27-11draft
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
IS NOW<br />
Combining thermal security cameras with video management systems.<br />
www.flir.com<br />
Untitled-20 1 18/02/16 10:18<br />
business and the internet:<br />
Net example<br />
Spanish police recently<br />
arrested a Spanish<br />
national who acquired<br />
gas pistols from<br />
the open web, and<br />
converted them in his<br />
garage workshop by<br />
inserting new barrels,<br />
erasing serial numbers<br />
and concealing<br />
the weapons in<br />
packages to pass<br />
security checks; sold<br />
on AlphaBay, since<br />
taken down by the US<br />
authorities.<br />
UNHAPPY<br />
‘Generating awareness<br />
that the exploitation of<br />
adults and children is<br />
happening in Scotland<br />
today is key to bringing<br />
it to an end.’<br />
SNP Cabinet Secretary<br />
for Justice Michael<br />
Matheson on human<br />
trafficking.<br />
Walking the ‘Dark<br />
Web’ beat<br />
In an anonymous survey of the<br />
audience at the Retail Risk conference<br />
last month, most said that they monitor<br />
social media related to their brand.<br />
What about the ‘Dark Web’ though -<br />
do you need to swim a little deeper?<br />
If so, Gary Hibbert, of Agenci, told<br />
the e-commerce part of the event,<br />
you need to unlearn what you think<br />
you know, because, as he put it, your<br />
ignorance is ‘their’ - the Dark Web<br />
users’ - power. He did recommend you<br />
start monitoring what is said about<br />
your company on the Dark Web; but<br />
websites come and go so quickly, it’s<br />
difficult to find reliable information,<br />
he added. And be very careful about<br />
downloading the anonymous network<br />
Tor and putting that search on your<br />
corporate network; in case you click on<br />
‘something bad’. Also, if something’s<br />
not named on the Dark Web or is called<br />
something like ‘dark candy’, ‘enter<br />
at your peril’, Gary advised, ‘because<br />
what you see cannot be unseen’.<br />
Make it personal<br />
If a corporate does want to access the<br />
Dark Web, with caution, a separate<br />
network is basic. Gary does that in a<br />
home ‘lab’ for his own work. A point<br />
made from the floor, that Gary agreed<br />
with, was how hard it is to get across<br />
that cyber is not just an IT issue.<br />
Besides the data, the zeros and ones,<br />
Gary urged security professionals<br />
to make it a personal message, with<br />
anecdotes, with real-world impact; on<br />
you, your wives and children’s data,<br />
and the protection of their identities. p<br />
taking down the<br />
‘mr big deals’<br />
Visa as a payments card<br />
company does not get hit<br />
by fraud; its customers such<br />
as banks and merchants, and their<br />
customers, spenders by card, do. So<br />
why is it doing ‘days of action’ against<br />
various fraudsters, and seeking to go<br />
further and make such days ‘business<br />
as usual’? Debbie Grant, senior policy<br />
lead at Visa Europe, explained that to<br />
Retail Risk.<br />
Airline fraud<br />
A typical ‘card not present’ fraud is<br />
for the buying of airline tickets with<br />
compromised or stolen credit cards;<br />
by criminals with links to illegal<br />
immigration, fake identities and drug<br />
trafficking. Or, the fraudsters do not<br />
even fly on the tickets, and instead<br />
stock up on duty-frees. Europol, the<br />
European Union’s police agency,<br />
for the last couple of years has<br />
co-ordinated international ‘days of<br />
action’, and about 1000 have been<br />
arrested globally so far. Last year,<br />
Debbie contract the Dedicated Cheque<br />
and Plastic Crime Unit (DCPCU)<br />
for similar work on ecommerce.<br />
Visa does this as an umbrella body<br />
that banks tend to listen to, and will<br />
share data with, more readily than if<br />
a rival bank suggested it. Nor does<br />
Visa like its name or products used<br />
by criminals. Briefly, banks fund the<br />
DCPCU of Met and City of London<br />
Police officers. Merchants had to<br />
provide such details as order numbers,<br />
delivery addresses, card-holder name,<br />
and description of what they were<br />
buying and investigators had to look<br />
for. Several organised crime groups set<br />
up Instagram profiles, with names such<br />
as ‘Mr Big Deals’, that, Debbie said,<br />
might have 100,000 followers.<br />
Crying over laundry<br />
Debbie described one arrest by police<br />
that she accompanied, after a retailer<br />
gave intelligence. A search of the<br />
suspect’s property came up with sixfigure<br />
losses from various retailers;<br />
evidence of money laundering; and<br />
a link to the man’s nephew. Police<br />
searched his premises also. With a list<br />
from retailers of what they’d delivered,<br />
police were able to go around the<br />
house and match goods. The nephew<br />
had keys for a Mercedes. He admitted<br />
that the car was given by his uncle,<br />
only to be told that police could seize<br />
it, under proceeds of crime law. At<br />
that, the nephew cried, Debbie related<br />
(with glee; she lacked sympathy!).<br />
Half price<br />
But back to those Instagram accounts<br />
that promise half price deals on what<br />
you buy online, whether from John<br />
Lewis, Amazon and the like. How<br />
does that work out? You place the<br />
order with those ecommerce sites;<br />
contact ‘Mr Big Deals’, and give<br />
your account details to that fraudster<br />
- because it is, as something too good<br />
to be true, a fraud, as Mr Deals (if that<br />
is his real name) pays for the goods<br />
with a compromised card. Once you<br />
receive the goods, you (naively or<br />
knowing full well it’s dodgy) pay the<br />
agreed half price. Debbie said that<br />
it’s very difficult for police to have<br />
such sites taken down, due to the<br />
legal hurdles. But if a retailer’s goods<br />
are advertised on such sites, and the<br />
retailer complains of infringement<br />
of intellectual property, the likes of<br />
Instagram will take it down in 24<br />
hours, Debbie reported. Some 26<br />
countries took part in a ‘day of action’<br />
last year; and US law enforcers have<br />
provided some similar Instagram<br />
sites, brought up from their ‘dark<br />
web’ searches. Visa is working against<br />
similar frauds for online travel, and<br />
gambling. While ‘days of action’ make<br />
good publicity, against other serious<br />
crimes too - such as organised car theft<br />
and export - security managers make<br />
the point that they would rather have<br />
such policing done all the time, rather<br />
than the authorities dashing from one<br />
‘day of action’ to the next. Debbie too<br />
pointed out the disadvantage that by<br />
waiting for an annual ‘day’ to come<br />
around, evidence may turn cold. p<br />
New areas: RFID, data mining and artificial intelligence are the new technology<br />
areas that the Retail Risk audience was most interested in, according to the end of<br />
day anonymous survey. p<br />
56<br />
NOVEMBER 2017 PROFESSIONAL SECURITY<br />
www.professionalsecurity.co.uk<br />
p56 Networkb <strong>27</strong>-11.indd 1 10/10/2017 16:31