Mid Wales

Wales e-crime cost nears £1bn and sparks security fears

Computer
Image caption Experts say criminals are using pressure tactics to encourage people to allow them remote access

Police across Wales have warned that electronic crime has tripled in the past year, and has reached the extent that it now threatens national security.

Statistics, produced by e-Crime Wales, a task force formed from the four Welsh police forces in conjunction with academics and the assembly government, estimate the cost was £974m in 2010, up from £373m the previous year.

But the amount can only be calculated by proportional calculations from the UK figure of £27bn, and e-Crime Wales warned that in reality this could just be the tip of the iceberg.

However, experts say that the international nature of the crime means that Welsh figures cannot be viewed in isolation, as they are simply part of a much wider and more sinister agenda.

Karen Burch, business e-crime officer for Dyfed-Powys Police, said: "As well as financial gain, often the true aim of IT scams is to take remote control of your computer.

"That could be because the real goal is to establish a "bot net" of domestic computers, which could be used against the UK for purposes of cyber-terrorism.

"With the Olympics coming up next year, we need to be more aware than ever of the danger posed by an attack on our infrastructure, and the vast disruption that could cause.

"Roads, railways, the power grid and utilities are all computer controlled, and would be attractive targets for anyone who'd want to do us harm."

One scam is the 'Microsoft cold call' fraud, where criminal gangs ring up claiming to be investigating issues of piracy or breaches of security on behalf of the computer giant.

They use pressure tactics to encourage people to allow them remote access to their machines. Once in, they install spyware to steal passwords and take control.

However, a key breakthrough in the international investigation came in Aberystwyth, when the criminals picked on the wrong person.

Cold-callers rang the mother of Alan Woodland - a computer science lecturer from Aberystwyth University - who decided to try to catch them in the act.

Image caption Alan Woodland saw messages like this pop up on his screen and raised the alarm

"My mother got in touch with me, after she received a call from someone claiming to be from Microsoft, telling her that they needed urgent remote access to her computer to install a security patch," he told BBC Wales.

"So I set up a dummy computer and logged their every move, while they infected the machine with spyware; and even had the cheek to try and charge my mother for it.

"We were lucky, my mother was on the ball, and I've got a background in computers, but everyone can protect themselves with a few simple security steps and a bit of common sense."

Ms Burch added: "The primary aim of the Microsoft scam may not be financial.

"Whilst they have asked for credit card details and some money has been stolen, they are also retaining remote control of the computer.

"Anyone realising they have been a victim of this scam needs to take the computer to a professional to have any 'remote access' software removed, to ensure it cannot be used without their consent."

Yet breakthroughs like Mr Woodland's are few and far between, and e-Crime Wales advise that prevention is better than cure while the criminals remain one step ahead.

"You wouldn't go on holiday and leave your keys in your car and your front door wide open, so why would you leave your wireless network unsecured, your computer without virus protection and your important documents and files without passwords?"

Det Sgt Andrea Barnard, North Wales Police's business liaison officer, said: "It really can be even more dangerous than that, because as well as your belongings, you can also lose your identity and your intellectual property - and with the criminals involved often overseas where we're unable to extradite them - there's a chance you'll never get them back."

Over half the e-crime recorded in Wales last year came from intellectual property theft and industrial espionage.

Image caption Nigel Perring had years of business records and contacts stolen by a disgruntled employee

Nigel Perring, a chartered surveyor from Cwmbran, had 18 years' worth of his business records and contacts stolen by a disgruntled employee, after he was forced to let him go during the recession.

"In many respects you could say I was extremely naive. I allowed an employee to set up my entire IT system, and didn't make sure I'd made it secure after I was forced to lay him off," he said.

"But I come from an era when if something was locked in your office then it was safe.

"I'm happy to accept my share of the blame, but when the thefts were being investigated the internet service providers were deliberately obstructive, and seemed more interested in protecting the criminal's personal data than co-operating with the investigation."

"And when he was eventually prosecuted, he got off with a couple of hundred pounds fine under the Computer Misuse Act, and is back working in the IT industry."

"When e-crime is so easy to commit, so difficult to detect, and so lightly punished when it does make it to court, then I'm not surprised that it's tripled in a year."

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites