Online crime is exploding – with many East European gangs targeting Britain – and the people most affected are the most vulnerable.
Keeping anti-virus software updated is the main National Crime Agency (NCA) advice, as well as never giving any financial details away on sites that aren’t marked https at the start of the website address.
A few months ago, Bob Reynolds sat down to write an email. “Whoever you are, you people who do these things are terrible. I can’t believe you would go to these extremes just to take £4,800. You are scum.”
For Reynolds, a 25-year-old from Romford, Essex, it was the last message he ever sent to the person he knew as “Evelyn”, who purported to be a kindly old lady from Leicestershire but had just stolen a year’s worth of his savings.
Earlier in the summer, Reynolds had answered an advert on the internet auction site eBay put up by Evelyn, who claimed she wanted to sell a black Nissan Navara truck that was cluttering up her drive. Reynolds, a regular eBay user for his painting and decorating business, agreed the price and said he would travel up to see the vehicle before buying it.
“She said she could arrange to have it delivered through a haulage company and told me all vehicles were with eBay buyer protection and then sent me a link to a page confirming it. Actually, it was a perfect forgery [the company’s Vehicle Purchase Protection policy says it covers only certain vehicle transactions and any “promises” are fraudulent]. I was very busy, so I agreed.”
Reynolds paid, but the truck never arrived. “The police said they would look into it, but we never heard anything back. I worked too many hours to count to save up the money to buy that truck and these robbers just took it from me. I was in pieces.”
Reynolds’ hard-earned money is just a drop in the £1.5 billion ocean that has been fraudulently extracted from British online shoppers in the past year. The bank account into which he paid the money was one of tens of thousands in Britain now used by cyber criminals. Fortunately for him, Barclays Bank was already monitoring suspicious activity in the account and has now returned the money. Many others among the four million victims of online fraud in the UK since last December have not been so lucky.
As Metropolitan Police Commissioner Sir Bernard Hogan Howe warned last month, “the stark reality is that cyber crime is the growth industry of the criminal underworld”. In the past year there has been a 60 per cent rise in reported cyber crime, costing – alongside other types of fraud – the British economy an estimated £81 billion. But Sir Bernard’s comments were directed, in particular, at Christmas shoppers.
For the online shopping scrum on the rebranded days of Advent, “Black Friday” and “Cyber Monday”, is when criminal activity also peaks. Come January, the cyber gangs drop off, even taking holidays or spending the money they have stolen in the new year sales. Such was the case with a gang jailed in Britain this year for fleecing a British woman out of her £1 million savings. The group blew the money in a three-day shopping spree in last year’s January sales. Their purchases, according to detectives, included “high-end computers and gold”.
The previous Christmas, a 25-year-old Egyptian, Tamer Abdelhamid, had sent the victim a “phishing email” pretending to be from her bank. The link directed her to a fake website to fill in her details. Abdelhamid then sold those for £3,200 to a Nigerian national living in London, Rilwan Oshodi, who used his accomplice, Annette Jabeth, to change her bank contact details. The victim was abroad at the time, oblivious to the cash being siphoned out of her account. When Oshodi’s Thamesmead flat was eventually raided by police, they found credit card details for more than 11,000 customers – including those of almost 8,500 in Britain.
At the cyber crime unit of the National Crime Agency (NCA) – dubbed Britain’s FBI – senior investigating officer Stuart Garrick draws a pyramid. At the top, he says, is the small core of people, such as Abdelhamid, known as coders. They use their specialist skills to extract people’s bank details and sell them on via anonymous criminal chat forums. The Egyptian traded under the pseudonym ”aimless88’’. Many cyber criminal organisations never meet offline.
“The coders will be measured in the thousands, globally, of people that have got the skills and desire to do this,” says Garrick, an officer of 28 years’ experience who works on the enforcement side of the National Cyber Crime Unit, which opened in October. “I’ve seen some driving Lamborghinis, drinking the finest champagne and living the high life. I’ve seen others who would sit in their bedrooms for weeks on end and had their food left at the bedroom door.”
In the summer, the Home Affairs Select Committee heard evidence that organised gangs in at least 25 countries, mostly in Eastern Europe, were increasingly targeting the UK. In particular, says Garrick, the coders come from Russia, where people have become much more computer literate through using an operating system called Linux, as Windows is very expensive to buy.
Indeed, the case of Tyrone Ellis, a 27-year-old Londoner jailed at the Old Bailey last month as part of a gang who stole up to £4 million through obtaining bank details by fake online adverts for work at Harrods, is a rare example of a British coder.
The problem tackling coders is making arrests. Often, criminals can be based in one country, but using a web server based on the other side of the world. The NCA has 140 officers in 40 countries, but as Garrick says, “no links to Russia”.
He adds: “Since Litvinenko [the former KGB spy poisoned in London in 2006] there has been a frosty relationship and it is my hope, on a law enforcement basis, that will be thawing. That would make a big difference. It must be hurting law enforcement in Russia as well. We need to be able to cooperate.”
Beneath the coders are the botnet controllers, who remotely control a network of compromised computers [botnets]. These are used to send huge amounts of spam, spread viruses and launch “denial of service” attacks to cripple the defence systems of companies or organisations. The networks can stretch into the millions, with many owners of infected computers having no idea they are under criminal control. Last month, botnets spammed tens of millions of British internet users with a Ransomware virus – designed as an email alert – which freezes computers and demands a payment of two Bitcoins (an untraceable online currency valued at around £530 a piece) to unlock it.
Beneath the botnets, are the “mule herders” – organised money launderers who specialise in online transfers. They control “a massive bulk” of mules, people whose bank accounts are used to launder money. Due to Britain’s well-established online banking system, it is estimated they total tens of thousands.
Police have seen many cases where part of the payment for people traffickers bringing illegal immigrants to England is that they set up and hand over an online bank account. Chris Bostock, operations manager at the NCA’s Economic Crime Command Unit, says there have been numerous examples of students allowing their accounts to be used in exchange for money. Other hijacked online accounts are ones that the genuine holders will have set up and perhaps never logged into.
“This is all still in the early stages,” says Garrick. “My biggest fear is that this will move into being an essential part of every organised crime set-up. It’s safe, compared with drug dealing. It’s massively simple, compared with duty fraud or anything along those lines, and it’s a constant battle for the anti-virus companies and operating system manufacturers to try and defeat the few people at the top being able to exploit the systems. This is a new flavour of crime and in the last 10 years has taken off. The potential for obtaining money is immense.”
Keeping anti-virus software updated is the main NCA advice, as well as never giving any financial details away on sites that aren’t marked https at the start of the website address. “One of the worst things about cyber crime is the people most affected are the most vulnerable,” Garrick says. “They are cannon fodder for these sorts of criminals.”
The best advice, as Mr Rowlands found to his detriment, is to remember that in the online world nothing is quite as it seems. The website selling Christmas bargains could be a window straight to the Russian mob.