Collateral Damage
The disruptive and disorienting nature of the COVID-19 pandemic has given rise to record-breaking levels of cybercriminal activity. The Federal Bureau of Investigation reported last April a 400 percent increase in complaints about cyberattacks a month into the crisis. David Maimon, associate professor in the Andrew Young School’s Department of Criminal Justice and Criminology, heads the university’s Evidence-Based Cybersecurity Research Group. Their goal: to better understand the cybercrime ecosystem, working closely with industry and the federal government.
“Organized criminals and terrorists thrive in times of chaos and uncertainty,” he says, and as the dust settles on the pandemic, the scale of the problem is coming to light. Here, he discusses some of the COVID-related scams and schemes the Evidence-Based Cybersecurity Research Group has been tracking.
Hunkered down during the pandemic, we’ve all been spending a lot of time online. Has that provided new opportunities for hackers?
Absolutely. The COVID-19 pandemic has caused a significant disruption to our work lives and our home lives, and we’re more dependent than ever on our devices. Would-be criminals are taking advantage of that. With the mass shift to remote work, for example, all the bad guys need to do is hack into our home network and they can get into the organization networks that we connect with on a daily basis. Individuals and companies are very vulnerable right now, and we’ve seen a corresponding uptick in hacks, phishing and ransomware attacks.
We need effective, comprehensive strategies to fight cybercrime, and one of the things our group does is try to understand which tools and tactics work and which ones don’t work. We’re currently compiling a database of all the cybersecurity companies in the world — more than 3,600 — to assess the effectiveness of their products. We’re also trying to help the insurance industry calculate premiums for companies that are in the market for cybersecurity insurance. We’re doing that by studying criminal and civil cybercrime cases that have been prosecuted in the U.S. to better understand the characteristics of companies and individuals who were victimized.
Your group is in the midst of a yearlong study of cryptomarket scams related to COVID-19. Has the pandemic changed the type of goods for sale on illicit markets?
We sit on many darknet platforms and markets, plus more than 1,000 encrypted communication channels where criminals post about illegal commodities. We know that these underground markets tend to flourish in times of crisis, and at the beginning of the pandemic, we did see vendors exploiting the global shortage of items like N95 masks and other personal protective equipment. We observed criminals who had been selling illegal drugs adapt and pivot to selling thermometers, face masks and hand sanitizer. Eventually though, when legitimate markets were able to meet demand, illicit markets stopped offering these types of commodities.
We’ve also seen markets for drugs like Remdesivir or hydroxychloroquine, the anti-malaria medication that, although ineffective against COVID-19, was embraced by President Trump. Now we see people saying they have COVID-19 vaccine doses for sale. We are collecting data about the operations of these illicit supply chains — including how they have adjusted to the crisis — to help authorities develop new strategies for disrupting their activities.
Congress has approved huge infusions of government money for pandemic relief. Is that money vulnerable to fraud schemes?
We’ve seen a massive increase in the volume of online fraud, specifically fraud targeting government money that was allocated to deal with the pandemic. As Congress was discussing the relief bills, we saw criminals posting updates and contemplating the opportunities there for them to perpetuate fraud. Criminals have filed fraudulent requests for COVID-19 relief using stolen personal information and set up fake websites purporting to help people apply for government loans or receive stimulus funds. We started tracking small business loan frauds fairly early on and have been able to tip off the Department of Justice about these schemes starting last May.
We also have developed heat maps that show the progression of these frauds over time. The number of fraud schemes started out small in late spring with a few scams reported in a few states. Then, starting in August, the numbers began to climb and then they really exploded in the fall.
During the pandemic, political extremists committed high-profile crimes at the U.S. Capitol that were coordinated and documented online. Are you monitoring the cyber activity of extremist groups?
Yes, and we’re actively working with law enforcement agencies to help provide intelligence and evidence related to the Capitol siege that has resulted in some indictments. We’ve also just begun collaborating with Georgia State communication professor Mia Bloom, who studies terrorism and extremism, to explore radicalization on online platforms. We sit on many white supremacist group channels and we’re studying the weaponization of conspiracy theories and misinformation and how it’s leading to radicalization.
We’re also looking for links between established online criminals and extremist groups. We know that some of the money being made from cybercrime is ending up in the pockets of white supremacist groups and terrorist groups, and we want to better understand these relationships.