{"id":56007,"date":"2020-05-20T06:00:40","date_gmt":"2020-05-19T20:00:40","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=56007"},"modified":"2020-05-19T17:17:11","modified_gmt":"2020-05-19T07:17:11","slug":"cybercriminals-in-the-backyard","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/cybercriminals-in-the-backyard\/","title":{"rendered":"Cybercriminals in the backyard"},"content":{"rendered":"<figure><img loading=\"lazy\" decoding=\"async\" width=\"1158\" height=\"738\" class=\"alignnone size-full wp-image-56009\" src=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/05\/cybercrime1905.jpg\" srcset=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/05\/cybercrime1905.jpg 1158w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/05\/cybercrime1905-205x131.jpg 205w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/05\/cybercrime1905-1024x653.jpg 1024w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/05\/cybercrime1905-768x489.jpg 768w\" sizes=\"(max-width: 1158px) 100vw, 1158px\" \/><\/figure>\n<p>There\u2019s a popular perception that cybercrime is an anonymous activity. With seemingly faceless attackers and \u2018darknet\u2019 sites, a picture emerges of a threat unlike anything we\u2019ve seen before. But cybercrime shouldn\u2019t generate this kind of paradigm shift. As Peter Grabosky astutely <a href=\"https:\/\/journals.sagepub.com\/doi\/10.1177\/a017405\" target=\"_blank\" rel=\"noopener noreferrer\">argued<\/a> almost 20 years ago, it\u2019s \u2018old wine in new bottles\u2019. The crime types\u2014fraud, extortion, theft\u2014remain the same; only the tools have changed.<\/p>\n<p>In my ASPI report, <em><a href=\"https:\/\/www.aspistrategist.ru\/report\/cybercrime-southeast-asia\" target=\"_blank\" rel=\"noopener noreferrer\">Cybercrime in Southeast Asia<\/a><\/em>, released today, I argue that cybercrime is actually rooted in the conventional world. In many cases, there\u2019s a strong offline dimension to it, along with a <a href=\"https:\/\/blog.oup.com\/2017\/11\/cybercrime-as-local-phenomenon\/\" target=\"_blank\" rel=\"noopener noreferrer\">local one<\/a>. All cyberattacks have at least one person behind them. Some of those offenders know each other. All are physically based somewhere and are the product of local socioeconomic conditions. As a result, we see different \u2018flavours\u2019 of cybercrime coming out of different parts of the world.<\/p>\n<p>It\u2019s worth quickly sketching some of the most famous cybercrime hubs around the globe. Perhaps the best known of all is parts of the <a href=\"https:\/\/www.nytimes.com\/2019\/11\/29\/opinion\/the-criminal-silicon-valley-is-thriving.html\" target=\"_blank\" rel=\"noopener noreferrer\">former Soviet Union<\/a>. That region produces the most technically capable offenders, who are often responsible for developing top-level malware and other tools that are used throughout the industry. An excellent education system produces an oversupply of able technologists who then struggle to find opportunities in a weak technology industry.<\/p>\n<p>Another reputed hub is Nigeria, which is known for far less technical forms of cybercrime. Nigerian cybercriminals have traditionally carried out \u2018advance fee fraud\u2019\u2014the email scams familiar to most of us. In more recent years, West African offenders have evolved. One <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/definition\/business-email-compromise-(bec)\" target=\"_blank\" rel=\"noopener noreferrer\">growing threat<\/a> is business email compromise, in which a scammer impersonates a CEO or other person to instruct an employee in the victim company to transfer funds into an account controlled by the criminals.<\/p>\n<p>But there are cybercrime hotspots emerging elsewhere, including in Australia\u2019s strategic backyard. Southeast Asia provides an interesting cybercrime case study, as it includes populations of both local and foreign offenders. While offenders are spread across the region, certain countries contain a larger cybercriminal threat than others. Vietnam, for example, hosts a local community of \u2018<a href=\"https:\/\/www.zdnet.com\/article\/vietnam-on-the-edge-of-becoming-a-mid-tier-cybercrime-hub\/\" target=\"_blank\" rel=\"noopener noreferrer\">black hat<\/a>\u2019 hackers. While some cybercriminals strike at home, Vietnam itself is not a target-rich environment and major attacks there are not widely reported. One rare example was the <a href=\"https:\/\/english.vietnamnet.vn\/fms\/business\/162187\/vietcombank-tightens-otp-service-security-after--23-000-account-hack.html\" target=\"_blank\" rel=\"noopener noreferrer\">Vietcombank case<\/a> of 2016, in which 500\u00a0million dong (A$33,000) was extracted from a customer\u2019s account.<\/p>\n<p>For those Vietnamese attacking targets overseas, credit card fraud has been a popular endeavour. The conventional business model has been to target ecommerce sites and steal their databases of credit card details. The cybercriminals can then sell the card data in virtual marketplaces or buy products online themselves and arrange for them to be shipped back to Vietnam. Vietnamese cybercriminals have also engaged in personal data theft, compromising email and other account credentials, and a number of other schemes.<\/p>\n<p>If the example of Vietnam is about local offenders striking internationally, the case of Malaysia is about foreign cybercriminals using that country as a base of operations. There is a community of local Malaysian cybercriminals, but the more pressing issue is the large presence of <a href=\"https:\/\/www.straitstimes.com\/singapore\/courts-crime\/nigerian-malaysian-nabbed-over-237000-internet-love-scams\" target=\"_blank\" rel=\"noopener noreferrer\">Nigerian fraudsters<\/a> who have established themselves there.<\/p>\n<p>While Nigerian email scams are well known, many assume that the offenders are based in West Africa. And while there are indeed a number of offenders operating out of Nigeria, there are also Nigerian cybercriminals spread out across Africa and the world, including in the US, the UK, the Netherlands, India, the Philippines and Australia. Their presence in such countries can be for computing training, coordinating money-mule and other support operations, or running their own autonomous scam operations from those countries.<\/p>\n<p>Curiously, for some time Malaysia has hosted one of the largest concentrations of Nigerian fraudsters. It isn\u2019t yet clear why this is such a fertile location, but it\u2019s of growing concern, as perhaps many thousands of such <a href=\"https:\/\/www.hup.harvard.edu\/catalog.php?isbn=9780674979413\" target=\"_blank\" rel=\"noopener noreferrer\">offenders<\/a> are running hugely profitable enterprises there.<\/p>\n<p>Australia\u2019s approach to fighting cybercrime needs to be augmented to account more seriously for this local dimension, particularly in Southeast Asia, and our fight against cybercrime should be more targeted, enduring and forward-looking.<\/p>\n<p>While it makes sense to continue supporting international cooperation in the fight against cybercrime, those efforts need to be targeted to specific hotspots where the problem is the most acute and Australia\u2019s contributions can provide the greatest value for money. This involves the identification of current or future cybercriminal hotspots in Australia\u2019s near region.<\/p>\n<p>Australia\u2019s law enforcement capacity-building programs should be matched specifically to those countries producing the biggest cybercrime threat. Deeper relationships should also be developed between investigators in Australia and in those countries through expanded use of cyber liaison posts and exchange programs.<\/p>\n<p>Finally, Australia should adopt prevention programs that seek to block offenders\u2019 pathways into cybercrime and promote those programs in cybercrime hotspots in the region.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>There\u2019s a popular perception that cybercrime is an anonymous activity. With seemingly faceless attackers and \u2018darknet\u2019 sites, a picture emerges of a threat unlike anything we\u2019ve seen before. But cybercrime shouldn\u2019t generate this kind of &#8230;<\/p>\n","protected":false},"author":1141,"featured_media":56009,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[391,1801,2138,316],"class_list":["post-56007","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-cyber","tag-cybercrime","tag-cybersecurity","tag-law-enforcement"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Cybercriminals in the backyard | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/cybercriminals-in-the-backyard\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cybercriminals in the backyard | The Strategist\" \/>\n<meta property=\"og:description\" content=\"There\u2019s a popular perception that cybercrime is an anonymous activity. With seemingly faceless attackers and \u2018darknet\u2019 sites, a picture emerges of a threat unlike anything we\u2019ve seen before. But cybercrime shouldn\u2019t generate this kind of ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/cybercriminals-in-the-backyard\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2020-05-19T20:00:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-19T07:17:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/05\/cybercrime1905.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1158\" \/>\n\t<meta property=\"og:image:height\" content=\"738\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jonathan Lusthaus\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jonathan Lusthaus\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI&#039;s analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/cybercriminals-in-the-backyard\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/05\/cybercrime1905.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/05\/cybercrime1905.jpg\",\"width\":1158,\"height\":738},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/cybercriminals-in-the-backyard\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/cybercriminals-in-the-backyard\/\",\"name\":\"Cybercriminals in the backyard | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/cybercriminals-in-the-backyard\/#primaryimage\"},\"datePublished\":\"2020-05-19T20:00:40+00:00\",\"dateModified\":\"2020-05-19T07:17:11+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/10038cbb58bab3ff96063f359802865a\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/cybercriminals-in-the-backyard\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/cybercriminals-in-the-backyard\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/cybercriminals-in-the-backyard\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybercriminals in the backyard\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/10038cbb58bab3ff96063f359802865a\",\"name\":\"Jonathan Lusthaus\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ab29e7e1a4fc5e7b982bef5fc4366a0b?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ab29e7e1a4fc5e7b982bef5fc4366a0b?s=96&d=mm&r=g\",\"caption\":\"Jonathan Lusthaus\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/jonathan-lusthaus\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cybercriminals in the backyard | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/cybercriminals-in-the-backyard\/","og_locale":"en_US","og_type":"article","og_title":"Cybercriminals in the backyard | The Strategist","og_description":"There\u2019s a popular perception that cybercrime is an anonymous activity. With seemingly faceless attackers and \u2018darknet\u2019 sites, a picture emerges of a threat unlike anything we\u2019ve seen before. But cybercrime shouldn\u2019t generate this kind of ...","og_url":"https:\/\/www.aspistrategist.ru\/cybercriminals-in-the-backyard\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2020-05-19T20:00:40+00:00","article_modified_time":"2020-05-19T07:17:11+00:00","og_image":[{"width":1158,"height":738,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/05\/cybercrime1905.jpg","type":"image\/jpeg"}],"author":"Jonathan Lusthaus","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Jonathan Lusthaus","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI&#039;s analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/cybercriminals-in-the-backyard\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/05\/cybercrime1905.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2020\/05\/cybercrime1905.jpg","width":1158,"height":738},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/cybercriminals-in-the-backyard\/","url":"https:\/\/www.aspistrategist.ru\/cybercriminals-in-the-backyard\/","name":"Cybercriminals in the backyard | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/cybercriminals-in-the-backyard\/#primaryimage"},"datePublished":"2020-05-19T20:00:40+00:00","dateModified":"2020-05-19T07:17:11+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/10038cbb58bab3ff96063f359802865a"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/cybercriminals-in-the-backyard\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/cybercriminals-in-the-backyard\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/cybercriminals-in-the-backyard\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Cybercriminals in the backyard"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/10038cbb58bab3ff96063f359802865a","name":"Jonathan Lusthaus","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/ab29e7e1a4fc5e7b982bef5fc4366a0b?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ab29e7e1a4fc5e7b982bef5fc4366a0b?s=96&d=mm&r=g","caption":"Jonathan Lusthaus"},"url":"https:\/\/www.aspistrategist.ru\/author\/jonathan-lusthaus\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/56007"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/1141"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=56007"}],"version-history":[{"count":5,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/56007\/revisions"}],"predecessor-version":[{"id":56012,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/56007\/revisions\/56012"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/56009"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=56007"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=56007"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=56007"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}