This week the Sorbonne University and the French Department of Justice hosted a meeting, the World and Development Institute (IMODEV) International Cybercrime, CyberThreat and CyberFraud Seminar. The audience heard eminent speakers including Pierre Joxe, a Member of the French Constitutional Council and former socialist Minister of the Interior, and Jacques Godfrain, the writer of the so-called French Godfrain Act (Loi Godfrain) of 5 January 1988, which updated the French penal code by introducing a section regarding the intrusion in information systems.
The seminar took an in-depth look at French and European penal and civil aspects of the fight against cybercrime. I’ll recap a couple of other topics.
Let’s start with the talk by Yoshiyuki Tsutsumi, attorney and First Secretary in charge of judicial affairs at the Japanese embassy in Paris. After reminding us that the Japanese parliament has just enacted legislation criminalizing the creation or distribution of computer viruses (punishable by up to three years in prison or 500,000 yen in fines) and the acquisition or storage of viruses (punishable by up to two years in prison or 300,000 yen in fines), he showed us the very latest unpublished statistics regarding cybercrime cases in his country in 2010.
In another track, Eric Edelstein from Orange/France Télécom discussed mobile security and the lack of awareness of mobile users. Among other things, he pointed out the mobile-spam average conversion rate compared with the rate seen in a traditional email-based spam campaign.
In 2008, a security analysis made by U.C. San Diego and U.C. Berkeley researchers showed that the average conversion rate for an email-based spam campaign was just 0.000008 percent
- 35 million pharmaceutical spam emails sent
- 28 individuals bought products for a total US$500 total profit for the crooks. In one year this would lead to $3 million in profits
In another study from 2010, a typical SMS-based spamming scheme can reach a conversion rate higher than 1 percent.
- 10 million SMS sent
- 288,000 recipients called a number, for a $780,000 profit
- 217,000 recipients replied to SMS or signed up for a service, for a $224,000 profit
- During the three-day active phase of attack, the crooks earned around $1 million
Another talk that grabbed my attention was made by Adeline Champagnat, assistant head of OCLCTIC (French National Unit for Countering Cybercrime). She presented the French responses to cybercrime, including the Pharos reporting platform, which allows the public to report suspicious websites or messages they encounter during their Internet surfing. The public reports about 1,500 alerts per day; this will result in more than 100,000 potential offenses for the whole of 2011. One of her graphs showed the public commitment as time goes by:
In 2010, Pharos gathered 77,646 reports, compared with 52,353 in 2009. Last year, this collection resulted in investigations of thousands of incidents (between 6,000 and 8,000). More than 700 required direct action by French authorities; another 1,941 were forwarded to Interpol. 57 percent of reports related to fraud. Nearly 22 percent were classified as an “offense against underage children.” The rest of the complaints were broken down into “xenophobia” (10 percent) and “others” (8 percent). Only 3 percent were classified as unfounded.