Fighting Cybercrime takes COuRAGE

AG_G_2016a

Author Gary Hibberd

For the last few years, Agenci have been fortunate to work with COuRAGE, the Cybercrime and Cyberterrorism European Research Agenda group, which is an initiative that is connected to CENTRIC, the Centre of Excellence in Terrorism, Resilience, Intelligence and Organised Crime Research.

As part of this work we have been asked to provide input to books, articles and research sessions. It is always a pleasure to work with the CENTRIC and COuRAGE team so I was truly delighted when they invited me to speak in front of an international audience of experts involved in the fight against Cybercrime and Cyberterrorism, at The Hague, Netherlands.

Den Haag (The Hague)

This is not a blog on the highs and lows of the Netherlands (although there are few lows, in such a beautiful country), but rather a high level review of the two day event which was attended by over 90 professionals from the world of law enforcement, government and academia. All participants had one thing in common; a desire to tackle head-on the issue of Cybercrime and Cyberterrorism.

2 Days – 2 Topics

To cover each speaker at the event in depth would be difficult to do in a blog and I am sure I would leave something out of great importance! So rather than try and relay everything that we spoke of I will instead give you a general feeling of the 2 days which I hope you will find interesting and insightful.

Cybercrime & Cyberterrorism

The first thing to say about these topics is this; There is a LOT of time and energy being spent by Governments and Law Enforcement Agencies (LEA’s) to tackle this topic, but like any government initiative and government controlled organisation, they suffer from a lack of resources and funding just like anyone else. However it was apparent that the expertise that is available, is highly trained and highly motivated.

During the sessions we heard how LEAs are leveraging OSINT, or ‘Open Source INTelligence’ to catch criminals and other ‘bad actors’. Basically using the tools many of us take for granted (FaceBook, Twitter, GoogleMaps etc) and turning these into electronic informers, where the ‘informer’ is the criminal themselves! We also discussed at length the use of electronic commerce and the rise of the ‘Bitcoin Millionaire’. Interestingly those using Bitcoin believe it is a completely untraceable form of commerce, whilst the truth is far from it. The message is; “If you touch it we can trace it.”

What was clear through the discussions was that there are two clear threat actors at play when looking at Cybercrime/Cyberterrorism; The first is the ‘Script Kiddie’. This is the person learning their craft and just starting out on a path of criminality. Perhaps if caught soon enough, their skills can be harnessed for good and for the fight against cybercrime.

The second key player, is organised crime. ‘Crime-As-A-Service’ is now a very real threat, with criminals automating many of their attacks, using either call-centre type operations or highly automated ‘bots’ to carry out random attacks on millions of computers, all with the press of a button. We are seeing this is the rise of Ransomware attacks and this is set to continue for the foreseeable future.

Innovation

It is clear that criminals are innovating and using technology just as quickly as mainstream industry is, possibly faster. Cybercriminals/Cyberterrorists don’t have the same constraints as everyday industry does; They don’t care about jurisdiction. They don’t care about ‘buggy-code’. They don’t care about testing. Write the code – Execute! In a virtual world that is not defined by borders, the Cybercriminal is taking full advantage of real world limitations and ‘border controls’. This is one of the key challenges which everyone at the conference agreed needs to be addressed.

Education

Over the two days we heard from 16 different expert speakers on the challenges faced in the world today. During my own presentation I stated that Education was of key concern and needs to be addressed at every level of society. From the moment I mentioned this, every speaker thereafter agreed and re-emphasised the points I made.

Education of children is key. Education of Parents, school teachers and governors is key. But not education which is patronising, but education which is honest. For example, we need to stop talking to children about the dangers of ‘talking to strangers online’, because they are not strangers! They are ‘friends’. If you’ve never seen the TV show ‘Catfish’, I would urge you to seek it out and watch it. It relays the same story each week; A young adult has fallen in love with someone online and they’ve never met in person. The show’s host then hunts down the love interest and invariably finds they are not who they said they were. This show is in its 10th year of running and it shows no signs of slowing.

Cybercrime & Cyberterrorism: The fight so far

The overall message from the conference is that whilst there are challenges, there is much which is happening that will help protect our digital world. Governments, Academics and Law Enforcement Agencies are working incredibly hard (and incredibly effective) to keep us safe online.

But…

We cannot rely on these agencies do to it all for us. We as citizens of a global society need to show some ‘gum shone’ and take responsibility for our own online world. We need to stop sharing so much information online. We need to talk to our children about their online safety. We need to show good practice with our computers at work and the information we have access to. We need to think about who we’re talking to online and who might be interested in us and why.

Cybercrime is real. Cyberterrorism is real. These are not ‘virtual world’ problems. They are real world problems.

Amongst the many areas of consensus was that we will eventually drop the word ‘Cyber’ from Cybercrime and Cyberterrorism, and call them what they are. The mechanism by which they are carried out will (and should) become secondary. When that happens we will stop being mystified by this new technology, and start dealing with the issues – together.

Agenci

Agenci is responsible for protecting businesses from cyber threats, cyber-attack, internal threats and business outages. Agenci ensure clients systems are secure and provide peace of mind through a range of proven specialist information security solutions.

Speak to a member of the team now on 

03455 760 999

We would love to help you, ask for Gary Hibberd :

Agenci Team