How Do We Catch Cybercrime Kingpins?Police In Pursuit of Top 200 Online Attack Enablers
What if just 200 people facilitated the vast majority of the world's online attacks by building and selling the core infrastructure and attack tools relied on by cybercriminals?
In fact, law enforcement officials and information security experts believe that the "cybercrime as a service" ecosystem is largely built on the efforts of between 100 and 200 people, said Andy Archibald, deputy director of the National Cybercrime Unit for the U.K. National Crime Agency, during the "Know Your Adversary: Who is the Cybercriminal?" panel discussion at Infosecurity Europe this week in London.
Archibald said that law enforcement agencies continue to devote resources to disrupting cybercrime operations. That includes efforts aimed at so-called "bulletproof" hosting providers that promise uptime and not worrying about what their customers are doing; services designed to make malware evade anti-virus detection; as well as the money mules who launder dirty money into legitimate funds. But Archibald added that it is also important to try to identify the engineers who develop today's top cybercrime services and capabilities.
Cue this Machiavellian comment from the Infosec Europe audience: "If you look at terrorism, we suspend certain levels of rights for these people," one attendee said, mentioning state-sponsored assassinations and kidnapping - a.k.a. drone strikes and extraordinary rendition. "Maybe you use a somewhat direct approach - in the same way that you take out a bomber, you take out those 200 individuals."
"Drone strikes in London are frowned upon," replied panelist Michael Driscoll, the London-based assistant legal attachÃ© for the FBI, sparking laughter from the audience. "It's easy to be flippant about that, I guess, but that's where we're going to focus our resources - on the people who do the most damage. And we'll take whatever tools we can to go after them. Some places it's going to be arrest and handcuff them; in others places it's going to be out and identify them because they're beyond our reach, currently."
"There are different ways of disrupting them, rather than necessarily arresting them," said panelist Alan Woodward, a visiting professor at the Center of Cybersecurity at the University of Surrey, who's also an adviser to Europol. The FBI, for example, has issued "wanted" posters for cybercriminals who reside in countries that lack extradition treaties with the United States to entice others to turn these people in, for a sizeable reward (see FBI Hacker Hunt Goes 'Wild West').
But Woodward noted that much of the Internet's infrastructure does not operate beyond the reach of the law. "An awful lot of people seem to think of the Internet as this ethereal thing," he said. "It's not. At the end of the day, it is wires and fibers and servers that are run by companies. And if they are helping to enable crime, then actually they can be got at quite effectively often as well."
The NCA's Archibald also says that efforts such as the relatively nascent Europol European Crime Center, or EC3 - which is helping law enforcement agencies in the EU and beyond to coordinate their cybercrime policing efforts - would be crucial to disrupting networks of criminals who use online attack capabilities, as well as the relatively small number of people who supply their tools. "It may be 100, it may be 200, and the effort there [to disrupt them] has to be collaborative, and it has to be international."
Panel moderator Brian Honan, who heads Ireland's computer emergency response team, noted that back in 2009, to better tackle online crime, Eugene Kaspersky - who founded and now heads the Moscow-based security firm Kaspersky Lab - called for the launch of an Internet police force. And while none of the cybercrime panel participants said they believed that such a force could be made viable today, none of them dismissed the concept outright, either.
"An Internet police force? ... I would never say never, because some of the things and some of the sharing that I see now, I wouldn't have believed 10 years ago," Archibald said. "So we have made progress."