Connect with us

Opinion

Social media firms and app developers are failing to prevent criminals from finding new ways of exploiting their products

Published

on

failing to prevent criminals from finding new ways of exploiting their products

Technology site the Verge recently revealed that poorly-paid Facebook moderators employed by third-party firms to wade through huge amounts of illegal and disturbing content are developing the same type of post-traumatic stress disorder symptoms that doctors are more used to seeing in soldiers returning from war zones. While the unforgiving demands that are made of these workers is most likely to be the primary cause of the poor mental health many of them appear to suffer from, the nature of the material they have to process during the course of their working day must undoubtedly take its toll. For its part, Facebook claims that its rapid growth left it with little choice but to turn to outsourcers to help it police its networks, and that it does all it can to ensure the moderators it employs through third parties enjoy decent working conditions.

Like Facebook, other social media platforms have sought to up their game in recent years when it comes to taking down hate speech, violent crime and extreme pornography. While many have made progress as far as removing offensive material is concerned, they generally appear to be less successful at preventing their networks from being used by organised criminals, who are increasingly using these platforms to facilitate illegal activity.

Organised criminal gangs have been exploring ways in which they can use social media platforms and encrypted smartphone apps for some time now, partly as a result of the shutdown of a number of leading dark web marketplaces over the course of the past year or so. A recent report from online security firm Bromium revealed that cyber criminals are making more than $3 billion a year from spreading malware and selling hacking tools on social media platforms. The study found that incidents of cyber crime involving social media grew more than 300-fold between 2015 and 2017 in the US alone.

At the same time, criminals involved in more traditional forms of illegal activity have been finding new ways in which to use social media platforms to target victims and reach new customers. Experts fear that the advent of 5G connectivity will only make it easier for criminals to exploit online resources, which begs the question why social media networks are not doing more to crack down on their platforms being used for illegal activity now. While the likes of Facebook and Twitter spend a great deal of time and resources removing content that might be considered offensive, they appear to be doing little to combat rising levels of crime on their platforms, as can be evidenced by almost daily reports of new ways in which bad actors are exploiting their networks in fresh and often ingenious ways.

A recent report from digital risk protection firm Dark Shadows revealed that criminal gangs operating online are offering salaries of up to $360,000 a year to individuals who can help them identify and target high-worth individuals in sextortion scams. For accomplices with programming skills, these can salaries rise to more than $768,000 per year, the cyber security firm found. The company’s research reveals how an extortion method that is invariably carried out over social media and messaging apps has become so easy and profitable that the organised gangs behind it can now afford to pay executive salaries to anybody who can help them find high-worth individuals to target.

Separately, the UK’s Independent last month revealed that criminals were using the popular video game Fortnite to launder the proceeds of their illegal activities. An investigation conducted by the website found that criminals had been using stolen credit card details to purchase the game’s virtual currency before selling it on at a discount, effectively “cleaning” their ill-gotten gains. More recently, a number of brands last week withdrew their advertising from YouTube after video blogger Matt Watson revealed that the Google-owned platform’s algorithms were helping paedophiles locate soft porn-type material and share links to explicit content featuring children.

Social media firms have made much lately of their determination to take down offensive and illegal content, but seem less interested in preventing real crime from taking place on their networks. Sadly, this has more to do with PR and profit margin than it does about keeping people safe online. It is telling that YouTube moved quickly to appease advertisers by taking down potentially offensive material after Matt Watson’s revelations were made public, while other types of criminality that might not have such an impact on these companies’ bottom lines is largely ignored. The takeaway here appears to be that if an illegal activity does not hit their profits, social media companies and app developers will most likely remain quite relaxed about it.

Continue Reading

Opinion

Islamist or far right, terrorist prisoners should remain behind bars if there is the slightest suspicion they could still pose a risk

Published

on

terrorist prisoners should remain behind bars

The British government last week very sensibly moved to make sure dangerous terrorist prisoners cannot be released halfway through their sentences to maim and murder innocent members of the public. In emergency legislation tabled in Parliament after two Islamists launched bloody attacks over the past few months having both been let out of jail early, UK government ministers sought to prevent extremists from being set free prior to serving at least two-thirds of their sentence. Even then, cases would need to be referred to the Parole Board for consideration before an inmate could be freed, according to the draft legislation. Under British law as it stands, terrorist suspects are automatically released from jail halfway through their sentences even if authorities believe they could still pose a threat.

The unveiling of the proposed new law prompted some commentators to complain that simply locking up terrorists and throwing away the key is no way to deal with radicalised individuals, as is often the case whenever stricter sentencing for these types of offences is floated as an idea. In reality though, while the suggested new measures may be a start, they go nowhere near far enough.

While the multiple terror attacks the UK endured throughout 2017 were not enough to force any meaningful change, one need only look at the events of the past few months to see how desperately reform of current legislation is needed. In November of last year, an Islamist extremist who had been let out of jail early after being convicted of plotting to launch attacks on several London landmarks stabbed two people to death while attending a conference on rehabilitating offenders in Fishmongers’ Hall near London Bridge.

If it were not for the bravery of members of the public, who tackled Usman Khan before armed police arrived on the scene and shot him dead, it is likely that many more victims would have lost their lives. Khan was handed an indeterminate prison sentence for “public protection” with a minimum jail term of eight years after he was convicted of a range of terrorist offences in 2012, including plotting an attack on the London Stock Exchange. Despite this, he was freed in December 2018, less than a year before he launched his deadly attack.

Just months later, another Islamist extremist stabbed two people in the London suburb of Streatham after being released halfway through a terror-related prison sentence just days earlier. Sudesh Amman was shot dead by a police officer who was part of team keeping him under surveillance due to worries about the danger he posed. Amman was set free after being jailed for possessing documents containing terrorist information and disseminating terrorist publications. If nothing else, the fact the 20-year-old jihadist was released from custody despite being considered so dangerous that he required police surveillance demonstrated just how wrong-headed current UK law is.

How can it be the case that a potentially violent extremist can be let out of prison when he is considered such a threat that he requires a team of detectives to monitor his movements? While it is of course a good thing that officers were on hand to neutralise Amman after he launched his attack, would it not have been better for all concerned if he was not been freed in the first place?

Over the approaching months, scores of convicted terrorists will be coming up for release in Britain, which is one of the reasons the UK government is so keen to push through its new legislation as soon as possible. But while the new law might buy ministers some breathing space by keeping dangerous extremists off the streets in the short term, all it effectively does is kick the problem into the long grass. Even if some extremists are forced to serve the whole of their tariff behind bars, there will be no guarantee they will not hold the same views that inspired their original crimes once they are eventually released from jail. This will be the case whether the offender of is an Islamist or a member of a far-right organisation, although the former group is by some margin a more worrying concern in the UK at present.

As such, the law must act accordingly. A system under which terrorists are handed determinate sentences is no longer fit for purpose, as has been demonstrated repeatedly not only in the UK but also elsewhere. Members of the public deserve to be protected from dangerous extremists, which means none should be allowed to walk the streets until any suspicion that they might pose a risk has been completely discounted. The long and short of the matter is that so long as those harbouring dangerous extremist attitudes are not allowed back on the streets, their chances of acting out their ideological impulses will be much diminished, and you and I will feel safer going  about our business without the fear of being stabbed in the neck by a convicted terrorist whose rightful place is behind bars.

Continue Reading

Opinion

How virtual credit card skimmers successfully target blue-chip firms that should have the resources to repel their attacks

Published

on

virtual credit card skimmers

Despite the banking industry’s best efforts and the launch of a multitude of awareness-raising campaigns by law enforcement agencies across the globe, criminals are still able to use ATM machine and point-of-sale (POS) payment system skimmers to harvest consumers’ credit card details with relative ease. In just the past few weeks, a French-Brazilian man was handed a suspended jail sentence in Australia after being convicted of using an ATM skimmer to fleece victims of tens of thousands of dollars, while police in numerous states across the US have reported increased incidents of credit card skimming devices being found attached to payment consoles at petrol station pumps.

If it were not bad enough that the makers of cash machines and POS devices appear to be completely unable to prevent a scam that now seems relatively low-tech in nature, hackers are increasingly turning to a virtual version of credit card skimming that targets information entered by buyers during the checkout process on ecommerce platforms.

Earlier this week, Interpol revealed that it had supported an operation that resulted in the arrest of three suspects in Indonesia who are alleged to have used digital skimming code to steal the personal credit card information of consumers using multiple ecommerce platforms. The international law enforcement agency said the three suspects went on to use the card details they stole to buy electrical equipment before selling it on at a profit.

In collaboration with online security firm Group-IB, Interpol also identified several servers associated with this type of crime and a number of infected websites in six countries in the ASEAN region. The results of the operation demonstrated the relative ease with which virtual credit card skimmers can be deployed, highlighting the fact that they can be difficult to detect and can be bought and deployed by hackers easily for as little as $250.

This type of cyber crime activity is often referred to as Magecart, an umbrella term coined to describe the act of using so-called JavaScript sniffer malware to target ecommerce websites built on the Magento platform. By maliciously injecting a simple yet effective code into such websites, Magecart hackers are able to steal consumers’ card details and personal information as they go through checkout pages at the end of the purchasing process.

Much in the same way as physical skimmers capture credit card information and PINs at ATM and POS machines, JavaScript sniffers record payment card details and personal information such as names, addresses and phone numbers and then send this on to servers controlled by the hackers behind the scam. As well as using this information to make purchases, cyber criminals can also put credit card details on sale in bulk on the dark web, or use the information they steal to commit identity fraud.

While consumers will more often than not get their money back if their credit card information is compromised by JavaScript sniffer malware, companies targeted in such scams can suffer lasting reputational damage, and can in some cases face fines for failing to protect their customers’ data. Despite the potential consequences, businesses that one would assume would have more than adequate resources to direct towards ensuring the security of their IT systems have fallen victim to Magecart-style attacks, including British Airways and Ticketmaster.

This comes down to the fact that JavaScript sniffer code can be so difficult to detect once it has been injected into a website. At the end of December, Malwarebytes security researcher Jérôme Segura explained in a blog post how JavaScript sniffer code can be hidden in such seemingly innocuous website components as wieldy-used boilerplate “free shipping”  image files. Segura noted that media files are good places for hackers to hide such code on account of the fact that most web crawlers and scanners concentrate on HTML and JavaScript files.

While it may seem strange to some observers that the banking industry and global law enforcement agencies have failed to neutralise the threat posed by physical credit card skimmers, the ease with which Magecart hackers can compromise companies’ IT systems makes the threat posed by JavaScript sniffers all the more pernicious. While the success of Interpol’s recent operation demonstrates that it is possible to identify and bring Magecart cyber criminals to justice, the fact that it can take as little as one line of code to compromise ecommerce platforms makes it very difficult to head off these types of attacks before they start producing results.

In March of last year, Group-IB revealed that Magecart malware that took the form of just one line of code had comprised more than 800 websites, including one run in the UK by apparel maker FILA. With finding such code being like searching for a needle in a haystack, it seems likely that Magecart attacks will live as long and happy a life as physical credit card skimming.

 

Continue Reading

Opinion

If the UK press is so racist, why do Prince Andrew’s alleged wrongdoings generate so many more column inches than ‘Asian’ grooming gangs?

Published

on

‘Asian’ grooming gangs

Much has been made over recent weeks of the way Meghan Markle has been treated by the British press since she married Prince Harry some 20 months ago. She has, we are told by her supporters, been made to endure the most appalling abuse, particularly at the hands of the UK print media. It has been repeatedly suggested that this has been meted out solely on account of Markle’s skin colour, and has absolutely nothing to do with the manner in which she has conducted herself since joining the royal family. The difference between the coverage she receives and that enjoyed by Prince William’s wife Kate Middleton, it is argued, simply comes down to skin colour.

Accusations of racism are routinely levelled at parts of the British media, and are in some cases well deserved. But whether or not you believe Meghan Markle has been hounded by reporters and journalists due to the fact she is of mixed race, there is little evidence to suggest that Prince Andrew has in any way benefitted from the colour of his skin when it comes to media coverage of his alleged wrongdoings. That is of course entirely correct.

Accusations that the Duke of York may have been involved in sex trafficking should be taken extremely seriously. As should the very well documented fact that he maintained a relationship with the disgraced and now deceased US financier Jeffrey Epstein after he had been convicted of procuring an underage girl for prostitution and sex trafficking.

Thanks to UK media coverage of his alleged behaviour, Prince Andrew’s life is now almost unrecognisable compared to this time last year. Following weeks of lurid headlines about his party lifestyle and discussion relating to his ability to sweat, the Duke was effectively sacked from the royal family, and lost almost all his “work”. The press did its job; exposing wrongdoing and holding Andrew to account. Having white skin did him few favours on this occasion it would seem, and failed to protect him from an absolute mauling from the British media.

But if the UK press truly is as racist as is often claimed, one could surely expect that it would stop at nothing to investigate repeated revelations about mostly Pakistani Muslim paedophile grooming gangs raping poor white working-class girls with at least the same vigour as it would allegations about the Duke of York? Apparently not.

Last week, the Times of London reported that it had seen a report that showed the UK’s Independent Office for Police Conduct (IOPC) had upheld a complaint that a police officer from Rotherham ignored allegations that such gangs existed because the town “would erupt” if it were  known that Asian men were routinely having sex with under-age white girls. While the story received moderate levels of media coverage for a couple of days, it garnered nothing approaching the attention generated by the allegations relating to Prince Andrew.

There is a pattern here. In the UK, barely a month goes by without reports of “Asian” gangs being brought before the country’s courts to face charges of raping vulnerable young white girls. Earlier this month, the BBC reported that Leeds Crown Court had heard that a grooming gang in Huddersfield preyed on two “young and vulnerable” teenage girls, with one victim estimating she “had sex with up to 300 men”.

In December, the Independent reported that campaigners had called for the UK government to keep a promise to review grooming gang “characteristics” after revealing that more than 18,700 suspected victims of child sexual exploitation were identified by local authorities in 2018-19. In November, the Yorkshire Post reported that five men who sexually exploited young girls in Huddersfield had been handed jail sentences of up to 14 years. To say this is an epidemic would be an extraordinary understatement. In fact, research published by the Quilliam Foundation in 2017 revealed that 84% of “grooming gang” offenders were at the time “South Asian”.

Despite this, the above stories and many others like them receive nothing approaching the blanket coverage the disgraceful allegations against Prince Andrew were rightly given towards the back end of last year. Surely, if the UK media was as racist as some people claim, reports of mostly Pakistani Muslim paedophile gangs raping young white working-class girls would receive at least comparable coverage to the accusations facing the Duke of York? Fortunately for the members of these gangs, it would appear that the British press is beset by a form of racism to which they are immune.

Continue Reading

Newsletter

Sign up for our mailing list to receive updates and information on events

Social Widget

Latest articles

Press review

Follow us on Twitter

Trending

Shares