Fighting Digital Crime: Evolving Police Methods

Uploaded on 2017-08-21 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

The increasing number of cyber-attacks propagated by everyone from nation-state actors to average criminals is blurring lines between cyber-security and public safety, ultimately causing a shift in the role of government and law enforcement in protecting against these threats.
 
Verizon's 2017 Data Breach Investigations Report notes, "In addition to catching criminals in the act, security vendors, law enforcement agencies and organisations of all sizes are increasingly sharing threat intelligence information to help detect ransomware (and other malicious activities) before they reach systems."
 
Using their own behind-the-scenes collaboration venues, threat actors have also become increasingly well-armed and well informed. This can be countered by defenders through better sharing of information tied to trending campaigns, changes in attack vectors, and the emergence of new tools. 
Foreign enemies become domestic enemies from thousands of miles away, calling for not only a deeper investment in cyber-security skills and technologies but a broader framework for timely dissemination of intelligence across all global industry segments, both public and private.
 
Hackers Best Practice 
Cyber-criminal activity has seen an uptick in recent years as new tools and methods for hacking become more accessible. Frameworks and platforms sold in underground forums enable low-skilled attackers to evade defensive barriers, becoming today's petty criminals. 
For example, ransomware-as-a-service has emerged as an attack vector, allowing average Joes with little-to-no cyber knowledge to target both people and businesses using DIY ransomware. Additionally, the sophistication of new technologies used by hackers, such as artificial intelligence, makes malicious advances more difficult to detect.
Traditionally, law enforcement has played a role in cybercrime only after significant damage has been done, for example, when systems are held hostage by ransomware or significant corporate or personal data is stolen. 
However, as attacks become more frequent and the impact increasingly devastating, law enforcement, even on a local level, has a new obligation to establish an effective framework for digital crime-fighting.
 
Get Your Vaccine
According to Verizon's report, information sharing can "act like a vaccine" against cyber-attacks. The report states that the spread of threat information goes beyond "just the indicators of compromise (malware hashes, YARA rules and such), but also [includes] working with law enforcement to investigate and bring the perpetrators to justice. 
It also requires sharing the more general context of cyber-security incidents to inform prioritisation of cyber-security actions and law enforcement efforts to counter particularly damaging threats."
 
Using timely threat intelligence, law enforcement can alert both businesses and consumers of known and suspected attacks, helping them to take proper precautions to "immunise" themselves against the spread of things like malware. This means that as hacking tools and techniques become more widely available, critical threat information that can improve defenses must also become more broadly accessible.
 
So, how can law enforcement begin engaging more broadly in information sharing?
• Tools and communities: There are a number of resources immediately available, including intelligence industry initiatives like information sharing and analysis centers and open source threat feeds that provide relevant cyber-threat data and insights.
• Diversifying expertise: Developing the right expertise on staff, whether that means changing an existing employee's role or hiring an in-house threat analyst, can provide a more direct connection to the intelligence community, and help law enforcement agencies maximize the information they have.
• Establishing the right partners: Threat intelligence partners can range from security vendors to local DHS fusion centers. These partners can provide common indicators and historical context that help prevent attacks, as well as best practices for incident response in the event a breach occurs.
• Focus on forensic data: Leveraging in-house or external digital forensics and incident response resources as sources for key bits of data either during or after cyber-attacks can yield valuable information in the fight against cyber-criminals. 
Sharing information gathered with other law enforcement entities, organisations specialising in post-breach forensics and incident response, companies that have their own incident response resources, and government institutions can create a collective of expert knowledge that is a formidable counter to cyber-criminal activity.
 
Although it is impossible to prevent cyber-criminals from attempting attacks, organisations that properly take advantage of threat information can detect adversaries before they can do damage. Law enforcement plays an important role in this collaboration. 
 
By following best practices for threat intelligence sharing and taking a proactive approach, law enforcement can help pass along important information quickly, and thus enable organisations across all sectors to make better judgments and stop the bad guys in their tracks.
 
Dark Reading
 
You Might Also Read:
 
German Police To Hack Suspect Devices:
 
London Police Hampered By Encryption:
 
Police Can’t Reduce Cybecrime:
« N. Korea Will Unleash Cyber Attacks On The US
Loss Of Cyber Expertise Is A Problem For Trump »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Rackspace Technology

Rackspace Technology

Rackspace Technology is a leading provider of managed services across all major public and private cloud technologies. Secure your IT environments with powerful cloud security solutions and support.

maCERT

maCERT

maCERT is the national Computer Emergency Response Team for Morocco.

PRODAFT

PRODAFT

PRODAFT, Proactive Defense Against Future Threats, is a cyber security and cyber intelligence company providing solutions to commercial customers and government institutions.

limes datentechnik

limes datentechnik

limes datentechnik is an authority in the fields of cryptography and data compression. The FLAM product family is an internationally accepted standard for efficient and safe handling of data.

WISeKey

WISeKey

WISeKey is a leading cybersecurity company currently deploying large scale digital identity ecosystems for people and objects using Blockchain, AI and IoT.

Rublon

Rublon

Rublon protects endpoints, networks and applications by providing trusted access via two-factor authentication (2FA).

Cynterra

Cynterra

Cynterra is a next generation cloud cyber security and data analytical service provider offering cloud security compliance, data protection, visibility and threat protection services.

Bureau Veritas

Bureau Veritas

Bureau Veritas are a world leader in Testing, Inspection and Certification. We provide certification and training services in areas including cybersecurity and data protection.

Cyolo

Cyolo

Cyolo’s Secure Access Service Edge (SASE) platform securely connects onsite and remote users to authorized assets, in the organizational network, cloud or IoT environments and even offline networks.

TAV Technologies

TAV Technologies

TAV Technologies is a provider of technology services to the aviation industry in areas including airport infrastructure systems, digital transformation and cybersecurity.

Snowflake

Snowflake

Empower your cybersecurity and compliance teams with Snowflake. Gain full visibility into security logs, at massive scale, while reducing costs of Security Information and Event Management systems.

iSTORM

iSTORM

iStorm specialise in supporting organisations who require a range of Privacy, Security and Penetration testing related services.

BastionZero

BastionZero

BastionZero is leveraging cryptography to reimagine the tools used to manage remote access to servers, containers, clusters, applications and databases across cloud and on-prem environments.

Corona IT Solutions

Corona IT Solutions

At Corona IT Solutions, our team of specialists in networking, wireless and VoIP are dedicated to providing proactive monitoring and management of your IT systems.

Invictus International Consulting

Invictus International Consulting

Invictus International Consulting are a recognized leader in full-spectrum cyber technology solutions designed to protect the security of our nation's global defense and critical infrastructure.

Teal Technology Consulting

Teal Technology Consulting

TEAL Technology Consulting is your trusted advisor for all your information security needs.