Cem Karakaya was an Interpol agent. Today, he is not only an expert on cybercrime and Secretary of the Munich Liaison Office of the International Police Association (IPA), but also a passionate speaker and consultant. His explanations are as captivating as they are frightening and usually lead to a quick change of all web passwords.

Mr. Karakaya, the topic of cybercrime is becoming increasingly important; in Austria, the number of documented crimes rose from 19,627 in 2018 to 28,439 in 2019. What about the clearance rate, is this also increasing?
One of the big problems is that we don’t have a crime scene principle for cybercrime. This can mean, for example, that the victim is in Germany, the server is in India and the perpetrator is in Russia. Here in Munich, the clearance rate is currently around 30 percent. What’s more, the very first case of hacking occurred in the 1980s, but the police in Europe have only been dealing with the issue for six or seven years. Metaphorically speaking, this means that the perpetrators are driving a Porsche while the investigating authorities are riding a tricycle. To be successful, you always have to be there before the perpetrators arrive. On the Internet, however, things are a little different. Nevertheless, speed is crucial. Every day, 300,000 new viruses, new Trojans or variations of them are created. Some people don’t even have an antivirus program or use cracked programs, which automatically creates security loopholes. People are always quick to say that they have been hacked. However, in many cases this is not true. If I use cracked programs or don’t update them, I create access points and loopholes.

@Jefferson Santos on Unsplash
Number of cases on the rise: Last year, 28,439 cyber crimes were documented across Austria, compared to 19,627 the year before – an increase of around 50 percent.

So in many cases it’s your own fault?
Exactly. Human laziness always wins and this will not change in the coming years. To summarize, it should also be said that police officers are very familiar with many forms of crime, but there are still gaps in their knowledge in the area of cybercrime. It is therefore primarily a matter of working preventively and sensitizing our own employees to these issues. If I want my prevention measures to be successful, my employees absolutely have to be on board.

So the key is personal responsibility?
Definitely. The computer really does reckon with everything, but not with its user. Because the detection rate will not increase significantly. We are simply far too late for that, even with the appropriate laws. The perpetrators use concealment tactics, for example, which makes detection much more difficult. This can be observed very well with a very specific type of call. Here is an example: A call comes in and the caller says he is from Microsoft. He pretends to be calling because he wants to remove viruses from your computer or laptop. In reality, however, the call was not from Microsoft at all, but from a criminal who wants to obtain data in this way. The phone number on the display was masked, although it looked completely normal. But this is just one example of many.

@kalhh on Pixabay
Frequent gateway: Poorly chosen passwords or passwords that are identical on several platforms allow cyber criminals to infiltrate the privacy of many users and companies.

You spoke briefly about the police earlier. Is cybercrime already part of the training?
There are now many training institutions, so yes, it is already part of the training. As already mentioned, the police have also been focusing on this issue for around six or seven years. Many citizens who are victims of such attacks think at first that they should go to the police, but then don’t because they have the feeling that nothing will come of it anyway. However, this would also be important because the police would then know how many such cases there actually are and these figures could then be communicated to politicians. This would make the issue more relevant and resources could be increased.

Are there certain trends that are currently emerging in the area of cybercrime?
80 percent of all cases start with a phishing e-mail. In second place is blackmail. In this case, for example, you receive an e-mail stating that an unknown person knows which porn sites you have visited recently. And that this information will be passed on to all Facebook contacts if a certain amount is not paid. This is clearly digital blackmail. Another problem is love scamming, i.e. fake love and, in connection with this, usually exploitation. In fourth place for me is money laundering. Fake online stores are also a big issue.

Are there other classics besides phishing emails?
Many people use the same password for different applications. For example in online stores. This is a classic problem, but it can have devastating consequences. In companies, there are often problems with the encryption of data. Fake news and conspiracy theories spread on the internet are also a problem. And espionage. Many people believe that everything is free. But you usually pay with your data. I always say: if you don’t pay for a product, you are the product. The following example comes to mind in this context: If I book a trip online as a German with my German IP address, I pay more than someone with a British IP address. With the same provider. If I log in via VPN with a French IP address, I pay even less.

@Private
Cem Karakaya studied for four years at the Police Academy in Ankara and then joined Interpol, where he worked for the Foreign Affairs Department and for two years as Secretary General of the International Police Association (IPA) for the Turkish section. Since 2008, he has been the IPA Secretary of the Munich Liaison Office, where he specializes in cybercrime and prevention. Karakaya also works part-time as a consultant and speaker on the subject.

However, very few people know this ...
That may be true. However, there are also enough things that are much more obvious and have been talked about many times. Edward Snowden risked everything to expose these things. However, in most cases this has only led to people taping off their cameras. Unfortunately, that doesn’t help at all, because it’s not the appearance that’s interesting, it’s the conversations that matter. In this respect, I feel incredibly sorry for the generation that is now growing up, because all their data really is stored. The future Federal Chancellor will also be among these people. So there is a lot of scope for blackmail, especially in these cases. That scares me.

That is also scary. But to what extent are companies already aware of this?
Awareness is definitely increasing. Of course, I also notice that from the inquiries. But I’m not aiming to lecture. People are allowed to laugh in my talks, but the laughter should stick in people’s throats because it’s about a very important topic. My aim is to make people think about this topic. That’s why I don’t want to demonize anyone, but rather talk about the strategies of the perpetrators and present simple measures.

What would such a simple measure be?
One measure that is very easy to implement concerns the mail server. You can simply set it so that all emails that come from outside are marked as external. This would make it easier to recognize a phishing e-mail. You can see at first glance that the e-mail cannot come from the boss because it has been marked as “external”. Presumably an attacker is behind it.

Finally, a very all-encompassing question: So digitalization is not just good?
Digitalization is wonderful if you also think about people, if they are aware of the risks and can take all the important measures accordingly. However, the economic damage caused by cybercrime should not be ignored. In most cases, the money does not stay in the country, but goes abroad.

RELATED ARTICLESMORE FROM AUTHOR