Businesses need to focus on the threat posed by cybercrime, a law firm said on Wednesday.
“If I was speaking to you two years ago, the bulk of my practice was procurement fraud, and things like business hijackings, financial statement fraud and the like,” Dave Loxton, the head of business crime and forensics at Werksmans, told reporters in Johannesburg.
“In the last two years, my whole practice has shifted across to cybercrime.”
Cybercrime is any crime involving a computer or the Internet.
Authorities in countries such as the US, the UK and Europe had indicated to Loxton that within the next three years the proceeds of cybercrime would surpass those of all other forms of white collar crime combined.
A case Loxton had worked on involved a major South African company with a presence in Africa, Europe, and the US. “They had their server hacked by a syndicate and the syndicate sat on their server for four years before they were aware,” he said.
“In those four years, the syndicate intercepted every single board pack [board reports], every single confidential piece of information between the MD and his co-directors, plus they sold product which is stored in the warehouse.”
The security breach was discovered only after an employee noticed that his laptop was acting strangely, which led to an investigation that uncovered the breach. “It was an international syndicate involving Russians, Bulgarians, Latvians, Nigerians, and South Africans,” Loxton said. “It involved money laundering, it involved human trafficking … it was a very slick operation.”
The South African member of the syndicate, who was located near the corporation’s offices, was being paid in drugs, not money, as he was an addict. It was rare that cyber criminals were individuals, but rather syndicates operating almost like businesses. Cybercrime was linked to other illegal activities such as drug running and human trafficking.
“You can imagine the enormous negative impact on the client,” Loxton said. “At this stage, the investigation is still ongoing. We don’t know if there has been sale of intellectual property. We don’t know if there has been sale of trade secrets.”
The corporation concerned was concerned about leaks to the media, as the potential for reputational damage was huge. “Business should be focusing a lot more on cybercrime.”
Loxton said the public needed to be aware of what information they shared on social networking platforms, such as Facebook, as this could be used by cyber criminals.
He mentioned an instance where a cybercrime consultant showed him, through using a random person’s phone number available on Facebook, how it was possible to hack a person’s smartphone. Through that number, the consultant was able to trace the exact location of the number’s owner to a department store in Singapore, in real time. “I’ve heard experts say its easy to hack a person. It’s not easy to hack a computer. The compromise is through people, not systems.”
Cybercrime cost South Africa around R1bn/year, with the US Federal Bureau of Investigation placing South Africa as the country with the sixth-highest rate of cybercrime. Informal consensus within the private sector ranked South Africa third, behind Russia and China.
South Africa had proved to be a particularly fertile ground for cybercrime because of its “lawless society”.
Cybercrime syndicates knew law enforcement was “paper-thin”, and that there was a low chance of their being arrested and successfully convicted, said Loxton. “We are generally dealing with highly intelligent, sophisticated people. It is a national crisis. The syndicates find it quite easy to operate in South Africa due to a lack of resources.”
Loxton said South Africa’s banking sector was “superb”, as the major banks had strong internal forensic services. The problem lay with the customers. “I think our banks are superb. They can’t answer to their customers who are stupid, to be blunt,” Loxton said. “The advice is there. They can’t protect customers from themselves. You can’t protect people from their own greed and foolishness.” — Sapa
