August 2013, No. 2 Vol. L, Security
Five years is a very long time in cybercrime. In this period, we have witnessed the maturity of the digital underground economy, the emergence of hacktivism and the rise of botnets.
When we talk about the digital underground economy, what we mean is a collection of self-sufficient global networks that operate mostly in closed Internet forums and facilitate an array of cybercrimes including banking attacks, payment card frauds, identity theft and other online intrusions. Stolen personal and financial data is retailed on these forums.
The sophistication of this criminal business model is such that members of these networks are able to focus on specific tasks including producing malicious code or delivery mechanisms for attacks. There are even specialists who are dedicated to the generation of payment card authentication numbers and the recruitment of money mules, individuals who turn the proceeds of cybercrime into hard cash—sometimes without knowing that they are engaging in criminal activity.
Cybercriminal businesses are constantly innovating. As well as making extensive use of social media to distribute scams and links to malicious software, they scan the environment to identify new software vulnerabilities, new environments popular with Internet users and new attack vectors. Among the more ingenious forms of scam in recent years is police ransomware. This malicious software locks the user’s computer until a fine is paid to an online bank account. The insignia and branding of legitimate law enforcement agencies are reproduced to convince the user that they are dealing with the real police in their home country, an impression reinforced by the translation of the notification into the appropriate language. The user is informed that they have engaged in criminal activity online, for instance downloading of child abusive material or pirated audiovisual files.
By playing on the fear and guilt of the victims, this kind of cybercrime has proven to be highly lucrative. The law enforcement community, supported by the European Cybercrime Centre (EC3) at Europol and Interpol, is making tangible progress against the criminal groups engaged in ransomware distribution. In February 2013, Operation Ransom, led by the Spanish police, resulted in 11 arrests for the production, development and distribution of this type of malware, and the arrest of another 10 individuals involved in the financial side of the scam. Investigations are ongoing.
Networks of many thousands of infected computers which essentially serve as zombies to conduct attacks on other systems, botnets have accelerated cybercrime’s industrialization more than any other tool. Before the rise of botnets, victims of cybercrime were targeted one by one, requiring much greater time and effort on the part of criminals. Today, spam delivery and Distributed Denial of Service attacks that stop government and commercial websites by flooding them with Internet traffic are particularly reliant on botnets for their processing power. Your personal computer, notebook or smartphone may well have been exploited in this way.
Botnets are not only powerful but highly cost-effective, with prices dipping to $150 in recent months. And just as legitimate businesses are moving their computing to the Cloud, so too can we expect to see Cloud botnets in the very near future—highly dynamic entities that will quickly change location, thereby requiring timely and concerted international cooperation to dismantle.
Meanwhile, the Internet has increasingly become designated as critical infrastructure. It is also a technology on which the vast majority of critical infrastructures rely, including power supply, health-care provision and emergency communications.
As a world citizen in 2013, you may be forgiven for thinking that the threat from cybercrime is not real or at least overhyped. While statistics cited in the popular media routinely refer to many millions of infected computing devices and billions of US dollars lost through intrusions or online frauds, the immediate impact of these is rarely felt by the average Internet user, who will be reimbursed by their financial services provider and may feel no need to report the crime to the police. In contrast to, say, online child sexual exploitation, cybercrime to date has, for the most part, not incurred significant harm on its victims.
However, this is likely to change in the very near future. The increasing dependence of vulnerable citizens on Internet-enabled medical devices such as heart pacemakers, defibrillators and insulin pumps, combined with ageing populations in many parts of the world, highlight the importance of awareness-raising and digital hygiene for older members of society. This may sound like science fiction, but I am speaking from experience. My own father was fitted with a wireless-enabled pacemaker but had no idea of the potential consequences of not keeping his anti-virus software up to date. And not everyone has the luxury of a cybercrime investigator in their family.
Law enforcement has been fully aware of the threat from cybercrime for over a decade but it has taken some time for cybercrime to enjoy priority in terms of resourcing. Around the world, cybercrime-fighting capabilities are developing at very different speeds. Wherever I travel in my work for EC3, I have yet to visit a law enforcement agency that claims to have sufficient resources to combat the threat or to effectively manage workloads amounting to scores of investigations which often require the examination of terabytes of data. Local and national agencies operating in isolation are undoubtedly not making the best use of their resources.
When we will look back on 2013 and 2014, we will view these years as landmarks in the fight against cybercrime. In January 2013, EC3 opened its doors. Based at Europol in The Hague, the centre provides specialist operational support and intelligence coordination to cybercrime investigations in the 27 European Union member states and, in turn, harnesses their capability and expertise to deliver more comprehensive and targeted responses to online threats.
In 2014, Interpol’s new Digital Crime Centre will be operational at its Global Complex for Innovation in Singapore. In the development of both centres, strong emphasis has been placed on delivering collaborative responses which draw on the full range of cybersecurity stakeholders, including industry, academia and civil society organizations, as well as government authorities.
EC3, for example, has partnered with the International Cyber Security Protection Alliance (ICSPA). Supported by the Prime Minister of the United Kingdom, David Cameron, it is an initiative that brings together law enforcement and the Internet security industry in the delivery of global capacity-building and cybercrime prevention. Under the auspices of ICSPA, EC3 is leading Project 2020 by looking at scenarios which anticipate the future of cybercrime and seek to prepare citizens, businesses and governments by using arresting awareness-raising materials, such as movies and animations. When technology evolves as quickly as the Internet, it pays to be one step ahead.
No one can accurately predict the future, but we can be reasonably confident that some emerging technologies will be more prominent in 2020. Augmented reality is already apparent in the form of smartphone applications which deliver online information about the user’s physical location: think tailored reviews for local restaurants and apps which map the night sky wherever you are, but head-mounted displays such as Google Glass are set to integrate this augmented content more fully into our experience of the offline world.
The Internet of Things is the phrase often used to describe the incorporation of Internet connectivity into a plethora of previously unconnected devices, such as home appliances and clothing. In combination with a further increase in Radio Frequency Identification tagging, the global proliferation of Internet-enabled sensors has the potential to deliver considerable innovation in supply and distribution chains, while the advent of 3-D printing may well be a catalyst for new manufacturing models.
None of these technologies will operate in isolation; rather, they will be part of a single ecosystem. Add to this smart home technology the insights to be gained from big and intelligent data, and the long-awaited emergence of virtual reality in the form of remote presence technologies such as beaming, and it is evident that even more data will be generated by all of us, all of the time. This will continue to be attractive to cybercriminals, requiring enhanced protection by service providers and even greater levels of international cooperation by those charged with investigating breaches, and hold cybercriminals to account.
Legislation around the globe will not only need to catch up but also keep pace with criminal misuse of emerging technologies. There is now a real risk that, without harmonization, countries with lower levels of cybersecurity, weaker cybercrime legislation and diminished law enforcement capability will become safe havens for cybercriminals for many years to come.
International cooperation is already essential to successfully investigating and prosecuting cybercrime. However, we also need to think smarter, beyond the traditional criminal justice practices of apprehending, prosecuting and convicting individuals. Effective disruption and prevention measures are, and will continue to be, possible. International organizations like Europol, Interpol and the United Nations are force multipliers in the delivery of effective multi-sector initiatives to dismantle botnets, reduce the profits of the digital underground economy and actively engage citizens in protection against attacks.
The fight against cybercrime also requires specialist information hubs and intelligence coordination. Very often it is only at the international level that analysts can gain an accurate picture of the extent and harm of a cybercriminal group’s activities. The law enforcement and security communities, for instance, need organizations like Europol, Interpol, United Nations Office on Drugs and Crime, and United Nations Interregional Crime and Justice Research Institute to help them make sense of the threat, and make crucial links between offences in often very disparate parts of the world.
For a number of years, the international community has described cybercrime as borderless. It is now time to walk the walk and provide truly coordinated responses which are not only timely but responsive to changes in Internet technologies. By working together with a shared goal for a safer Internet, we will ensure not only that we meet current threats as effectively as possible, but that we will also be fit for the future.