Cyber crime costs Colombia’s economy hundreds of millions of dollars and affects up to six million Colombians every year, according to some estimates. How can the government combat this rapidly evolving threat?
A booming technology market of smartphones and portable devices and a rapidly rising number of Colombian internet users — currently over 9.5 million, up two million from last year, according to government statistics — has opened the doors for criminal organizations, fraudsters, and opportunists to cash in on (pdf) a profitable and difficult to trace form of crime.
There are many ways in which criminal groups and individuals engage in and profit from cyber crime. Aside from straight theft, cyber crime can involve activities such as creating websites for child pornography or to lure people into forced labor and sex slavery, and virtually “kidnapping” external computers to demand a ransom payment from the user in order to regain access to their personal information. According to Andres Guzman, the head of leading Colombian IT security firm Adalid, the definition of cyber crime is so broad it can even include sending extortion emails and communicating for criminal purposes.
SEE ALSO: Coverage of Cyber Crime
However the most common form seen in Colombia, according to Guzman, is online information theft, or “phishing,” by which criminals steal sensitive personal data, usually in order to take money from the victims’ bank accounts — a crime he says has cost some of his clients $1 million.
Colombia currently ranks as the worst country in Latin America and eighth in the world for phishing, according to a recent report by the EMC Corporation’s security service (RSA) (pdf). The study revealed that in 2013, 43 percent of all phishing in the region took place in Colombia, causing losses of $95 million.
According to a 2013 report on fraud in Colombia by KPMG (pdf), criminal groups are currently responsible for around 17 percent of cyber crimes in Colombia, while the majority — 61 percent — are committed by employees, either working with outsiders, colleagues or on their own. According to Guzman, the percentage of crimes involving complicit employees is even higher — his figures indicate that 87 percent of all internet thefts within a company involve the passive or active complicity of internal employees. This can range from criminal groups bribing the cleaner for inside information or to plant dirty USBs, to intimidating workers into leaving a virtual backdoor for intruders to enter the company’s system.
While arrest rates remain low compared to the number of crimes committed, they are at least rising. According to a June 2014 report by the Organization of American States (OAS) (pdf), the National Police captured 422 cyber criminals in 2013, up from 323 in 2012 and 252 in 2011. Meanwhile, the Police Cyber Center unit (CCP) responded to just over 1,600 cyber attacks.
Playing Cyber Catch Up
Colombia has taken some steps to combat cyber crime. In 2009, Congress passed a new law that created and defined criminal offenses specific to cyber crime.
However, Alexander Diaz Garcia, a new technology specialist and state judge who helped draft the law, told InSight Crime that persuading politicians of the necessity of the reforms was no easy task, and that serious challenges remained in improving the capacity of the authorities to take action.
“The importance of implementing […] policies has been underestimated,” he said, pointing to a lack of appropriate training for security forces and the judiciary.
Nevertheless, according to Diaz, Colombia has won international plaudits for its anti-cyber crime policies, and in some respects is a regional leader. In 2011, it became the first Latin American nation to form a national cyber-security strategy, creating a series of specialized government, police and military forces.
SEE ALSO: Colombia News and Profiles
However, Guzman says the strides Colombia has taken are nowhere near enough to halt the advance of a rapidly evolving criminal sector.
“Technology advances much faster than the law,” he said.
“By the time they learn to stop a trend, the criminals have come out with another one.”
In the latest response to the threat of cyber crime, President Juan Manuel Santos requested that the OAS send a technical mission of international experts to Colombia to help the country develop a new cyber defense strategy. The report’s main recommendations highlight institutional failings on the most fundamental levels — the OAS called for a clear and coordinated “vision” of the country’s cyber security strategy, legal reforms, improved coordination and training in the security forces and improved cooperation both between countries and between the public and private sectors.
Following the issuing of these recommendations, the government has announced new plans to combat cyber crime, including the creation of a Digital Committee and a National Cyber Security Agency. These new entities will be responsible for coordinating public and private strategies to combat cyber crime, as well as strengthening the pre-existing offices dedicated to this form of criminal activity. Specialized public prosecutors’ offices will also be created to deal with cyber crime, reported El Tiempo.
While Colombia is showing significant motivation to move against cyber crime, the question remains of whether this will be enough. The price of failing to properly implement the sort of coordinated and integrated strategy called for by the OAS could be high.
“That’s the capital of all businesses — information,” Diaz said. “And if isn’t taken care of, the consequences will be disastrous.”