Infosec 2016: While cybercriminals cooperate, cops and businesses stumble

While cyber-criminals work together, businesses and law enforcement have a harder time doing so.

It can often take longer than expected for law enforcement to receive a breach report
It can often take longer than expected for law enforcement to receive a breach report

Cyber-criminals can be pack animals. They work together, share information and coordinate operations. Their counterparts on the other side of the law often find themselves in comparative disarray.

The wheels of cooperation between private business and public law enforcement need greasing, was the main takeaway from the “Fostering Better Engagement Between Business & Law Enforcement to Effectively Respond to Cyber-crime” panel at Infosec 2016, Europe's largest cyber-security trade show.

“The panel we have today I think is very apt for the time we live in”, said Brian Honan, founder and CEO of BH consulting, moderating the panel.

“From my experience”, said Kurt Pipal, assistant legal attache for the FBI in London, “the biggest takeaway for (organisations) looking to engage with law enforcement is engage early.”

Gary Lilburn, detective inspector, for the Falcon unit which deals with online crime and fraud, was quick to point out that although police services were facing cutbacks, even at a time when cyber-crime was growing massively, the Falcon Unit was still doing well. His specific unit has a hit rate of roughly 75 percent, that is to say three quarter of cases he takes on go to court.  The wider police have a hit rate of 25 percent.

“I keep saying to companies, speak to us”, said Lilburn. There, said the other panellists is the rub. It's not quite that simple.

Rik Ferguson, an advisor to Europol and a security researcher, added that there's a perception and awareness problem. Not only do a lot of businesses feel that they need not contact the authorities because somebody else will but “a lot of businesses don't know who to contact or how to contact them”.

Tom Mullen, head of cyber response & security operations for Telefónica and formerly with BT for 20 years, said that figuring out who to speak to, let alone getting them to speak to you can be trying. Furthermore, what should someone like Mullen be telling the authorities? What kind of data do the authorities need?

The process can also be slow, “we need that instant reaction to get on-board”, added Mullen.

Lilburn admitted as much. Reports through ActionFraud, the UK's cyber-crime reporting hotline can often take a week before the relevant cop ever hears about that report. The Home Office is apparently reworking the way it handles reports but, added Lilburn, “the quicker we get involved the quicker we can do something”.

There is of course, the question of how national cyber-crime units can involve themselves in a breach that may have occurred through multiple jurisdictions. Lilburn admitted that while “those international boundaries are very frustrating”, he implored the audience not to “make assumptions” about law enforcement's ability to pursue cyber-criminals. 

Pipal further added that “there's a lot of cases were working jointly,” including some of the major botnet take downs that have occurred recently.

Even in places that are notoriously hard to work with or have law enforcement authorities who are not compliant with international requests, progress can be made.

“Cyber-criminals generally don't live in nice places and they like to travel” said Pipal, “we might not be able to get them (there), but they might go to a place where we can get them”.