PREVIOUSLY: THE STATE OF CYBER CRIME TODAY
Patrick Gray (PG): Now one of the trends that you outline in your book is concerns cyber
crime could start originating out of Africa in a big way - it doesn't seem to be a real hotbed for
criminal activity at the moment, but you say that it could be in the future. Can you explain why
that is?
Nigel Phair (NP): There has been plenty of criminal activity generally come out of Africa in recent
years and from a technology and cyber perspective I suppose you'd look at the use of the
traditional 419 letters going online. Unfortunately people still get sucked into those and that
goes back to my earlier comment of people changing their behaviour. But certainly they're building
more Internet connectivity in those regions and the people are getting more savvy with technology.
There's some really good criminal minds over there that hide behind state barriers and it will be a
good place to base yourself to do some serious cyber criminal activity in the future.
PG: Now also we often hear that organised crime is very much involved in criminal
activity conducted over the Internet in things like phishing and that type of fraud. Do these
criminal organisations have tendrils, do they have people on the ground within Australia or is it
purely a type of crime that is conducted from beyond our shores?
NP: I think the important thing in answering that question is what you talk about with organised
crime. I don't believe that there is organised crime groups per se on the Internet and by that I
mean your traditional hierarchical of groups that you might have had with Mafia people; people
historically taking over the garbage in New York City for example or certain organised crime groups
doing certain drug importations and they control every part of it. What we're seeing with the
Internet and with crime on it, is organised criminal networks as opposed to groups. This is where
you've got people forming an alliance to conduct and exploit -- whether it be a zero day attack or
a phishing scam or something similar -- and they get together, they pool their resources of skills
and expertise and they'll buy in the product they need, whether they need a botnet or something
like that. They will do it and then go their own ways.
PG: So it's not so much a hierarchical organisational structure; you are looking more at
a distributed organisation structure in these cases?
NP: Absolutely. The great thing is that because of the phenomenon of the net, they never need to
meet. All they've got to do is distribute the money somehow because that's what crime is all about.
They never need to meet so they anonymise themselves at all steps and it makes it obviously very
difficult for law enforcement.
This interview originally ran on ITRadio.com.au's Risky Business podcast, which can be downloaded here.
NEXT: WHAT GOES ON IN AUSTRALIA'S HIGH-TECH LAW ENFORCEMENT COMMUNITY?