FBI, Europol and NCA Want Global Approach to Fighting Cyber-Crime

infosec-15-law-enforcement-540x334.jpg?1433736416

A high-level panel of law enforcement experts discussed cyber-crime policing during the ‘Know your adversary: Who is the cyber-criminal?' keynote at InfoSec Europe in London, which was moderated by BH Consulting's Brian Honan.

Andy Archibald, deputy director of the National Crime Agency's National Crime Unit (NCCU), started the conservation saying that cyber-crime is, and remains, a major challenge for law enforcement. “The way cyber-crime has changed criminality is the biggest challenge for law enforcement, certainly during my time in law enforcement,” he said.
FBI's assistant legal attaché Michael Driscoll agreed and said that there are especially concerns around evidence gathering, given the global nature of such attacks. “The realm has changed when it comes to looking at the criminal threats for us. We are no longer back in the days when we're working on bank robberies and organised crime, where we could rely on law enforcement to obtain records needed, and seek out those responsible. 
“As things move more and more to cyber realm that becomes more difficult for us…We can't access that information, we don't see as quickly as you do out in the private sector, especially those who work in the security sector, those are the ones who are seeing it frequently before we do.”

Wil Van Gemert, deputy director of operations and acting head of Europol's European Cybercrime Centre (EC3), said that the cyber-crime threat is very real, as also indicated by GCHQ director general Ciaran Marti, and he sees traditional organised gangs move into this field. He said that cyber-crime-as-service, anonymisation via DarkNet and encryption were problems for law enforcement, continuing that encryption was "for law enforcement, not in balance at this moment".
On the threats in cyber space, FBI's Driscoll added that he was struck how similar the threats are internationally, citing botnets, malware, DDoS, and said that the volume of low level fraud on the internet is ‘staggering'. He said average bank robbery yield similar rate to online fraud, saying that FBI's own Internet Crime Complaints Center receives 22,000 online complaints a month, 270,000 roughly in a year. “We think, and the numbers verify this, that's about 10 percent what goes on,” he said of cyber-crime reporting, adding that it would likely be the same scenario in the UK.
Archibald agreed that the threats are similar across the globe, pointing to the NCA's own work disrupting the Shylock and Gameover Zeus botnets, and said that impact sustained in these attacks would be “no different” to any financial services company, wherever they may be in the world.

Professor Alan Woodward, a Europol advisor and visiting professor of the Surrey Centre of Cyber Security at the University of Surrey, said that "it wasn't as simple" as China being responsible for stealing IP and Russia for targeting financial services.
“The fact is that we now have organised crime gangs, they are international, and they don't come from one place. The C&C (command and control) might be in the UK but the gang itself might be in Ukraine. Its do disrupted that the only way you can fight this is with international collaboration,” he said.

Archibald added that it remains ‘really important' that law enforcement dedicate resources to attribution, adding this was possible lower down the criminal infrastructure. “There's realms of opportunity as part of a disruption strategy,” he said.
The panelists said that, with cyber-crime-as-a-service emerging, the evidence suggests that as few as 1 in 200 are the enablers of such attacks, meaning that law enforcement agencies should be focusing their energies of technological disruption.

But the key to all of this, said the panel, was that only international collaboration would help bring cyber-criminals to justice. "We need to pool resources together, that's the way forward," said Driscoll.
SC Magazine:  http://bit.ly/1dS364R

« US Stuxnet Attack Against N. Korea Failed
Berners-Lee Urges UK to Fight 'snooper's charter' »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Herjavec Group

Herjavec Group

Herjavec Group's Managed Security Services practice defends your organization from increasingly sophisticated, targeted cybercrime threats.

Information Security Forum (ISF)

Information Security Forum (ISF)

The ISF is a leading authority on information security and risk management.

HumanFirewall

HumanFirewall

HumanFirewall makes it possible for every individual to take part in securing their organisation. With HumanFirewall, achieving security has never been easier.

SwiftSafe

SwiftSafe

SwiftSafe is a cybersecurity consulting company providing auditing, pentesting, compliance and managed security services.

Connectitude

Connectitude

Connectitude IIoT Platform ™ is a complete solution for industrial IIoT.

Vector Informatik

Vector Informatik

Vector Informatik is a specialist in automotove electronics and provides services, embedded software and tools for securing embedded systems against cyber-attacks.

Satori Cyber

Satori Cyber

The Satori Cyber Secure Data Access Cloud is the first solution on the market to offer continuous visibility and granular control for data flows across all cloud and hybrid data stores.

Skudo

Skudo

Skudo is dedicated to creating innovative best-in-class solutions that protect data exchange with the highest level of security and privacy.

NewAE Technology

NewAE Technology

NewAE Technology is revolutionizing the hardware security market by making every engineer and designer aware of side-channel power analysis and glitching as important attack vectors.

Binarly

Binarly

Binarly has developed an AI-powered platform to protect devices against emerging firmware threats.

GetHacked.ca

GetHacked.ca

GetHackded.ca is a certified company offering penetration testing and specialized cybersecurity services.

Cranium

Cranium

AI is being implemented into every business process, but nobody knows whether their AI is secure. Our mission is to deliver security and trust to the AI revolution.

FTI Consulting

FTI Consulting

FTI Consulting is a global business advisory firm dedicated to helping organizations manage change, mitigate risk and resolve disputes.

PixelQA

PixelQA

Are you looking for a security testing company to cross-check whether your software or mobile app has a possible security threat or not?

Siometrix

Siometrix

Siometrix addresses digital identity fraud. It steals your attacker's time and prevents many prevalent attack vectors.

HYCU

HYCU

HYCU was born of the need to simplify data protection and provide equivalent levels of backup and recovery support across on premises, public cloud, and SaaS workloads.