A high-level panel of law enforcement experts discussed cyber-crime policing during the ‘Know your adversary: Who is the cyber-criminal?' keynote at InfoSec Europe in London today, which was moderated by BH Consulting's Brian Honan.
Andy Archibald, deputy director of the National Crime Agency's National Crime Unit (NCCU), started the conservation saying that cyber-crime is – and remains - a major challenge for law enforcement.
“The way cyber-crime has changed criminality is the biggest challenge for law enforcement, certainly during my time in law enforcement,” he said.
FBI's assistant legal attache Michael Driscoll agreed and said that there is especially concerns around evidence gathering, given the global nature of such attacks.
“The realm has changed when it comes to looking at the criminal threats for us. We are no longer back in the days when we're working on bank robberies and organised crime, where we could rely on law enforcement to obtain records needed, and seek out those responsible. As things move more and more to cyber realm that becomes more difficult for us.
“We can't access that information, we don't see as quickly as you do out in the private sector, especially those who work in the security sector, those are the ones who are seeing it frequently before we do.”
Subsequently, he said that the bureau was now getting involved now in more industry conversations, something he admits it “didn't do as much in the past.”
Wil Van Gemert, deputy director of operations and acting head of Europol's European Cybercrime Centre (EC3), said that the cyber-crime threat is very real, as also indicated by GCHQ director general Ciaran Martin yesterday, and he sees traditional organised gangs move into this field.
“The involvement of organised crime into this field I is becoming more and more of a threat towards us, especially also because its changing the picture of organised crime,” he said, adding that this presented “a lot of opportunities and challenges” to law enforcement, especially given the various different laws and emergence of cyber-crime-as-a-service.
He said that cyber-crime-as-service, anonymisation via darknet and encryption were problems for law enforcement, continuing that encryption was "for law enforcement, not in balance at this moment".
On the threats in cyber space, FBI's Driscoll added that he was struck how similar the threats are internationally, citing botnets, malware, DDoS, and said that the volume of low level fraud on the internet is ‘staggering'. He said average bank robbery yield similar rate to online fraud, saying that FBI's own Internet Crime Complaints Center receives 22,000 online complaints a month, 270,000 roughly in a year.
“We think, and the numbers verify this, that's about 10 percent what goes on,” he said of cyber-crime reporting, adding that it would likely be the same scenario in the UK.
Archibald agreed that the threats are similar across the globe, pointing to the NCA's own work disrupting the Shylock and Gameover Zeus botnets, and said that impact sustained in these attacks would be “no different” to any financial services company, wherever they may be in the world.
Attribution ‘really difficult'
However, while the threats are largely the same, attribution remains a tricky and topical subject, despite FBI's own protestations – both here at the conference and from director James Comey in the past - that the Sony Pictures Entertainment hack late last year was ‘definitely North Korea'.
Professor Alan Woodward, a Europol advisor and visiting professor of the Surrey Centre of Cyber Security at the University of Surrey, said that "it wasn't as simple" as China being responsible for stealing IP and Russia for targeting financial services.
“The fact is that we now have organised crime gangs, they are international, and they don't come from one place. The C&C (command and control) might be in the UK, the gang itself might be in Ukraine. Its do disrupted that the only way you can fight this is with international collaboration,” he said.
Archibald added that it remains ‘really important' that law enforcement dedicate resources to attribution, adding this was possible lower down the criminal infrastructure. “There's realms of opportunity as part of a disruption strategy,” he said.
Gemert added: “Attribution is a problem but also some solutions to it, I see some developments [there].”
Woodward said groups like Europol, and its J-CAT Group (which SC revealed exclusively last year), were the way forward, although he and other panellists were less keen on the idea of an international cyber-crime police, as proposed by Eugene Kaspersky. “It wouldn't work,” stated Driscoll.
The panellists said that, with cyber-crime-as-a-service emerging, the evidence suggests that as few as 1 in 200 are the enablers of such attacks, meaning that law enforcement agencies should be focusing their energies of technological disruption.
But the key to all of this, said the panel, was that only international collaboration would help bring cyber-criminals to justice.
“Because the threat is international, the actors operating against us are also operating against the UK, the US and our colleagues in Europe,” said Archibald. “Therefore, our response must be joined up – that's one of the challenges, because threat is the same and our collection and sharing of intelligence and evidence must be coordinated. Otherwise, we will all be tackling the threat in entirely different ways, in a siloed approach.”
"We need to pool resources together, that's the way forward," said Driscoll.