We have a habit of profiling major cyber crimes in this space. The breaches that grab our attention, foreshadow coming doom – and so on and so forth. It’s important to remember, however, that there are real people behind these attacks.
Real people who can be caught red-handed.
The London Metropolitan Police’s Falcon cybercrime unit recently announced the arrest of a British man for stealing up to £840,000 ($1 million) in an online banking fraud scheme.
Tomasz Skowron launched a malware attack in December 2014, targeting computers around the world. Notably, several companies in Australia were affected and forced to make payments.
To facilitate this, Skowron set up a “money mule” system of bank accounts to which the stolen money would be sent, then laundered and passed the funds on to his newly set up account.
Unfortunately for Skowron, he made one little mistake; he did this all using a system with an IP address tied to his home. This allowed police – through cooperation with the companies he scammed – to track it all back to Skowron. Along with this crime, he was also found to have connections to an April 2014 attack against UK construction companies.
The investigator on the case, Detective Constable Jody Stanger, noted that, “Skowron played a significant part in a wider criminal network that was responsible for several high-value frauds using malware. The proceeds of this fraud were then laundered through an organized money mule network. This conviction and sentence is the culmination of a long and complex investigation and shows that we will relentlessly pursue criminals involved in serious and organized crime online.”
The London Met has yet to release what kind of malware Skowron used during these attacks, but his arrest and conviction shines a positive light on cybersecurity best practices and exactly who these attackers are.
It can be difficult to discuss these cyberattacks in human terms. Malicious code is released and goes on a rampage, leaving businesses crippled. But behind this code are individuals, humans who are just as prone to making mistakes as anyone else. It can feel like the cybersecurity fight is always going uphill, battling against insurmountable forces. That’s not quite true.
By taking proper precautions – including backup, breach preparedness, social engineering tactics and more – you can stop these attackers. Remember: they’re only human, and they can be caught. Prepare your business and don’t let them win.