FBI, Europol and NCA Want Global Approach to Fighting Cyber-Crime

infosec-15-law-enforcement-540x334.jpg?1433736416

A high-level panel of law enforcement experts discussed cyber-crime policing during the ‘Know your adversary: Who is the cyber-criminal?' keynote at InfoSec Europe in London, which was moderated by BH Consulting's Brian Honan.

Andy Archibald, deputy director of the National Crime Agency's National Crime Unit (NCCU), started the conservation saying that cyber-crime is, and remains, a major challenge for law enforcement. “The way cyber-crime has changed criminality is the biggest challenge for law enforcement, certainly during my time in law enforcement,” he said.
FBI's assistant legal attaché Michael Driscoll agreed and said that there are especially concerns around evidence gathering, given the global nature of such attacks. “The realm has changed when it comes to looking at the criminal threats for us. We are no longer back in the days when we're working on bank robberies and organised crime, where we could rely on law enforcement to obtain records needed, and seek out those responsible. 
“As things move more and more to cyber realm that becomes more difficult for us…We can't access that information, we don't see as quickly as you do out in the private sector, especially those who work in the security sector, those are the ones who are seeing it frequently before we do.”

Wil Van Gemert, deputy director of operations and acting head of Europol's European Cybercrime Centre (EC3), said that the cyber-crime threat is very real, as also indicated by GCHQ director general Ciaran Marti, and he sees traditional organised gangs move into this field. He said that cyber-crime-as-service, anonymisation via DarkNet and encryption were problems for law enforcement, continuing that encryption was "for law enforcement, not in balance at this moment".
On the threats in cyber space, FBI's Driscoll added that he was struck how similar the threats are internationally, citing botnets, malware, DDoS, and said that the volume of low level fraud on the internet is ‘staggering'. He said average bank robbery yield similar rate to online fraud, saying that FBI's own Internet Crime Complaints Center receives 22,000 online complaints a month, 270,000 roughly in a year. “We think, and the numbers verify this, that's about 10 percent what goes on,” he said of cyber-crime reporting, adding that it would likely be the same scenario in the UK.
Archibald agreed that the threats are similar across the globe, pointing to the NCA's own work disrupting the Shylock and Gameover Zeus botnets, and said that impact sustained in these attacks would be “no different” to any financial services company, wherever they may be in the world.

Professor Alan Woodward, a Europol advisor and visiting professor of the Surrey Centre of Cyber Security at the University of Surrey, said that "it wasn't as simple" as China being responsible for stealing IP and Russia for targeting financial services.
“The fact is that we now have organised crime gangs, they are international, and they don't come from one place. The C&C (command and control) might be in the UK but the gang itself might be in Ukraine. Its do disrupted that the only way you can fight this is with international collaboration,” he said.

Archibald added that it remains ‘really important' that law enforcement dedicate resources to attribution, adding this was possible lower down the criminal infrastructure. “There's realms of opportunity as part of a disruption strategy,” he said.
The panelists said that, with cyber-crime-as-a-service emerging, the evidence suggests that as few as 1 in 200 are the enablers of such attacks, meaning that law enforcement agencies should be focusing their energies of technological disruption.

But the key to all of this, said the panel, was that only international collaboration would help bring cyber-criminals to justice. "We need to pool resources together, that's the way forward," said Driscoll.
SC Magazine:  http://bit.ly/1dS364R

« US Stuxnet Attack Against N. Korea Failed
Berners-Lee Urges UK to Fight 'snooper's charter' »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ACME Communications

ACME Communications

ACME Communications specialises in the field of data centre, implementation, maintenance & operation and all aspects of other IT service.

Markel International

Markel International

Markel International is an international insurance company which looks after the commercial insurance needs of businesses. Specialist services include Cyber Risk insurance.

Airbus Cybersecurity

Airbus Cybersecurity

Airbus CyberSecurity is a European specialist in cyber security. Our mission is to protect governments, military and critical national infrastructure enterprises from cyber threats.

Intertek Group

Intertek Group

Intertek Group provides Assurance, Testing, Inspection and Certification services. Activities include cybersecurity testing and certification.

Bounga Informatics

Bounga Informatics

Bounga Informatics provides Digital Forensics, E-Discovery, and Endpoint Security software, hardware, and training in Singapore and other countries in Asia Pacific.

Maticmind

Maticmind

Maticmind is an ICT System Integrator providing solutions and specialized skills in Networking, Security, Unified Communications & Collaboration, Datacenter & Cloud and Application.

Excelsecu Data Technology

Excelsecu Data Technology

Excelsecu is a global solution provider of online identity authentication, widely applied in banks, government bodies and enterprises.

Cyber Covered

Cyber Covered

Cyber Covered provide complete website & data cover with market leading cyber insurance and powerful compliance software in one affordable package.

Nexor

Nexor

Nexor are a UK-based cyber security company with 30 years' experience in secure information exchange.

Voodoo Security

Voodoo Security

Voodoo Security is a specialized information security consulting firm focused on security assessments, risk and compliance analysis, and cloud security.

Data Privacy Office (DPO) - Belarus

Data Privacy Office (DPO) - Belarus

Data Privacy Office is a company that specializes in privacy and personal data protection, following the highest standards in its sector.

Trellix

Trellix

Trellix is an extended detection and response (XDR) solutions provider created from a merger of McAfee Enterprise and FireEye Products.

Bastazo

Bastazo

Bastazo provides tools for vulnerability and patch management. Focus your cybersecurity operations on vulnerabilities with the highest risk of exploitation.

Baidam Solutions

Baidam Solutions

Baidam Solutions is a 100% Australian owned and operated First Nations information technology business.

Blackmere Consulting

Blackmere Consulting

Blackmere Consulting is a Nationwide Technical and Executive Recruiting firm dedicated to Cyber Security and Information Technology.

UFS Technology

UFS Technology

UFS, the bank technology outfitter for community banks, provides purpose-built, bank-exclusive technology services and solutions including cybersecurity.