EC3: Darknet & cloud the barriers to prosecuting cyber-criminals

Troels Oerting, head of European Cybercrime Centre (EC3), spoke about the difficulties of catching cyber-criminals during his keynote speech at the Infosecurity Europe exhibition in London earlier today.

Europol cyber-crime chief becomes Barclays CISO
Europol cyber-crime chief becomes Barclays CISO

In his talk entitled ‘Combating crime in a digital age', Oerting said that cyber-crime is changing the ‘world as we know it' and said that this is down in part to the growing number of internet user base - which is predicted to grow from 2.7 billion online users to 4 billion in the next few years.


He also said that cyber-crime investigations have been harder by the leaks from former CIA contractor Edward Snowden, perhaps on the basis that cyber-criminals have look to increase their anonymity.


“The Snowden revelations seemed to, one way or another, have made it more difficult law enforcement to clamp down on [internet] rules,” said Oerting.


But, poignantly, he said that criminal investigators across borders are still struggling to bring cyber-criminals to justice.


This, he said, is because cyber-criminals are using darknet tools - like Tor - to anonymise

their browsing habits, as well as cloud services to stream attacks and avoid detection. 


“The problem is that criminal groups are using the same tools [as the investigators]. You can't see the attack, don't know the motive...you need to do some homework.”


He added: “Not even NSA can infiltrate the darknet, cyber-criminals are utilising Bitcoin and the darknet, it makes it even more difficult for us to follow the money.”


Another problem, he said - as National Cyber Crime Unit deputy director Andy Archibald pointed out earlier this year - is that cyber-crime is a global phenomenon and that the bad guys can do their business from their bedroom, while pointing domain proxies to countries across the globe.


Oerting referred to it as ‘anyone, anytime, anywhere attacks' and said that it was ‘old fashioned' to think that borders had any great importance in the digital world.


Terrorists dip their toes into cyber warfare


He added that state-sponsored activity is ‘not a surprise' but intriguingly added that terrorists will soon use the Internet as a medium to carry out a large-scale cyber attacks.


“We see loads of terrorists preparing for a big cyber attack now,” he said. “But I still think that terrorists like bombs - they're more visible - so we have to keep an eye on this area.”


He said that the key to winning this battle is industry collaboration, and maybe some controls being put around an open internet.


“We need to understand this is combined task, not just for the police and law enforcement but for society,” he stated- noting the new trend for the Internet of Things (IoT).


“We will win, we will prevail but it'll be a tough ride.”


Following shortly after the talk, Alan Woodward - independent advisor and Visiting Professor at the department of computing at the University of Surrey, agreed that criminals are taking to darkweb and cloud to hide their trail, and said that there's a “real problem” as far as cross-border jurisdiction is concerned.


“Ultimately there is no international law...we're struggling to govern the internet as it is let alone [implement] international law.”


And on the issue of the cloud, he told SCMagazineUK.com that the industry needs to develop tools so that criminal investigators can deep dive onto any illegal activity taking place on cloud services like Amazon's AWS.


“It's very easy to set-up a cloud service anonymously, and who knows what you're doing?” said Woodward, who is now also a special adviser to EC3.


He added that cyber-criminals are developing their own distributed peer-to-peer cloud services services to spread their digital identity, what with cloud services often hosting data in numerous countries.


“Criminals are the tree in the forrest. For them, they derive security through obscurity."