 0:18:32 | |
on a competitor's business to a full-on Trojan programme | 0:18:32 | 0:18:36 | |
designed to steal personal data and money from millions of people | 0:18:36 | 0:18:40 | |
around the world. | 0:18:40 | 0:18:42 | |
I want to get a sense of the scale of cybercrime here. | 0:18:43 | 0:18:48 | |
If anyone would know it would be Kaspersky lab, the makers | 0:18:48 | 0:18:52 | |
of anti-virus software who keep track of the world's cyber threats. | 0:18:52 | 0:18:56 | |
This is our virus lab, this is the place where our virus analysts, | 0:18:59 | 0:19:03 | |
they're working in shifts, and they analyse the malware. | 0:19:03 | 0:19:07 | |
They're working 24 hours a day, seven days a week, 365 days a year. | 0:19:07 | 0:19:11 | |
The second a malware attack happens somewhere in the world, | 0:19:11 | 0:19:15 | |
this is where it's reported. | 0:19:15 | 0:19:18 | |
350,000 unique malware per day. | 0:19:18 | 0:19:21 | |
Which is an incredible number. | 0:19:21 | 0:19:25 | |
-350,000? -Exactly. -Unbelievable. Wow. | 0:19:25 | 0:19:30 | |
-Just here? -Just here in the lab, yeah, yeah. | 0:19:30 | 0:19:32 | |
They are moving their attention from infecting simple home users | 0:19:34 | 0:19:39 | |
to infecting and attacking corporations. | 0:19:39 | 0:19:42 | |
The UK is one of the hot spots in terms of attacks. | 0:19:42 | 0:19:46 | |
Nobody is protected, nobody is safe. | 0:19:46 | 0:19:48 | |
If someone wants to steal information from this concrete | 0:19:48 | 0:19:51 | |
organisation inside the United Kingdom for example, it is possible. | 0:19:51 | 0:19:55 | |
Russia has invested heavily | 0:19:57 | 0:19:59 | |
in technology education in recent years, | 0:19:59 | 0:20:01 | |
producing some of the world's most skilled computer graduates. | 0:20:01 | 0:20:06 | |
Yet, against a backdrop of unemployment and poverty, | 0:20:06 | 0:20:09 | |
'many are tempted to the dark side | 0:20:09 | 0:20:11 | |
'by the big money salaries offered by criminal gangs.' | 0:20:11 | 0:20:15 | |
Notoriously secretive, I am surprised | 0:20:15 | 0:20:18 | |
when the Ministry of Interior agrees to tell me | 0:20:18 | 0:20:20 | |
about its efforts to crack down on these gangs. | 0:20:20 | 0:20:23 | |
I'm just on my way to meet a man, he's a policeman. | 0:20:24 | 0:20:27 | |
In fact, I think I can spot him out the corner of my eye. | 0:20:27 | 0:20:29 | |
He is the man I am told who is in charge of Russia's fight back | 0:20:29 | 0:20:33 | |
against the cybercriminals, That's him. Alexander? | 0:20:33 | 0:20:35 | |
I thought that was you, nice to meet you. | 0:20:35 | 0:20:38 | |
Will we walk? It's freezing. | 0:20:38 | 0:20:40 | |
'Alexander Vurasko is the head of Department K, | 0:20:40 | 0:20:44 | |
'a team of police investigators charged with tackling cybercrime.' | 0:20:44 | 0:20:48 | |
How serious a problem is cybercrime now in Russia for you guys? | 0:20:48 | 0:20:52 | |
Oh, the problem, it is serious | 0:20:52 | 0:20:57 | |
because in Russia | 0:20:57 | 0:20:58 | |
the number of hi-tech crimes... | 0:20:58 | 0:21:02 | |
..is growing every year. | 0:21:04 | 0:21:06 | |
We are principally talking about | 0:21:06 | 0:21:11 | |
organised groups from different countries | 0:21:11 | 0:21:14 | |
working together because there are no borders in the internet. | 0:21:14 | 0:21:19 | |
Who's winning the war at the moment, government or the criminals? | 0:21:19 | 0:21:24 | |
I think every year we have 10% more crimes. | 0:21:24 | 0:21:28 | |
-So the criminals? -Yes. | 0:21:28 | 0:21:29 | |
From what the police are saying, | 0:21:33 | 0:21:35 | |
one could be forgiven for thinking that the battle against | 0:21:35 | 0:21:38 | |
cybercrime being fought over here on our behalf is already partly lost. | 0:21:38 | 0:21:44 | |
The police tell me they are now using private companies | 0:21:49 | 0:21:53 | |
to help hunt down some of the country's | 0:21:53 | 0:21:56 | |
highly sophisticated criminal networks. | 0:21:56 | 0:21:59 | |
Tucked away in the back streets of Moscow, I arrange to meet | 0:21:59 | 0:22:02 | |
one of the teams of investigators - an IT security company. | 0:22:02 | 0:22:06 | |
So this is the heart of the investigating, | 0:22:06 | 0:22:09 | |
this is our forensics lab. | 0:22:09 | 0:22:11 | |
It's the biggest forensics lab in Eastern Europe. | 0:22:11 | 0:22:13 | |
-Is it? -Yes, that's true. -Wow. | 0:22:13 | 0:22:16 | |
So the guys that we can see at the moment working, | 0:22:16 | 0:22:19 | |
they're actually working on live cases of the criminal gangs? | 0:22:19 | 0:22:22 | |
Yes. That's correct. | 0:22:22 | 0:22:24 | |
When something happens, we need to understand what happened | 0:22:24 | 0:22:27 | |
so these people are analysing both hardware and software. | 0:22:27 | 0:22:33 | |
Usually we are going after the top men, | 0:22:33 | 0:22:36 | |
after the boss who organises everything. | 0:22:36 | 0:22:40 | |
Some people act on their own but a bigger threat we see from gangs, | 0:22:40 | 0:22:47 | |
organised crime, and it's really important to follow the money, | 0:22:47 | 0:22:51 | |
to follow all these people in the field and try to find | 0:22:51 | 0:22:54 | |
the big guy, the person who's behind everything. | 0:22:54 | 0:22:57 | |
It's estimated that last year, | 0:22:59 | 0:23:01 | |
the world's cybercriminals made more than £15 billion dollars. | 0:23:01 | 0:23:05 | |
Russian cybercriminals were responsible for almost a third. | 0:23:05 | 0:23:10 | |
The majority of the money going into the pockets | 0:23:10 | 0:23:13 | |
of organised crime gangs. | 0:23:13 | 0:23:15 | |
How much money can you make as a cybercriminal in Russia? | 0:23:15 | 0:23:19 | |
Individually. | 0:23:19 | 0:23:20 | |
You can earn a tremendous amount of money a day. | 0:23:20 | 0:23:23 | |
You can earn millions of dollars by stealing them | 0:23:23 | 0:23:26 | |
from someone's account. | 0:23:26 | 0:23:28 | |
You can do that easily. | 0:23:28 | 0:23:29 | |
And how serious are they? | 0:23:29 | 0:23:31 | |
Very serious. They are indeed criminals. | 0:23:31 | 0:23:34 | |
They can sell drugs, | 0:23:34 | 0:23:36 | |
they can assassinate people or order an assassination. | 0:23:36 | 0:23:41 | |
Very bad things like that. | 0:23:41 | 0:23:43 | |
From what I saw and heard in Russia, it's clear our stolen profiles | 0:23:45 | 0:23:50 | |
are feeding into a massive organised-criminal network | 0:23:50 | 0:23:54 | |
making those at the top end of it billions. | 0:23:54 | 0:23:58 | |
And one of its newest targets? | 0:24:02 | 0:24:05 | |
British business. | 0:24:05 | 0:24:07 | |
This is Police Scotland's specialist cybercrime unit based in Govan. | 0:24:07 | 0:24:13 | |
Their figures show a peak in cybercrimes at the end of last year, | 0:24:13 | 0:24:17 | |
with Scotland's business community specifically being targeted. | 0:24:17 | 0:24:21 | |
We have seen a large number of businesses being targeted | 0:24:21 | 0:24:24 | |
across Scotland in a multitude of sectors. | 0:24:24 | 0:24:26 | |
Certainly the financial sector and agriculture, | 0:24:26 | 0:24:28 | |
but predominantly in the small and medium enterprises, | 0:24:28 | 0:24:31 | |
up to 200 employees. | 0:24:31 | 0:24:33 | |
A lot of businesses may not recover from a cyberattack | 0:24:33 | 0:24:36 | |
simply because it's stolen personal data, they've stolen customer data | 0:24:36 | 0:24:40 | |
and it can cause real problems for the viability of that business | 0:24:40 | 0:24:43 | |
in the long term. | 0:24:43 | 0:24:44 | |
Some British businesses | 0:24:44 | 0:24:46 | |
and big banks are now turning to the criminals for help. | 0:24:46 | 0:24:50 | |
Since leaving prison, Tony Sales has been hired | 0:24:50 | 0:24:54 | |
to test defences and highlight their vulnerabilities. | 0:24:54 | 0:24:58 | |
Banks, financial institutions, | 0:24:58 | 0:25:01 | |
retailers, insurance companies. | 0:25:01 | 0:25:05 | |
Lots of different companies use my services to go in | 0:25:05 | 0:25:09 | |
and point out the weaknesses. | 0:25:09 | 0:25:11 | |
Tony tells me that many companies he assesses take action | 0:25:11 | 0:25:14 | |
if the effect on profit is significant. | 0:25:14 | 0:25:17 | |
But if the weakness he points out is simply a data breach, | 0:25:17 | 0:25:21 | |
then many companies call it "acceptable loss" and write it off. | 0:25:21 | 0:25:25 | |
I am stunned when they don't do anything about it - | 0:25:25 | 0:25:29 | |
they shake my hand at the end of the meeting, say thanks | 0:25:29 | 0:25:32 | |
and six months later at the company | 0:25:32 | 0:25:34 | |
nothing has changed, it's exactly the same as how it was. | 0:25:34 | 0:25:39 | |
The British Bankers' Association is the voice of banking, | 0:25:42 | 0:25:46 | |
'representing more than 240 organisations. | 0:25:46 | 0:25:49 | |
'It says it's taken robust measures to counter the cybercriminals.' | 0:25:49 | 0:25:54 | |
The evidence is clear that the criminals have | 0:25:54 | 0:25:56 | |
changed their techniques quickly in response to bank controls | 0:25:56 | 0:25:59 | |
and activity by public authorities. | 0:25:59 | 0:26:02 | |
The British banking industry has some of the strongest controls | 0:26:02 | 0:26:06 | |
anywhere in the world to address financial crimes | 0:26:06 | 0:26:09 | |
and some of the most safe and secure banking arrangements. | 0:26:09 | 0:26:16 | |
We're not resting on our laurels. | 0:26:16 | 0:26:18 | |
We do need to constantly update these measures and make sure we're one step | 0:26:18 | 0:26:23 | |
ahead of the criminals, and that's what we're trying to do. | 0:26:23 | 0:26:26 | |
I wonder whether the actions now being taken | 0:26:26 | 0:26:29 | |
by big business and banking to try and protect their systems | 0:26:29 | 0:26:33 | |
from cybercrime are making any inroads. | 0:26:33 | 0:26:35 | |
In terms of the amount of data, | 0:26:35 | 0:26:37 | |
the amount of profiles that are available on the market, | 0:26:37 | 0:26:40 | |
-there are as many as there ever were? -Of course. | 0:26:40 | 0:26:43 | |
-So... -There are sites that are dedicated just to that. | 0:26:43 | 0:26:47 | |
And you've not noticed a kind of drop-off in the amount | 0:26:47 | 0:26:50 | |
of data that's available on these sites? | 0:26:50 | 0:26:52 | |
Businesses haven't tightened themselves up so much | 0:26:52 | 0:26:54 | |
that guys like you are getting less profiles? | 0:26:54 | 0:26:56 | |
I could go today, I could see my friend today | 0:26:56 | 0:26:58 | |
and I could literally buy ten profiles off him. | 0:26:58 | 0:27:01 | |
How safe is our money online? | 0:27:01 | 0:27:03 | |
Me personally, I don't even have any money in any banks. | 0:27:03 | 0:27:06 | |
Like, if I went out and earned £25,000 today, | 0:27:06 | 0:27:09 | |
I would never go to a bank and put my money in the bank. | 0:27:09 | 0:27:11 | |
Because of people like you? | 0:27:11 | 0:27:13 | |
Because of people like myself. | 0:27:13 | 0:27:15 | |
Cybercrime is called the dark side of the web for a reason - | 0:27:23 | 0:27:27 | |
activity committed behind closed doors, | 0:27:27 | 0:27:29 | |
on anonymous browsers with the nameless, targeting the faceless. | 0:27:29 | 0:27:33 | |
Whilst the fight to catch the criminals goes on, though, | 0:27:33 | 0:27:36 | |
we don't have to sit and do nothing. | 0:27:36 | 0:27:39 | |
To protect ourselves against even the most basic of attacks | 0:27:39 | 0:27:42 | |
really isn't that difficult. | 0:27:42 | 0:27:45 | |
Just remember, in today's fast-moving cyber-world, | 0:27:48 | 0:27:51 | |
it's not just your computer you need to worry about. | 0:27:51 | 0:27:55 | |
Your life's in your phone, so I can now take over your life. | 0:27:55 | 0:27:59 | |
I can see your life, I can talk to people on Facebook as you, | 0:27:59 | 0:28:03 | |
I can talk to people on LinkedIn as you, I can tweet as you, | 0:28:03 | 0:28:06 | |
I can send tweets out with malware in them as you, | 0:28:06 | 0:28:09 | |
that will then infect everyone that you know. | 0:28:09 | 0:28:12 | |
I can send videos out on Facebook with malware in them | 0:28:12 | 0:28:16 | |
that will infect all your friends. | 0:28:16 | 0:28:17 | |
People will share your videos and they will move on and on and on, | 0:28:17 | 0:28:20 | |
and so by just getting one person's phone, | 0:28:20 | 0:28:25 | |
you can actually destroy millions of lives just by malware. | 0:28:25 | 0:28:28 |