Digital Shock: Part 1

Digital Shock

This Article Is Available To Premium Subscribers: Please LogIn Or Subscribe

A Three Part: Introduction to Cyber-Crime and its Effects on Current UK Policing 

Part 1: - The 4th Industrial Revolution and the Emergence of Cyber Crime

British police forces have spent small amount of money over the last three years on training their staff on cyber-security issues.

The whole of the UK police forces have spent just £1.3 million on cyber-crime training in the last three years yet cyber-crime is on the rise and will continue to pose a serious threat to UK businesses, consumers and critical national infrastructure. 

This in turn, places huge pressure on our Police forces to ensure that officers, staff, new recruits and trainees are fully prepared to handle increasingly complex investigations. 

The highest cyber training spender was North Wales Police which spent more than £375,000 in the past three years.
West Mercia and Warwickshire Police submitted a joint response which saw them reach second place with a total spend of £125,633. Lincolnshire was third with £119,834, followed by West Midlands Police, Police Scotland, and British Transport Police. The Port of Dover spend absolutely nothing on cyber training, as did the police force Gloucestershire Police. Gloucestershire Police has just 11 cyber-crime training policemen.

However, across the UK identity thieves are stealing and using the publics personal data. The identity theft process is getting smarter, far more organised and they are using the publics information for their personal gain.  

Unfortunately, currently the UK police lack the required IT resources as the government have not adequately financially responded to the growing cyber-crime issue and therefore the equipment and skills to follow, track and arrest the dark web criminals is not happening.

The UK public are left in the dark and still believe that crime is decreasing overall whereas when cyber-crime is included it is certainly rising. 

Background
We are at the beginning of an electronic revolution that like earlier industrial revolutions will substantially alter and change our society, the way we live, our engagement with others and this one will alter us as individuals. 
This revolution is a significant development and intergration of digital, physical and biological systems which will change our individual, national and global electronics, which has been called a Cyber Innovation or Web 0.3, but is probably best described as the 4th Industrial Revolution. 

This transformation is already beginning to alter the way we live and experience life and it will happen far faster than previous industrial revolutions. 

This new electronic revolution is developing by employing emerging computing technologies such as cognitive electronics and using advanced analysis, nanotechnology, biotechnology, and quantum computing to develop everything from new methods of commercial production, to specific recognition and robotic bio-technology.  This process will alter everything from enhance human brain thinking to automated avionics and robotics and this process will change all types of jobs within education, business, policing, the military and government.

By connecting even more billions of people using mobile devices, electronic connections, storage capability, information accessibility and processing power this revolution will substantially increase the size of the interconnected the world. 

This 4th Industrial Revolution is merging the physical, electronic and biological domains.

It represents a significant transformation from mechanical and analog into a new global interrelated data information revolution perhaps better defined as the Cyber Digital Age which, integrates the physical, cyber and biological areas. This revolution will also encourage even more information, news, data, and emotional sharing as well as potentially increasing new methods of propaganda, spying, theft and electronic warfare across the world. 

All forms of electronic connection, communication and attack have become digitised and radically transfigured into a new digital revolution, where different types of computers are becoming the new brain child of our culture. Just as the mechanisation of agriculture and then production took over the mussels and body of our workers so the computer begins to replace our brains but this process has taken nearly two hundred years.

Computer history began with Charles Babbage, a Cambridge University Professor, who in 1837 designed the first computer called the Analytical Engine. The machine’s programing process was invented by Ada Lovelace, the daughter of Lord Byron the English poet, and she became the first computer programmer.  However, the Analytical Engine did not get built, and it was a hundred years later Alan Turing also from Cambridge University created arguably the first complex working computer that changed secret Intelligence collection and propaganda helping the Allies to win the 2nd World War. And so the development and engagement with computing began from an academic and government perspective and developed into digital information technology and has created Cyber-Space.

This new expanding area known as CyberSpace can be visualised as a vital electronic layer, similar to a nervous system running through many national and international sectors and systems. 

The concept of CyberScape is used to describe the systems and services directly or indirectly connected to telecommunications, electronic systems and IT computer networks and this enables everything from electricity, power supplies, water systems, transportation and digital infrastructures, like the Web, to communicate, operate and function effectively.

The very nature of the Internet creates global collaboration that is changing the way in which we view social connections and national borders. Now the modern globalised society is increasingly dependent on an array of organised and sometimes randomly interrelated electronic infrastructures. 

Many organisations see Cyber as a growing intellectually connected strategic and tactical policy network that has current and evolving opinion, news analysis and opportunities, but with significant security issues that can be used to steal and monitor an individual’s and an organisational data.

Networks leave "exhaust" data, which relates to the activities and transactions of network traders and collaborators, which in turn tells us forensically much about what happened with the data’s use and it allows criminals to track and steal criminally relevant data. 

We are usually unable to trap and reutilise this in the physical world. But in the cyber world we can. This is the powerful data that makes networks more efficient, individuals, customers better served, companies more knowledgeable. It is also a huge source of insecurity, and we have tended to trade off these disadvantages against the upside but we should do so no more.
This electronic arena offers us ways to understand and communicate with different communities, commercial activities and to have global conversations allowing us opportunities to change activities and to alter what we, as individuals understand, and the organisations we work for and with, will become in the future. 

Cyber-space has already transformed many areas of an organisation’s operational and commercial engagement. It is evolving from a technical and often complex ecosystem, into a range of global and tactical actions, and has now broadened into a strategic systems planning requirement. From 2000 to 2015, the number of global Internet users rose from 394 million to 3.4 billion and today there are over one billion Google searches every day, 300m Internet users reading blogs and two billion videos viewed daily on YouTube. The average user spends 15 hours a week online.

The next phase of business web/cyber innovation is the ability to collect, deeply analyse and commercial process global data and an organisation’s connections. This will enable far deeper analysis and comprehension of information and electronic relationships. 

This process will change the way in which we work and innovate processes and it will change an organisation’s ability to significantly understand their market position and their capability to commercially operate. This is the next major phase of global change and it is already known as the 4th Industrial Revolution and can be called the Semantic Cognitive Search or Digital Revolution or more simply Web 3.0.

Semantic computing automates and makes the cognitive, the IT thinking processes, work. It involves defining, modeling, translating, transforming, and querying the deep meanings of words, phrases, and concepts.
Cognitive computing refers to the ability of automated systems to handle critical, logical and reasoning modes of thought. 
Semantic computing is what natural language processing, the heart of cognitive computing, is doing. Data scientists use cognitive-computing tools, natural language processing, pattern recognition, and machine learning, to extract the implicit understanding from unstructured content sources. The extracted entities, relationships, facts, sentiments, and other artifacts are used to fashion the Semantic Web. 

It offers something similar to a sophisticated automatic encyclopedia, which constantly analyses masses of stored Internet data.

Government and Police Involved in Cyber Security 

The advance of digital technology and the greater access to personal and corporate information and data has created a global black market for stolen data and personal private information. As a result, the improved hacking and information theft has affected all sectors of the global economy. 

In 1989, Sir Tim Berners-Lee proposed a vision of a world-wide web that would become integrated into everyday life to the extent where it would no longer be separate from reality. Almost thirty years later and 82% of the British adult population, around 41.8 million, accesses the Internet daily or almost daily, while internationally, over 50% some 3.2 billion of the world’s population have some form of access. 

Today over half of the world’s population, of 7.6 billion, use the Internet and this usage has grown by over twenty times in a decade. And the issues that need to be understood and engaged with have grown from an electronic and computing technical understanding to one of planning, strategy and tactics by everyone from a government down to an individual level. The concepts of Cyber and CyberSpace are used to describe the systems and services directly or indirectly connected to the Internet, telecommunication systems, the Web and all the inter-connected electronic and computer networks. 

From a government, intelligence agency and border policing perspective the strategy required to deal with CyberSpace has some historic similarities to the way in which oceans were used by nations and groups for inter-national exploration, research, trade, military and naval attacks and piracy. 

The oceans have similarities in this model to the current Internet and the Web is similar to trade routes and the piracy, which was used on the trade routes as hacking is now used on the Web and across different aspects of the Internet. Piracy was also used by governments, who often called it privateering, as well as by groups of independent pirates. Piracy was gradually contained and finally internationally significantly reduced, but this process took a very long time. 

It required government agreements, extensive intelligence analysis and naval engagement before the reduction of piracy was achieved. However, this extended process took centuries to accomplish real success and finally significant aspects of it were outlawed by the Peace of Westphalia and put into international treaties by the Declaration of Paris in 1856. And in the 20th century, when the invention of aeroplanes changed many national views on international air space, it came to governments and corporates to review and legalize international flights. 

The process of agreements on across border flights, although sometimes difficult was far more effective and faster as a process than the time shipping and piracy agreements had taken. A similar type of process is needed by current governments to achieve Cyber agreements and to reduce the costs of Cyber-Crime. 

Not only did these historic agreements alter commerce and international trade economics, they also changed the ways in which secret intelligence organisations operated in the new environment. 
We have now gone, in a relatively short space of time, from senior politicians and ministers of state saying that government’s don’t read a ‘Gentlemen’s mail’, to Snowden’s ‘revelations’ that government’s do occasionally review your social network profile, and they do occasionally read your email. Yet openly they have claimed that they don’t.

The Dark-Net’s Deep Web 

Although the concepts of the Deep Web and the Darknet have been in existence since the World Wide Web became popular in the mid- 1990s, the growth of the Deep Web and Darknet did not gain broader public attention until the arrest of the “Dread Pirate Roberts,” also known as Ross William Ulbricht, in October 2013. 

Ulbricht gave “Silk Road” a new meaning to the public as the creator and operator of an online marketplace of the same name, where users could find all manner of contraband, particularly illegal drugs. The FBI estimated that the Silk Road marketplace had processed more than $1.2 billion in sales by July 2013 involving 150,000 anonymous customers and around 4,000 vendors. 

The Deep Web and Darknet have also quickly become fixtures in popular culture, playing a key role in the US House of Cards series, when a reporter uses it to hire a Hacker to dig for dirt about the government. More recently, the Deep Web is also the theme of a new documentary by Alex Winter about Ulbricht, who was eventually convicted of a series of federal crimes related to his black market activities. 

It is not the first time Hollywood has played an important role airing issues surrounding emerging technology. 
With the Deep Web, Hollywood is ahead of the scholarly and policy community in raising public awareness of the multi-faceted implications of the rapidly expanding unindexed Internet. But policymakers and scholars must catch up. In this policy brief, we provide an introduction on the Deep Web and Darknet, how they are accessed, and why policymakers should care about them. 

World of Cyber-Crime and how to beat the Hackers

Without question, cyber-criminals are the New Mafia of today’s world. Though care is taken to shroud their operations, their sophistication, execution and malice are aligned with those historically practiced by criminal organisations
Although the specifics of cyber-crime may be unclear to many, we can draw parallels between the approach, structure and malice of these attacks that were historically practiced by traditional mafia gangs.

What is Cyber-Crime?

The global cost of Cyber Crime is estimated to reach $2 trillion by 2019, a threefold increase from the 2015 estimate of $500 billion. Cyber-crime comes in many forms and advances are being made all the time, criminals are either looking to cause disruption and bad press stories to businesses by taking down IT systems, or for financial gain.
The common forms of cyber-crime are considered as:

Phishing: bogus emails that may look like they come from a trusted source asking for security information and personal details.
File hijacker: where criminals hijack files and hold them to ransom. This is also known as ransomware.
Keylogging: where criminals record what you type on your keyboard and steal passwords and personal information.
Screenshot manager: allows criminals to take screenshots of your computer screen.
Ad clicker: criminals will create online adverts that direct a victim’s computer to click a specific link.

What are the consequences of a cyber-attack?

PR Damage: many businesses do not consider the reputational damage an attack could have on their business, especially if data is stolen.
Commercial Down Time: even if you do not pay cyber criminals you may well experience business down time which will lead to financial loss.
Lost-time: if you fall victim to a cyber-attack you are more than likely to experience business down time. Could your business operate without data, documents or email?
Legal: There may be legal implications, if you do not have the correct security and data protection regulations in place you may be liable for GDPR and the rest.
Individually: Over £1bn has been stolen from UK bank accounts through credit and debit card fraud in the past 12 months, our research has shown.

Worryingly, these kinds of online attacks can be as devastating as real-world crime. For instance, ILoveYou or Love Bug or Love Letter, is a worm spread via email with an attachment which overwrote random types of files, including Office files, image files, and audio files. It then sent itself to all of the addresses in Windows Address Book, causing it to spread rapidly.
The worm was thought to have caused at least $8.7 billion in damages globally and a further $15 billion was required to eliminate it. At least 10% of the world’s Internet-connected computers were probably affected. The Petya attack is a recent example of how dangerous these attacks can be.

The New Gangs

Crucial to beating these new gangs is understanding their motives and operations. These online operators are comparable to traditional crime families, with four distinct groups emerging. These are:

1. Traditional gangs – Taking the motivations of traditional organised gangs (the theft and sale of goods to the online world) this group is comprised of pre-existing groups and hackers that are co-opting those with the skills to help them remain on top. 
2. State-sponsored attackers – This group is interested in sabotage and corporate theft, with the aim of stealing information and interfering with political activity. Blurring the boundaries of cyber-crime and cyber warfare, their actions may be subtler than others but are no less devastating.
3. Ideological hackers – Often attempting to use the threat of leaking classified information, this gang is renowned for acting on what they deem moral and ethical duty. They can often pressure their victims to act in their favour by seeking to destroy the reputations of high profile organisations.
4. Hackers-for-hire – Comparable to paid guns-for-hire, these individuals operate with an emphasis on the reliability of their service. The most significant change here is the vanishing of the need for technical knowledge. Would-be cyber criminals now no longer need to learn the appropriate skills, but can instead pay to the carry out of their crimes.

The growing sophistication of these emerging groups and the ability to evade detection means that in some cases, businesses may only realise they have been a victim months or years down the line. The various ways in which they can be targeted, such as IP theft, data breaches and theft of funds can lead to confusion around the size and scope of threats.

A Business - Not an IT issue

This variety should force business leaders into considering some hard truths about cyber-crime. More often than not, it is considered the domain of CIOs and IT departments, with technologists more likely to be honest about the potential threats being faced. This is a flawed approach as the strategies needed to combat these complex attacks should to be central to general business plans, making it the domain of chief executives.

From reception desks to external vendors, there is an endless array of potential vulnerability points within any organisation. The idea of a CEO championing cybersecurity will evoke a bigger shift towards recognising that knowledge of security practices have permeate across a business and from the top down.

These new gangs may seem far reaching and impossible to bring out of the shadows, but individuals and businesses have a chance to be the vigilantes in this fight. Pooling collective knowledge and building awareness will not only shed light on the nefarious activity being carried out by these elusive gangs. It will also foster a ‘no fear’ attitude when it comes to sharing how you have been affected, and learn from each other’s experiences. However, because cyber-crime is relatively emergent in comparison to traditional crime, there is still some resistance among legislators to recognise its financial and emotional toll. This will lead to under-reporting of this kind of crime and further adds to the feeling of helplessness of the victim.

Public shaming is a mistake as no one is immune to a cyber-attack. If treated as a learning experience where there is no fear of punishment or reprisal, we will create an environment where confidence is built and the flow of information is encouraged. 
Creating a network where the risks are better communicated will enable businesses and individuals alike to better identify and avert threats as soon as possible.

Without accepting, sharing and learning from our experiences, these criminal cyber groups will continue to operate underground, much like their historical counterparts. Rather than minimising the blow and covering up the damage of cyber-crime, businesses, government and the police now have the opportunity to fight back. 

They must start immediately.

References:

ParliamnetStreet:   SCMagazine:    Portsmouth University:      Silicon:
 

Alfred Rolington – Cyber Security Intelligence Ltd.