The criminals of today have an ideal playing field – the online world. And whether consciously or not, geeky wrongdoers tend to imitate the patterns of past felons. Interview with Jérôme Blanchart, author of Crimes du futur (Crimes of the Future).
Is the history of crime perhaps just an eternal process of reinvention? Phishing, spam, ransomware – the online scourges of recent years are actually an echo of past criminal exploits. Jérôme Blanchart, a crime historian and journalist who is Deputy Editor-in-Chief of the magazine Sciences & Vie Junior, delves deeply into the subject in his book Crimes du futur (Crimes of the Future), published by Premier Parallèle. This interview was originally broadcast (in French) on L’Atelier numerique on the BFM Business channel.
L’Atelier: You explain in your book how, by connecting us with one another, the digital revolution is giving rise to a new type of criminal…
Jérôme Blanchart: Well, if you look back into history, you can see that criminals have always been early adopters of new technology. I like to make the parallel with the ‘Bonnot Gang’. They were among the first to make use of ‘getaway cars’ after their armed robberies while the police pursuing them were on bicycles or horseback. Bonnot was a veritable geek before the term was invented. He was a car mechanic and he took great care to ensure that the limousine he stole could really burn up the road.
Modern-day criminals have grasped the fact that the Internet, social networks and the rest offer new avenues that can be quite rewarding. These people are often pretty geeky.
Apparently the criminals of today are still using tricks that are centuries old. And there’s one scam – the ‘Spanish prisoner’ – which has found its second wind…
Ah, yes. This one’s very funny. It was [French criminal-turned-private-detective] Eugène François Vidocq who first made mention of this trick. Some prisoners held in jail in Nice used to write chain letters – the ‘spam’ of the day – and send them to gentlemen, pretending to be a beautiful woman being held against her will in Spain and begging for a few pieces of gold to help her escape captivity. You can immediately recognise the pattern. It’s used today in spam messages. There’s what is known as the Nigerian 419 scam and then there’s also the Russian woman down on her luck who’s trying to get over to Western Europe… The only difference is that the scale of the thing has been stepped up, it’s been automated. The success rate is low – just 0.1% of recipients fall for the trick – but it doesn’t take much effort either.
Another well-known approach is ‘your money or your life!’ – i.e. holding people to ransom
Yes, this is going to be the main basis for all cybercrime. It’s really beginning to take off. Ransomware is a direct way of making money from stolen data.
To date the traditional procedure of cyber-criminals has been to steal bank card numbers en masse and then link up with criminal networks in other countries to make payments. That requires quite a lot of infrastructure – extracting payment at a great distance from the actual theft, accumulating card numbers, selling them, and so making money for the criminals. It’s a long, complicated business. Ransomware has really simplified the payoff cycle. This virus – the ransomware – finds its way into your computer. Your data is frozen and they demand an entirely reasonable sum of money to restore it. The actual data – mostly personal stuff, such as holiday photos – is of no value whatsoever to the cyber-criminal and there’s no profit to be made in selling it. Instead the pirate goes straight to the owner, for whom the data will have sentimental value.
A survey conducted by Bitdefender, an IT security firm, revealed that on average, French people were willing to pay €190 for the data on their computers. So right there, as with the Spanish prisoner scam, you have a business model. And not only that. These cyber-criminals know what rate to charge – neither too high nor too low!
So we’re now seeing the ransomware approach used to target other victims – companies, hospitals, police departments. Last January a Californian hospital had its servers blocked and was forced to pay out a ransom of $17,000. Local police departments in the United States have also been immobilised. This is utterly Machiavellian because they have a choice between paying a ransom to criminals and losing all the files that will enable them to catch other criminals.
And while we’re talking about the police, and Machiavellian tricks, another type of ransom demand has come into use…
Yes, this has become quite widespread. Back in 2014 we began to see the use of malware that would freeze a computer and display a screen purporting to be a notice from the national police warning you that you have downloaded files from the Internet illegally, a misdemeanour which incurs a small fine. Not a ransom of course! In this case, the criminals are counting on the fact that lots of people do in fact download files illegally.
And of course, looking ahead, we can certainly expect to see a new rich vein for the cyber-criminals, based on the growth of the Internet of Things, a fully connected world. A researcher in the United States amused himself by infecting connected vehicles with a virus capable of spreading in epidemic fashion. He was able to demonstrate that with the connected cars we have today, the virus is capable of taking control of around 60,000 vehicles, just like that…
So, Jérôme, will we have to stop innovating, close down the Internet?
Well, I haven’t found a solution yet. From an individual point of view I would recommend something quite simple: don’t open just any file you receive and be aware of what might happen. Most of these attacks are perpetrated by going through people who are not aware of these risks. That’s the reason I wrote my book. It’s intended as a wake-up call. But in any case, we do have to go on innovating.
To continue the excitement and delve deeper into the subject, why not read (in French only) Crimes du futur by Jérôme Blanchart, published by Premier Parallèle?