IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Why cybercrime will always need humans

Kaspersky finds robots won't ever replace hackers completely

Hand casting a shadow over a keyboard

Forget automation, cybercrime still needs a human touch. 

With robotics and automation taking over researchers believe as many as five million jobs could disappear by 2020 it may seem as though high-tech jobs risk losing the personal touch. 

Consider the Metel cybercrime gang, revealed yesterday at Kaspersky's Security Analyst Summit, currently taking place in Tenerife.

The banking fraud group targets spear-phishing emails at employees of financial firms, in order to get access to payment processing computers. But rather than simply transfer funds to digital accounts, Metel sends its colleagues in crime to bank machines in person, where they take money out using a specific card.

Then, hackers who are watching for the card number to pop up on the payment processing computer click to cancel the transaction they actually sit there, clicking like mad, said researcher Sergey Golovanov, a Kaspersky researcher.

That highlights one problem with cybercrime that automation cannot seem to help with - laundering the cash. Indeed, another infamous hack shows how one group of cybercriminals also turned to human labour to attempt to solve that problem.

The hackers behind the Shylock attacks which spread via Skype needed help laundering the cash they had stolen, so they advertised for help online, said Adrian Nish, head of cyber intelligence systems at BAE, also speaking at the Kaspersky show. 

Nish showed a screenshot of a job ad for an "e-commerce representative". The requirements were odd: applicants would need internet access, no criminal record, and a verified PayPal account. 

"What they're doing is recruiting people who may think they're working from home, doing a job transferring money for legitimate businesses, but actually it's money laundering," Nish said. 

The money mules even get training though it's not "advanced stuff", said Nish. "It's questions like, if the bank asks who sent you this money, who knows to answer yes'." 

"Effectively these guys were running a human botnet of people that employed through work from home type jobs to actually do the cash out," Nish said. 

Longer term, is the future of cybercrime more or less human? 

Andrey Nikishin, future technologies projects director at Kaspersky, said getting money will always be the weakest link and will always require a person, even if cybercrime does become increasingly automated.

"The only way to do it is with money mules. All of the rest could be automated like criminals as a service," Nikishin told IT Pro on the sidelines of the conference. "But the last and most dangerous to be caught is the money mule."

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Protecting healthcare from cybercrime
Whitepaper

Protecting healthcare from cybercrime

25 May 2022
The truth about cyber security training
Whitepaper

The truth about cyber security training

25 Apr 2022
The truth about cyber security training
Whitepaper

The truth about cyber security training

25 Apr 2022
The Total Economic Impact™ of Mimecast
Whitepaper

The Total Economic Impact™ of Mimecast

25 Apr 2022

Most Popular

FCC commissioner urges Apple and Google to remove TikTok from app stores
data protection

FCC commissioner urges Apple and Google to remove TikTok from app stores

29 Jun 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022