Attacks/Breaches
4/30/2014
10:55 AM
Connect Directly
RSS
E-Mail
50%
50%

European Police Seek Cybercrime Triage

Many organized cybercrime gangs operate beyond European and US borders -- or jurisdiction -- thus making online crime eradication impossible.

10 Ways To Fight Digital Theft & Fraud
10 Ways To Fight Digital Theft & Fraud
(Click image for larger view and slideshow.)

Should European cybercrime investigators triage more cybercrime cases and pursue fewer low-level cases while devoting greater resources to taking down the biggest organized crime gangs?

That suggestion was voiced in the opening keynote presentation delivered at this week's Infosecurity Europe conference in London by Troels Oerting, head of the European Cybercrime Centre (EC3) and assistant director for the operations department at Europol, which is the EU's law enforcement agency.

Troels Oerting, head of the European Cybercrime Centre and assistant director for operations at Europol
Troels Oerting, head of the European Cybercrime Centre and assistant director for operations at Europol

"We might also have to say no to some cases, like we do with bicycle theft," said Oerting. "There might be some cases that police do not prioritize, simply because we prioritize where the greatest harm is."

As anyone who's ever been the victim of bicycle theft knows, the police hardly launch an investigation every time someone files a complaint. But Oerting suggested that, with the quantity and severity of online attacks increasing, cybercrime cops should more purposefully allocate their scarce policing resources for maximum effect. Still, with so much online crime being -- by its very definition -- borderless, and increasingly disguised via anonymizing networks, would resource reallocation really take a big bite out of crime?

"Criminals can attack anyone, anytime, anywhere," said Oerting. "I'm getting gray hairs, because most of the criminal activity is being done via the darknet... which not even the NSA can penetrate."

[AOL warns subscribers to change passwords, be wary of all email from AOL addresses. Read more: AOL Subscriber Data Stolen: You've Got Pwned.]

According to Europol, Europe loses about €1.3 billion annually to credit card fraud alone.

Furthermore, online attacks against European targets continue to rise. According to a report issued this week by security firm FireEye, based on the 40,000 unique attacks and 22 million pieces of malware command-and-control communications the company saw at customers' sites in 2013, the four most malware-targeted European countries were Great Britain, Switzerland, Germany, and France -- accounting for 71% of all infected European systems.

Meanwhile, the advanced persistent threat (APT) attacks seen by FireEye primarily targeted Germany and the United Kingdom, with federal government agencies, energy firms, and financial services businesses the primary targets in what is typically a long-running operation. "Each APT event is an element in a long-term campaign against an organization in an industry -- try, try, try," said Simon Mullis, European systems integration technical lead at FireEye, in an interview at Infosecurity Europe. "You want to be careful, because when the APTs stop, they're already in."

According to data released earlier this month by Mandiant's FireEye, the average breach goes undetected for 229 days -- if it gets detected at all. In 67% of cases where breaches were detected, it was thanks to a third party, such as the FBI or Europol.

Europol's Oerting said his organization has been helping the 28 EU member countries bolster their information security investigation capabilities. "We've built up a heavy forensic capability to help the member states by assisting them in evidence-gathering."

Might better tools help, too? While acknowledging discussions in Britain, where elements of the coalition government would like to distance the country politically from the EU, Oerting lauded the EU for helping countries work together, not least when it comes to combatting crime and making related research and development funds available. "The EU has allotted €80 billion for research and development, and I intend to grab some of this money in order to ask the 28 member states: What types of tools do you need? Then we use the money, and give the tools back to the member states."

Then again, the origin of so many of today's online attacks won't be tough to trace. "My department works with Russian language speakers in about 75% to 80% of all our cases," Oerting said. But one long-standing challenge is that neither Russia nor Ukraine, which many security experts see as the biggest safe havens for criminals who launch online attacks, have extradition treaties with either Europe or the United States.

It's still tough for European or US police to catch criminals that foreign governments won't extradite. In computer crime cases involving Russian-language speakers, for example, Europol sometimes shares case information with its Russian counterparts and hopes local police follow it up. "Or we do it in the good old-fashioned police way -- we wait until they leave, and then we capture them," Oerting said.

But trying to arrest cybercriminals goes only so far. "We will not prosecute our way out of cybercrime," Lee Miles, deputy head of the UK National Cyber Crime Unit, which is part of the country's recently formed National Crime Agency, said Wednesday at an Infosecurity Europe panel discussion. "Many of the issues are jurisdictional," he noted, referring to the difficulty of prosecuting people in countries such as Russia. "Many of them are the sheer volume and anonymity, and many are the low-level individual crimes that don't really rise into organized criminality."

Given limited time and resources, accordingly, don't expect police to be able to pursue -- or prosecute -- every criminal who targets people online.

Cyber criminals wielding APTs have plenty of innovative techniques to evade network and endpoint defenses. It's scary stuff, and ignorance is definitely not bliss. How to fight back? Think security that's distributed, stratified, and adaptive. Read our Advanced Attacks Demand New Defenses report today. (Free registration required.)

Mathew Schwartz is a freelance writer, editor, and photographer, as well the InformationWeek information security reporter. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
5/1/2014 | 10:15:59 AM
The problem is too big.
In my opinion, the issue of investigating and prosecuting cybercriminals shouldn't completely falls on the government.  The problem itself is far too large for law enforcement to handle it on its own.  Corporations should take ownership in this problem as well.

For example, corporations should have the minimum responsiblity of securing their networks.  Many corporations leave their networks poorly defended which makes it extremely easy for attackers to infiltrate.  To use an analogy this would be like leaving your corporate building unlocked without security guards or cameras and then being surprised that someone robbed you blind.  

This shouldn't fall completely on governments as the problem itself is exacerbated by poor security practices by corporations.
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3366
Published: 2014-10-31
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.

CVE-2014-3372
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589.

CVE-2014-3373
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550.

CVE-2014-3374
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582.

CVE-2014-3375
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.