NOBODY LIKES a call from the taxman. Donald Rumsfeld, who as America’s defence secretary oversaw a budget bigger than the economy of a typical country, nonetheless finds the rules so confusing that he writes to the Internal Revenue Service each year complaining that he has “no idea” whether he has filed his taxes correctly. So it is hardly surprising that, when the phone rings and an official-sounding voice says you have underpaid your taxes and will be connected to an adviser to pay the balance, ordinary folk tremble.

It is, however, invariably a scam. Few tax authorities call individuals about their taxes; if you are lucky, they will send you a letter a year later, to the wrong address. They will certainly not menace you, as bogus calls often do, with the threat of arrest if you do not stump up the cash right now.

Such scams have become vastly more common. Phone calls from tricksters claiming to be taxmen almost doubled in number last year, according to UK Finance, a trade association of banks. Other countries show increases at least as dramatic.

Even as rates of most crimes remain low in rich countries, the spectacular growth of cybercrime—crime committed mostly or entirely over the internet—stands out. According to the Crime Survey of England and Wales, the best indicator of long-term trends in Britain, in 2019 there were 3.8m incidents of fraud, most online, representing a third of all crimes committed. That figure has increased every year since 2017 when the government started collecting data. Around 7% of all adults were victims. Three-quarters lost money, and 15% lost more than £1,000 ($1,393). In America the number of reported cases of internet fraud increased by 69% last year. Reported losses there (excluding bank or credit-card fraud) reached $4.2bn, three times higher than in 2017.

Other kinds of internet-enabled crime are growing too. Spam phone calls and text messages, typically attempting to defraud people, extract billions of dollars a year. Illegal gambling websites, many of which steal from their customers, have multiplied. And new technology makes many old-fashioned crimes easier to perpetrate. Drug dealers use Bitcoin, a cryptocurrency, to take payments and move money around. They rely on specialised criminal encrypted communications software to organise their affairs. “There is no serious organised crime that does not have a digital component,” says Nigel Leary of Britain’s National Crime Agency (NCA).

Most significant over the past year is the growth in “ransomware”—hacking attacks where victims’ files are locked up until money is paid. Such attacks were once crude. Ransomware arrived in spam emails and targeted ordinary people’s computers. The sums demanded were often small, to encourage people to pay up.

These days hackers focus on large organisations and demand big ransoms (see chart). Malicious software is injected into specific computer systems. It steals data before locking them. A ransom is then demanded to unlock the files or, increasingly, to prevent them being leaked (backups of important data are common now). It is almost always in Bitcoin. According to Chainalysis, a cyber-security firm, the amount paid in Bitcoin ransoms increased by 311% last year, compared with 2019, to around $350m compared with 2019. Victims are usually businesses but more and more include governments and their departments, including the police. On April 27th Washington DC’s coppers revealed that they have been hit by hackers, who say they will expose police informants to gangs if the authorities do not pay up.

Ransomware is “the single biggest threat” in the organised crime world, says Alan Woodward, a computer scientist at the University of Sussex who advises Europol, the EU’s police agency. On April 29th Alejandro Mayorkas, America’s secretary of homeland security, described it as “a threat to national security”. The damage is enormous. Maersk, a global shipping company, wrote down $300m in losses related to a ransomware attack in 2017. Travelex, a British currency trader, collapsed last year, with the loss of 1,300 jobs. An attack that took its systems down at the end of 2019 was partly to blame. Despite coughing up 285 Bitcoin—then worth around $2.3m—the firm lost about £25m that quarter. It attributed most of that to the attack.

Ransoms can be eye-watering: an attack in March on the Broward County school system, which covers much of Fort Lauderdale in Florida, came with a demand for $40m in Bitcoin. In messages leaked by the hackers, one of the district’s negotiators was incredulous: “You cannot possibly think we have anything close to this.”

Most government bodies do not. But the consequences of not paying can be just as costly. In Baltimore, Maryland’s biggest city, schools had to stop online teaching last year for several weeks after their systems were locked by a ransomware attack. It was not the city’s first experience. An attack in 2019 cost its taxpayers $18m. During the pandemic hospitals have been hit, too. France reported 27 attacks on hospitals last year, as part of a 255% increase in ransomware attacks generally. Medical treatments have been delayed in Germany and ­America because of attacks.

Bitcoin buccaneers

The criminals who do it are a mixed bunch. Many seem to be based in Russia, other parts of eastern Europe, or China. In Russia and Belarus, cybercriminals thrive because the state tolerates them, as long as they only scam foreigners. Some reportedly have links to the security services.

But cybercriminals do not seem to operate in tightly organised crime groups, like drug cartels or mafias. Their strength comes from their decentralisation. Individual elements of each crime are provided as a service to organisers. One lot might write and sell the software. Others might get it into targets’ computers. Others might collect and launder the ransom. And a few kingpins might finance the entire operation. And yet they might never know each others’ names or locations.

Crimes such as bank robbery used to be artisanal, says Mr Leary, of the NCA. Big jobs like the Brink’s-Mat robbery of 1983, in which £26m of gold, diamonds and cash were stolen from a warehouse at Heathrow airport, required a large specialist staff who all knew and trusted one another. Now large-scale crime is being industrialised by technology. “The barriers to entry are really very low,” says Mr Leary.

That is largely because an entire internet infrastructure has developed to enable attacks. Cryptocurrency is key. Ransomware criminals like to use Bitcoin, says Kemba Walden, a lawyer with Microsoft’s digital crimes unit, because it is very liquid and relatively anonymous. The end recipient is anonymous unless his real-world identity can be connected to his virtual address. Criminals can trade Bitcoin between themselves. Cashing out their earnings into real money is risky; in most rich countries Bitcoin exchanges apply strict “know-your-customer” requirements. But it is not impossible. Some exchanges in less-regulated countries apply looser criteria. And coins can be “tumbled”—swapped between cryptocurrencies by money launderers—to conceal their origins, and then sold on well-regulated exchanges. In Russia and China “it’s just incredibly difficult” to trace stolen money, says Ms Walden.

Other technological innovations are vital, too. SIMboxes, which allow people to “spoof” (conceal the origin of) phone calls, are sold for legitimate purposes, to marketing firms, for example. But they also allow criminals to spam people or communicate without revealing their location. TOR, software which anonymises internet connections by bouncing data around the globe, allows the “dark web” to thrive, hosting the forums on which criminals anonymously trade their wares. “Bulletproof hosting”—server farms with a high level of security and privacy—operate like virtual safe houses, where compromising data can be moved off at a moment’s notice, invariably before the police are able to get to it.

What is the future of such crime? As ransomware has grown, so has the industry promising to protect firms from it. The crime is “becoming more high-profile”, says Michael Levi of Cardiff University. Organisations are trying to buttress their defences. But many do not want to report hacking attempts or fraud. Data breaches are not only damaging in themselves; they are embarrassing, too. Individuals rarely think to report cybercrimes to the police. The costs may be borne indirectly. Banks and insurers will often compensate people for losses. Security is improving but the crimes are increasingly profitable.

The worry of law enforcement is that more traditional criminals are moving into cyberspace, and vice versa. “Now the dark web is used for the commodity trade [fencing of stolen goods], the drugs trade and firearms,” says Mr Leary. In raids in Belgium in March, police seized 28 tonnes of cocaine, as well as cash, guns, police uniforms and a torture chamber in a shipping container. The criminals had reportedly been using Sky ECC, an encrypted phone network sold by a Canadian firm. The phones were seemingly designed to hide criminal activity, with end-to-end encryption, disappearing messages and no GPS data. Subscriptions were paid in Bitcoin. That gave them a great deal of anonymity—at least until European police forces managed to inject their own malware into the phones to spy on them.

Governments are beginning to take cybercrime more seriously. America’s Justice Department has appointed a team to tackle it. The “five eyes” allies—America, Australia, Britain, Canada and New Zealand—are sharing intelligence on it. But there is a long way to go. In Britain only one in 200 police officers focuses on fraud, despite its outsize footprint, according to figures revealed through the Freedom of Information Act by the Times newspaper.

And the opportunities are growing. In the past six months the value of the world’s Bitcoin has soared to over $1trn. That surge of liquidity makes it even easier to hide crime. And as Mr Woodward puts it: “Why would you walk into a bank with a sawn-off shotgun to steal £30,000 when, if you’re got some money to invest, you can go on the dark web and start a ransomware campaign and make millions?” ■