Computer security company Symantec says cybercrime cost New Zealanders $463 million in the past year but the firm has come under pressure to back up what some believe to be wildly inflated claims.

Its 2012 Norton Cybercrime Report estimated the global losses at US$110 billion (NZ$135b), and said no fewer than one in seven social network users reported that someone had hacked into one of their profiles and pretended to be them.

The estimates were extrapolated from responses to an online survey filled in by about 13,000 internet users, including 500 New Zealanders.

InternetNZ chief executive Vikram Kumar said such surveys were not reliable. People would be more likely to fill out such surveys if they had been a cybercrime victim.

The report highlighted that there were no credible vendor-neutral sources of information, he said.

"If you don't know the size of the problem, you don't know the size of response needed. I haven't seen this particular survey, but every vendor survey I have seen so far, when you look at the methodology, it is really questionable."

Last month, internet safety charity NetSafe said New Zealanders had reported being defrauded out of $982,000 by cybercriminals - losing almost two-thirds of that to dating frauds - though it believed that significantly under-reported the scale of the total losses.

Symantec is one of the world's largest suppliers of personal computer security software. Visiting Wellington, Asia Pacific vice-president David Freer acknowledged it had an interest in raising "awareness" of the cost of cybercrime but said the research had been independently done on behalf of the company.

Its figures did not include the value of the time computer users lost dealing with frauds. Last year Symantec put that at an additional US$274b, about the same as the estimated value of the entire global drugs trade.

Veteran United States technology journalist Constantine von Hoffman ridiculed that claim in a blog last week, saying the figure was essentially made up.

Freer said Symantec had this year stuck to trying to calculate direct costs of cybercrime as "the last thing it wanted" was its analysis of the trends to be drowned out by controversy over the credibility of its numbers.

The main trends Symantec had observed were a rise in frauds conducted through mobiles and social networking services, he said.

Mobiles were becoming fraudsters' "vector of choice" because they contained a billing mechanism - their owners' cellphone account.

One fraud that was becoming more prevalent overseas involved using the offer of discounts to con people into signing up for premium text-messaging services.

IS YOUR SMARTPHONE SPYING ON YOU?

Mobile phones are now threatened by malware that can let hackers listen to calls, view texts and see their owners' location, says Otago University academic Hank Wolfe.

Giving a keynote address at an Information Systems Audit and Control Association conference in Wellington yesterday, he said such malware could even remotely switch on the microphones on cellphones, turning them into devices that could be used to bug face-to-face conversations whenever a victim's mobile was turned on.

Otago University had tested such spyware that could be bought online for as little as $50 and manually installed on phones. However, malware could also be remotely downloaded to mobiles using wireless technologies, such as Bluetooth, Near Field Communications (NFC) and possibly even via text message, meaning physical access to a victim's phone was not always necessary, Wolfe said.

"Just a couple of weeks ago a guy by the name of Charlie Miller was able to show he could use NFC to ‘push' a website to a cellphone and if the cellphone had Android Beam on it, it would automatically connect. If the ‘bad guy' had a special website set up, it could do whatever he wanted to your phone - conduct surveillance, pick up whatever information was on it."

Android Beam is an app that lets smartphone users quickly transfer information between phones using NFC.

Firewalls, similar to those installed on most personal computers, would soon be on the market that could prevent mobiles uploading personal information to rogue "apps". But people might weigh up the risks and legitimately conclude they were not a target, Wolfe said.

Hackers often infected PCs to turn them into "botnets" capable of sending out spam and launching denial-of-service attacks. Most smartphones, while still subject to the same vulnerabilities, are not as powerful as PCs, meaning the biggest threat was to "higher-value" targets such as the rich or famous, politicians and people subject to vendettas, he said.

‘‘If you have got some enemies maybe you are a target. If you don’t, maybe not.’’

- © Fairfax NZ News

Comments