• by Ray Schultz , Columnist, September 20, 2018

Technology is fueling all manner of cybercrime, from credit card skimming to extortion of money from data breach victims, according to the Internet Organised Crime Assessment 2018, a report by Europol.

And far from helping, GDPR and other privacy laws could actually hamper investigation of these crimes. 

For one thing, regulatory measures such as GDPR and the NIS Directive are limiting law enforcement’s ability to access data. In addition, the redacting of all personal data from WHOIS records is “significantly hampering the ability of investigators across the world to identify and investigate online crime,” the report states. 

There certainly is a lot to investigate. Among the many forms of criminal mischief are:

• Ransomware — While growth is slowing, ransomware is “still overtaking banking Trojans in financially-motivated malware attacks.”
• Child sexual exploitation — This is growing, with the most extreme material being found on the dark net.
• DDos — This means distributed denial-of-service attacks, an increasingly common form of attack because it is “low-cost and low-risk,” the report states.
• Card-Not-Present fraud — Skimmed credit-card data is often sold on the dark net, but it is decreasing, thanks to geo-blocking technology.
• Cryptocurrency crime — Criminals are abusing cryptocurrencies to fund their activities, and hacking currency exchangers, mining services and other “wallet-holders.”
• Social engineering — Email phishing is the most frequent form of this crime, along with vishing (via telephone) and smishing (via SMS). Bad actors use these tools to obtain personal data, steal identities and obtain money.
• Cryptojacking — An emerging form of cybercrime, this is the exploitation of internet users’ bandwidth and processing power to mine cryptocurrencies.
• The Darknet — This continues to serve as a free market for criminals, despite the closing down of three of the largest dark net markets in 2017: AlphaBay, Hansa and RAMP.

As if all that wasn’t bad enough, here’s the most bizarre thing: That steep GDPR fines for data breaches could lead to “scenarios where hackers may try to extort companies over their data loss,” the report states. “While this is not new, it may be that the hacked companies would rather pay a smaller ransom to a hacker for non- disclosure than the steep fine that might be imposed by their competent authority.”