Crime runs rampant on the Internet. From stealing passwords to stealing actual money, criminals target a variety of sources to inhibit the functions of society. As individuals we can do only so much to protect our finances from the prying eyes of cybercriminals. The implications of crime become diluted when banks are under attack, because it matters to us as individuals only if we have accounts with those banks. However, when cybercriminals shift their focus to the larger picture—the fundamental structure of our monetary system—it becomes something that even individuals find impossible to ignore.

Individuals who live in metropolitan areas will occasionally be faced with criminal activity that takes place only in their region. City dwellers avoid alleyways, place bars on their windows, purchase industrial locks for their bikes, and concern themselves with where to park their cars. Those who live in residential areas will not be as likely to relate to the kind of activity that these individuals experience. Therefore, crime and its implications in these areas is not considered as much or as clearly.

It is easy to ignore the implications of crime, especially when it does not occur regularly in our individual lives. Our living situations, incomes, housing, school districts, and even neighbors define our experience of crime. However, computer crime is different. It usually takes place at the user level, not the system level, putting everyone on an even playing field. According to the FBI, “Cyber criminals have demonstrated their abilities to exploit our online financial and market systems that interface with the Internet, such as the Automated Clearing House (ACH) systems, card payments, and market trades. In these instances, cyber crime is easily committed by exploiting the system users, rather than the systems themselves. This is typically done through the compromise of a legitimate user’s account credentials.”[1] Any user of a system such as a bank, investment center, or brokerage service is susceptible to an attack. Nevertheless, society still relies on these systems to uphold our monetary structure. Therein lies the problem. The FBI also says that “Fraudulent monetary transfers and counterfeiting of stored value cards are the most common result of exploits against financial institutions, payment processors, and merchants. While the losses that result from these exploits generally fall upon the financial institution, consumers experience the inconvenience of changing accounts and replacing cards associated with their compromised information, as well as the emotional impact associated with being a victim of a cyber crime.”[2] No one has more to lose from a cybercrime than the victim. Although the media tends to portray the loss in terms of the system or body of governance affected, individual victims suffer the most. For that reason, many people take preventive measures to protect their assets, from using a trusted computer and wireless network to withdrawing money from a trusted ATM; those of us who realize the potential for loss counter it by working with the system and not against it. Society puts its trust in banks and their ATMs. We fund their programs to monitor criminal activity on networks, and even purchase insurance in case of identity theft. But what happens if the criminals who were targeting individuals and getting away with it shift their focus to the system instead?

According to testimony given in 2011 by Gordon M. Snow, the FBI’s assistant director of the Cyber Division, “[A] Pennsylvania school district discovered that over $450,000 was missing from their bank account. The following year, a New York school district reported that approximately $3 million had been transferred out of their bank account. The New York’s school district’s bank was able to recover some of the transfers, but $500,000 had already been withdrawn from the account before the transaction could be reversed.”[3]Cybercriminals without an agenda tend to play the odds in their favor, hacking and stealing from individual accounts and doing their best to get away with their crimes. Those who shift their focus to larger systems such as schools, banks, and companies are either skilled individuals or susceptible to getting caught. Regardless of what happens to the criminal, their effect on society cannot go unnoticed. “Recently, two trucking companies were victimized by fraudulent electronic account transfers, and lost approximately $115,000,” Snow said. “Compared to some loss figures, this might not seem significant. One of the companies currently has annual revenues worth roughly $79 million, so their loss was nearly .1 percent of their gross revenue. That amount is approximately enough to purchase an additional tractor-trailer and provide another driver with a job.”[4] Clearly, even in large enterprises there are ways for cybercriminals to go unnoticed.

As noted earlier, it is easy for individuals to ignore the implications of crime when they do not pertain to them directly. It makes sense that we do not focus on others getting hacked and losing money, because it holds no relevance to our individual lives until it happens to us. But the same concept applies when cybercriminals attack enterprises. If a criminal steals .1 percent of the net worth of a company, it is not enough of an issue to cause any alarm. More than likely, this criminal will never be sought out and the company will not release the information to the public. It is difficult to prosecute criminals, because, according to Snow, many thefts go unreported: “Many companies prefer not to disclose that their systems have been compromised, so they absorb the loss, making it impossible to accurately calculate damages,” he said. Criminals are getting away with large amounts of money because relative to the income of the institution getting hacked, the crime is not worth pursuing. In 2010 “an Illinois town was the victim of a cyber intrusion resulting in unauthorized ACH transfers totaling $100,000,” Snow said. “When an authorized individual logged into the town’s bank account, the individual was redirected to a site alerting her that the bank’s website was experiencing technical difficulties. During this redirection, the criminal used the victim’s authorized credentials to initiate transactions. The town was able to recover only $30,000.”[5] This means that the attacker still got away with $70,000. That may not be a lot relative to the town’s income, but it’s definitely enough to encourage the criminal to commit more crimes in this fashion. It is clear that cybercriminals are not only affecting society by attacking individuals, but can shift their focus to enterprises, and as long as they do not cause a big disturbance, they can escape just as easily. What real effect are these criminals having on society? Is it noticeable?

According to cybersecurity expert Steve Morgan, “IBM Corp.’s Chairman, CEO and President, Ginni Rometty, recently said that cyber crime may be the greatest threat to every company in the world.”[6] Cybercriminals are computer superusers—people who have a gift for using computers—with malicious intent. Morgan also cites the World Economic Forum’s acknowledgment that “a significant portion of cybercrime goes undetected, particularly industrial espionage where access to confidential documents and data is difficult to spot.”[7] In terms of finance, money is relative and just an object to be manipulated. The real harbingers of destruction to our monetary system are not targeting money itself but the means of obtaining it. Corporate espionage, although not as evident as $200,000 going missing, is definitely worse. Back in October 2014, “JPMorgan Chase, the biggest US bank by assets, witnessed the addresses, names, telephone numbers and emails of a whopping 76 million homes—equivalent to a tad under two-thirds of all households in America—being compromised in a cyber attack,”[8] according to Roger Aitken, in an article on the Forbes website. Then in 2017, “Equifax, one of three major credit reporting agencies, revealed that highly sensitive personal and financial information for around 143 million U.S. consumers was compromised in a cyber-security breach that began in late spring,” The Atlantic reported.[9] Even though this has nothing to do with real money or cash, it has several implications that cannot go unnoticed. The power of information is sometimes greater than the satisfaction of immediate gratification. Kurt Baumgarten, head of Information Security & Technology Management at Linedata in Boston, said, “According to some recent figures [on cybercrime] the global figure has been put at around $200 billion (bn) annually. Or, looking at it from the retail level $670m in associated costs through theft, time loss, identify theft, etc.”[10]

Having 76 million identities is definitely worth more than $76 million. Cybercriminals are using espionage and the information they gather to steal more money from the financial system while going unnoticed. This could be as simple as acquiring an identity and using it to learn that a company’s stock is going to go up, and then investing in the stock legally. Unless someone prosecutes them for identity theft, which is highly unlikely, the criminal will have effectively gotten away with it. Aitken cites Mark Brown, executive director of Cyber Security & Resilience at London-based Ernst & Young, commenting on how much financial institutions spend addressing cybercrime and whether it’s ever enough. “The problem is not so much how much firms spend [on this area],” Brown says, “but rather how they spend it and ensuring they get the right product and/or right advice.” Aitken goes on to say, “Knee-jerk reactions and throwing constant pots of money at the problem is not the answer. Firms need to sort out their governance, awareness, their organizational culture and critically ‘look at the business purpose and processes,’ according to EY’s Brown. But whatever else, one thing you can be certain over is that the threat of cyber attack is not going away anytime soon. I’m just left wondering when and where the next cyber attack occurs.”[11] Industries have to focus on educating their employees, training their staff, and securing their buildings, because the worst cyber attack will not be a direct attack on their finances but rather a leak of private information.

So how much is this costing us currently? “Juniper research recently predicted that the rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019,” Morgan says.[12] At this point there is no way to escape the reality that hackers and criminals are affecting the global monetary structure of the world.

This investigation has started at the user level and traversed through the system level to demonstrate the effect of cybercriminals on our markets. There is no clear-cut way to stop this phenomenon. Only by making individual users understand the implications of computer crime can we prevent large breaches or changes to our system. In a world of rapid digitalization, people are shifting toward the “Internet of Things” without understanding what that means. Too many of us use the same passwords for all our accounts, trust the security of emails and texts as much as landline phone or face-to-face conversations, and find comfort in our plastic debit and credit cards. Not everyone can be a superuser, but everyone should seek to become a proficient user.

In terms of digitalization, a brief look at India yields some interesting insights. The prime minister of India announced recently that the country would stop printing and circulating large bills to stop counterfeiting, black market trading, and corruption. “To break the grip of corruption and black money, we have decided that the 500 and 1,000 currency notes presently in use will no longer be legal tender from midnight tonight, that is Nov. 8 2016,” Narendra Modi announced. “This means that these notes will not be acceptable for transactions from midnight onwards.”[13] India is encouraging its population to shift to the Internet, ATMs, and banks to store their money. This sounds like a good way to end corruption and counterfeiting, yet a large part of India’s population is unaccustomed to using the Internet. For the village farmer who has used cash his entire life and stores it under his bed, shifting to the Internet will mean choosing a password and a bank. If this farmer’s account were to be hacked, there is no way he would ever get his money back in the current infrastructure of India’s financial system. We are at the forefront of a major shift in the operations of the world, yet we are not spending time or money to educate our Internet users. If the Internet is the Wild West, then we are living in a lawless, unregulated, and corrupt region hardly encompassed in a lawful and very regulated society.

Sources

[1] Cyber security: Threats to the financial sector. (2011, September 14). Retrieved November 22, 2016, from https://archives.fbi.gov/archives/news/testimony/cyber-security-threats-to-the-financial-sector

[2] Cyber security: Threats to the financial sector. (2011, September 14). Retrieved November 22, 2016, from https://archives.fbi.gov/archives/news/testimony/cyber-security-threats-to-the-financial-sector

[3] Cyber security: Threats to the financial sector. (2011, September 14). Retrieved November 22, 2016, from https://archives.fbi.gov/archives/news/testimony/cyber-security-threats-to-the-financial-sector

[4] Cyber security: Threats to the financial sector. (2011, September 14). Retrieved November 22, 2016, from https://archives.fbi.gov/archives/news/testimony/cyber-security-threats-to-the-financial-sector

[5] Cyber security: Threats to the financial sector. (2011, September 14). Retrieved November 22, 2016, from https://archives.fbi.gov/archives/news/testimony/cyber-security-threats-to-the-financial-sector

[6] Retrieved November 22, 2016, from http://www.forbes.com/sites/stevemorgan/2016/01/17/cyber-crime-costs-projected-to-reach-2-trillion-by-2019/#5ec568333bb0

[7] Retrieved November 22, 2016, from http://www.forbes.com/sites/stevemorgan/2016/01/17/cyber-crime-costs-projected-to-reach-2-trillion-by-2019/#5ec568333bb0

[8] Aitken, R. (2016, February 25). Cybercrime looms as biggest “disruptive threat” to finance markets. Forbes. Retrieved from http://www.forbes.com/sites/rogeraitken/2016/02/25/cybercrime-presents-biggest-disruptive-threat-to-finance-markets-looms-large/#1643315e51c3

[9] White, G. B. (2017, September 7). A Cybersecurity Breach at Equifax Left Pretty Much Everyone’s Financial Data Vulnerable. Retrieved January 18, 2018, from https://www.theatlantic.com/business/archive/2017/09/equifax-cybersecurity-breach/539178/

[10] Aitken, R. (2016, February 25). Cybercrime looms as biggest “disruptive threat” to finance markets. Forbes. Retrieved from http://www.forbes.com/sites/rogeraitken/2016/02/25/cybercrime-presents-biggest-disruptive-threat-to-finance-markets-looms-large/#1643315e51c3

[11] Aitken, R. (2016, February 25). Cybercrime looms as biggest “disruptive threat” to finance markets. Forbes. Retrieved from http://www.forbes.com/sites/rogeraitken/2016/02/25/cybercrime-presents-biggest-disruptive-threat-to-finance-markets-looms-large/#1643315e51c3

[12] Retrieved November 22, 2016, from http://www.forbes.com/sites/stevemorgan/2016/01/17/cyber-crime-costs-projected-to-reach-2-trillion-by-2019/#5ec568333bb0

[13] Kumar, N., & Delhi, N. (2016, November 28). India: Economic fallout of cash ban sparks concerns. Retrieved November 28, 2016, from http://time.com/4583100/india-cash-rupee-500-1000-ban-modi-economy/