While arresting 1,000 people in a four month long operation is a significant feat, it is likely mostly very low level people that they caught.
They also recovered $27 million in proceeds. Given that the estimate is that Internet crime will cost us $10 trillion a year by 2025, recovering $27 million doesn’t seem like much.
The operation, code named HAECHI-II, involved law enforcement from 20 countries and allowed them to close over 1,600 cases. Again, not to diminish their work, but there are millions of cases every year.
Interpol’s Secretary General said that this operation showed that the surge in online financial crime during the Covid pandemic has not eased.
Not only did they arrest over a thousand crooks, but they also discovered ten new criminal techniques during the operation.
And the crooks are creative. In one attack the hackers got people to download an app based on the hit South Korean Netflix show Squid Game and that app had a trojan that subscribed the victims to paid premium services without their approval.
This is part of a three year anti-crime operation. Phase one, called HAECHI-I arrested about half as many people but recovered more than three times as much money.
While these efforts are useful, the only way to make a real dent in cybercrime is to get people to be more aware and take more responsibility for protecting themselves. This is hard because many of the attacks are very sophisticated and hard for people to understand. Part of the challenge is to get people to do things that they don’t want to do. Google, for example, says that only about 10 percent of its users have turned on two factor authentication, which makes compromising a user’s Google (or bank) account much harder. Google has decided to force the issue and is planning make two factor authentication mandatory on a hundred fifty million accounts this year in phase 1 of getting all accounts 2FA enabled. But other companies do not want to take the heat from unhappy consumers. For example, most banks do not require 2FA for online banking and consumers don’t care because the bank takes the loss from the fraud.
Maybe companies need to do what cyber insurance companies are starting to do. If you don’t have good cyber hygiene, they just won’t pay your claim – you are on your own, good luck.
Credit: The Hacker News