Attacks/Breaches
4/30/2014
10:55 AM
Connect Directly
RSS
E-Mail
50%
50%

European Police Seek Cybercrime Triage

Many organized cybercrime gangs operate beyond European and US borders -- or jurisdiction -- thus making online crime eradication impossible.

10 Ways To Fight Digital Theft & Fraud
10 Ways To Fight Digital Theft & Fraud
(Click image for larger view and slideshow.)

Should European cybercrime investigators triage more cybercrime cases and pursue fewer low-level cases while devoting greater resources to taking down the biggest organized crime gangs?

That suggestion was voiced in the opening keynote presentation delivered at this week's Infosecurity Europe conference in London by Troels Oerting, head of the European Cybercrime Centre (EC3) and assistant director for the operations department at Europol, which is the EU's law enforcement agency.

Troels Oerting, head of the European Cybercrime Centre and assistant director for operations at Europol
Troels Oerting, head of the European Cybercrime Centre and assistant director for operations at Europol

"We might also have to say no to some cases, like we do with bicycle theft," said Oerting. "There might be some cases that police do not prioritize, simply because we prioritize where the greatest harm is."

As anyone who's ever been the victim of bicycle theft knows, the police hardly launch an investigation every time someone files a complaint. But Oerting suggested that, with the quantity and severity of online attacks increasing, cybercrime cops should more purposefully allocate their scarce policing resources for maximum effect. Still, with so much online crime being -- by its very definition -- borderless, and increasingly disguised via anonymizing networks, would resource reallocation really take a big bite out of crime?

"Criminals can attack anyone, anytime, anywhere," said Oerting. "I'm getting gray hairs, because most of the criminal activity is being done via the darknet... which not even the NSA can penetrate."

[AOL warns subscribers to change passwords, be wary of all email from AOL addresses. Read more: AOL Subscriber Data Stolen: You've Got Pwned.]

According to Europol, Europe loses about €1.3 billion annually to credit card fraud alone.

Furthermore, online attacks against European targets continue to rise. According to a report issued this week by security firm FireEye, based on the 40,000 unique attacks and 22 million pieces of malware command-and-control communications the company saw at customers' sites in 2013, the four most malware-targeted European countries were Great Britain, Switzerland, Germany, and France -- accounting for 71% of all infected European systems.

Meanwhile, the advanced persistent threat (APT) attacks seen by FireEye primarily targeted Germany and the United Kingdom, with federal government agencies, energy firms, and financial services businesses the primary targets in what is typically a long-running operation. "Each APT event is an element in a long-term campaign against an organization in an industry -- try, try, try," said Simon Mullis, European systems integration technical lead at FireEye, in an interview at Infosecurity Europe. "You want to be careful, because when the APTs stop, they're already in."

According to data released earlier this month by Mandiant's FireEye, the average breach goes undetected for 229 days -- if it gets detected at all. In 67% of cases where breaches were detected, it was thanks to a third party, such as the FBI or Europol.

Europol's Oerting said his organization has been helping the 28 EU member countries bolster their information security investigation capabilities. "We've built up a heavy forensic capability to help the member states by assisting them in evidence-gathering."

Might better tools help, too? While acknowledging discussions in Britain, where elements of the coalition government would like to distance the country politically from the EU, Oerting lauded the EU for helping countries work together, not least when it comes to combatting crime and making related research and development funds available. "The EU has allotted €80 billion for research and development, and I intend to grab some of this money in order to ask the 28 member states: What types of tools do you need? Then we use the money, and give the tools back to the member states."

Then again, the origin of so many of today's online attacks won't be tough to trace. "My department works with Russian language speakers in about 75% to 80% of all our cases," Oerting said. But one long-standing challenge is that neither Russia nor Ukraine, which many security experts see as the biggest safe havens for criminals who launch online attacks, have extradition treaties with either Europe or the United States.

It's still tough for European or US police to catch criminals that foreign governments won't extradite. In computer crime cases involving Russian-language speakers, for example, Europol sometimes shares case information with its Russian counterparts and hopes local police follow it up. "Or we do it in the good old-fashioned police way -- we wait until they leave, and then we capture them," Oerting said.

But trying to arrest cybercriminals goes only so far. "We will not prosecute our way out of cybercrime," Lee Miles, deputy head of the UK National Cyber Crime Unit, which is part of the country's recently formed National Crime Agency, said Wednesday at an Infosecurity Europe panel discussion. "Many of the issues are jurisdictional," he noted, referring to the difficulty of prosecuting people in countries such as Russia. "Many of them are the sheer volume and anonymity, and many are the low-level individual crimes that don't really rise into organized criminality."

Given limited time and resources, accordingly, don't expect police to be able to pursue -- or prosecute -- every criminal who targets people online.

Cyber criminals wielding APTs have plenty of innovative techniques to evade network and endpoint defenses. It's scary stuff, and ignorance is definitely not bliss. How to fight back? Think security that's distributed, stratified, and adaptive. Read our Advanced Attacks Demand New Defenses report today. (Free registration required.)

Mathew Schwartz is a freelance writer, editor, and photographer, as well the InformationWeek information security reporter. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
5/1/2014 | 10:15:59 AM
The problem is too big.
In my opinion, the issue of investigating and prosecuting cybercriminals shouldn't completely falls on the government.  The problem itself is far too large for law enforcement to handle it on its own.  Corporations should take ownership in this problem as well.

For example, corporations should have the minimum responsiblity of securing their networks.  Many corporations leave their networks poorly defended which makes it extremely easy for attackers to infiltrate.  To use an analogy this would be like leaving your corporate building unlocked without security guards or cameras and then being surprised that someone robbed you blind.  

This shouldn't fall completely on governments as the problem itself is exacerbated by poor security practices by corporations.
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0914
Published: 2014-07-30
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management f...

CVE-2014-0915
Published: 2014-07-30
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8...

CVE-2014-0947
Published: 2014-07-30
Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site.

CVE-2014-0948
Published: 2014-07-30
Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive.

CVE-2014-2356
Published: 2014-07-30
Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request.

Best of the Web
Dark Reading Radio