In continuing my NHK cyber security piece, the annual FBI-backed Internet Crime Complaint Center (IC3) report published last Friday reports that cyber (internet based) losses almost doubled from $265 m in 2008 to $560 m last year. Furthermore, complaints increased by 22.3% to 336,655 complaints in 2009. Ironically, 11.9% of the scams were situations where criminals pretended to be the FBI. Wow!

As I have predicted in many of my presentations, workshops and classes, the limits of current security methods are now becoming apparent. The internet is not a new invention – it has been around for over 40 years. However, there are several reasons why recently (at least in the last 10 years) we are more reliant on and use the “internet” more often. One of the key drivers is that security has played a central role in making sure that the remote access of networked information is authenticated, transmitted securely and integrity is maintained. I now talk about this in more detail on my security blog at: http://security./

Unfortunately, the trends in this report confirm how the limits of traditional information security have been reached, and that humans are becoming (actually have always been) the weak (weaker) link in the whole system. This is because many of the current information security techniques were haphazardly adapted and were then patched with incomplete fixes that needed to maintain backwards compatibility with older insecure systems. Through all this, they have not taken into account usability issues and the limitations of the end user (i.e., your mother-in-law).

Finally, it is interesting to note that traditional physical bank robberies in the United States during the same period only stole about $9.5 million, basically confirming that criminals go where the money is – the internet. Or as the director of the NW3C, Mr. Donald Brackman, summarized, “The figures contained in this report indicate that criminals are continuing to take full advantage of the anonymity afforded them by the Internet. They are also developing increasingly sophisticated means of defrauding unsuspecting consumers. Internet crime is evolving in ways we couldn’t have imagined just five years ago.”

Some other interesting tidbits:

  • Highest dollar frauds were investment scams
  • Perpetrators and victims mostly came from California
  • 54% of the complainants were male and lost a ratio of $1.51 per $1.00 for women
  • Nondelivery of merchandise was the second most popular complaint, after criminals pretending to be FBI
  • 7.5% of losses were greater than $10,000 (1% greater than $100,000)

Given the pace of advancement in information security, compounded with human nature, this will get a lot worse before it starts getting better.