Business should focus on cyber crime
Johannesburg - Businesses need to focus on the threat posed by cyber crime, a law firm said on Wednesday.
“If I was speaking to you two years ago, the bulk of my practice was procurement fraud, and things like business hijackings, financial statement fraud and the like,” Dave Loxton, the head of business crime and forensics at Werksmans, told reporters in Johannesburg.
“In the last two years, my whole practice has shifted across to cyber crime.”
Cyber crime is any crime involving a computer or the internet.
Authorities in countries such as the US, the UK and Europe had indicated to Loxton that within the next three years the proceeds of cyber crime would surpass those of all other forms of white collar crime combined.
“That is the way it is going,” he said.
A case Loxton had worked on involved a major South African company with a presence in Africa, Europe, and the US.
“They had their server hacked by a syndicate and the syndicate sat on their server for four years before they were aware,” he said.
“In that four years, the syndicate intercepted every single board pack (board reports), every single confidential piece of information between the MD and his co-directors, plus they sold product which is stored in the warehouse.”
The security breach was discovered only after an employee noticed that his laptop was acting strangely, which led to an investigation that uncovered the breach.
“It was an international syndicate involving Russians, Bulgarians, Latvians, Nigerians, and South Africans,” Loxton said.
“It involved money laundering, it involved human trafficking... it was a very slick operation.”
The South African member of the syndicate, who was located near the corporation's offices, was being paid in drugs, not money, as he was a drug addict.
It was rare that cyber criminals were individuals, but rather syndicates operating almost like businesses. Cyber crime was linked to other illegal activities such as drug running and human trafficking.
“You can imagine the enormous negative impact on the client,” he said.
“At this stage, the investigation is still ongoing. We don't know if there has been sale of intellectual property. We don't know if there has been sale of trade secrets.”
The corporation concerned was concerned about leaks to the media, as the potential for reputational damage was huge.
“Business should be focusing a lot more on cyber crime.”
Loxton said the public needed to be aware of what information they shared on social networking platforms, such as Facebook, as this could be used by cyber criminals.
He mentioned an instance where a cyber crime consultant showed him, through using a random person's phone number available on Facebook, how it was possible to hack a person's smartphone.
Through that number, the consultant was able to trace the exact location of the number's owner to a department store in Singapore, in real time.
“I've heard experts say its easy to hack a person. It's not easy to hack a computer... the compromise is through people, not systems.”
Cyber crime cost South Africa around R1 billion annually, with the FBI in the US placing South Africa as the country with the sixth-highest rate of cyber crime.
Informal consensus within the private sector ranked South Africa third, behind Russia and China.
South Africa had proved to be a particularly fertile ground for cyber crime because of its “lawless society”.
Cyber crime syndicates knew law enforcement was “paper-thin”, and that there was a low chance of their being arrested and successfully convicted, said Loxton.
“We are generally dealing with highly intelligent, sophisticated people... It is a national crisis,” Loxton said.
“The syndicates find it quite easy to operate in South Africa due to a lack of resources.”
The Norton security firm stated that about US110 billion (about R1 trillion) was lost worldwide to cyber crime.
Loxton said South Africa's banking sector was “superb”, as the major banks had strong internal forensic services. The problem lay with the customers.
“I think our banks are superb. They can't answer to their customers who are stupid, to be blunt,” Loxton said.
“The advice is there.... They can't protect customers from themselves.
“You can't protect people from their own greed and foolishness.” - Sapa