FBI, Europol and NCA Want Global Approach to Fighting Cyber-Crime

Uploaded on 2015-06-11 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Law

infosec-15-law-enforcement-540x334.jpg?1433736416

A high-level panel of law enforcement experts discussed cyber-crime policing during the ‘Know your adversary: Who is the cyber-criminal?' keynote at InfoSec Europe in London, which was moderated by BH Consulting's Brian Honan.

Andy Archibald, deputy director of the National Crime Agency's National Crime Unit (NCCU), started the conservation saying that cyber-crime is, and remains, a major challenge for law enforcement. “The way cyber-crime has changed criminality is the biggest challenge for law enforcement, certainly during my time in law enforcement,” he said.
FBI's assistant legal attaché Michael Driscoll agreed and said that there are especially concerns around evidence gathering, given the global nature of such attacks. “The realm has changed when it comes to looking at the criminal threats for us. We are no longer back in the days when we're working on bank robberies and organised crime, where we could rely on law enforcement to obtain records needed, and seek out those responsible. 
“As things move more and more to cyber realm that becomes more difficult for us…We can't access that information, we don't see as quickly as you do out in the private sector, especially those who work in the security sector, those are the ones who are seeing it frequently before we do.”

Wil Van Gemert, deputy director of operations and acting head of Europol's European Cybercrime Centre (EC3), said that the cyber-crime threat is very real, as also indicated by GCHQ director general Ciaran Marti, and he sees traditional organised gangs move into this field. He said that cyber-crime-as-service, anonymisation via DarkNet and encryption were problems for law enforcement, continuing that encryption was "for law enforcement, not in balance at this moment".
On the threats in cyber space, FBI's Driscoll added that he was struck how similar the threats are internationally, citing botnets, malware, DDoS, and said that the volume of low level fraud on the internet is ‘staggering'. He said average bank robbery yield similar rate to online fraud, saying that FBI's own Internet Crime Complaints Center receives 22,000 online complaints a month, 270,000 roughly in a year. “We think, and the numbers verify this, that's about 10 percent what goes on,” he said of cyber-crime reporting, adding that it would likely be the same scenario in the UK.
Archibald agreed that the threats are similar across the globe, pointing to the NCA's own work disrupting the Shylock and Gameover Zeus botnets, and said that impact sustained in these attacks would be “no different” to any financial services company, wherever they may be in the world.

Professor Alan Woodward, a Europol advisor and visiting professor of the Surrey Centre of Cyber Security at the University of Surrey, said that "it wasn't as simple" as China being responsible for stealing IP and Russia for targeting financial services.
“The fact is that we now have organised crime gangs, they are international, and they don't come from one place. The C&C (command and control) might be in the UK but the gang itself might be in Ukraine. Its do disrupted that the only way you can fight this is with international collaboration,” he said.

Archibald added that it remains ‘really important' that law enforcement dedicate resources to attribution, adding this was possible lower down the criminal infrastructure. “There's realms of opportunity as part of a disruption strategy,” he said.
The panelists said that, with cyber-crime-as-a-service emerging, the evidence suggests that as few as 1 in 200 are the enablers of such attacks, meaning that law enforcement agencies should be focusing their energies of technological disruption.

But the key to all of this, said the panel, was that only international collaboration would help bring cyber-criminals to justice. "We need to pool resources together, that's the way forward," said Driscoll.
SC Magazine:  http://bit.ly/1dS364R

« US Stuxnet Attack Against N. Korea Failed
Berners-Lee Urges UK to Fight 'snooper's charter' »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

SySS

SySS

SySS is a market leader in penetration testing in Germany and Europe.

Zettaset

Zettaset

Zettaset’s XCrypt Data Encryption Platform delivers proven protection for Object, Relational/SQL, NoSQL, and Hadoop data stores…in the cloud and on-premises.

Bounga Informatics

Bounga Informatics

Bounga Informatics provides Digital Forensics, E-Discovery, and Endpoint Security software, hardware, and training in Singapore and other countries in Asia Pacific.

J2 Software

J2 Software

J2 Software is a leading African Information Security and ICT business providing information security, governance, risk and compliance solutions.

National Initiative for Cybersecurity Education (NICE) - USA

National Initiative for Cybersecurity Education (NICE) - USA

NICE is a partnership between government, academia, and the private sector focused on cybersecurity education, training, and workforce development.

First Point Group (FPG)

First Point Group (FPG)

First Point Group provide a global technological recruitment service worldwide. Within that we have a specialist team of Cyber Security recruiters.

Ksmartech

Ksmartech

Ksmartech provide services related to security and authentication in all areas where the connection of people to objects, and objects and objects is necessary.

CyberSN

CyberSN

CyberSN is your essential partner in cybersecurity workforce risk management offering solutions that empower leaders to diversify, acquire, retain, and develop their cybersecurity teams.

Pentesec

Pentesec

Pentesec is a security specialist offering professional services, managed security services and expertise within an extensive range of security technologies.

Network Perception

Network Perception

Network Perception proactively and continuously assures the security of critical OT assets with intuitive network segmentation verification and visualization.

Oivan

Oivan

Oivan harnesses the strengths of the web, mobile, cloud, cybersecurity, and blockchain technologies to help our clients to launch transformative digital services.

SGTech

SGTech

SGTech is the leading trade association for Singapore's tech industry, offering focused support and development to both strategic and emerging sectors in the industry.

Metmox

Metmox

Metmox mission is to be trusted advisor and partner to protect our customer’s evolving Cloud, Network, Application, IT infrastructure and cybersecurity needs.

Myrror Security

Myrror Security

Myrror Security is a software supply chain security solution that aids lean security teams in safeguarding their software against breaches.

HP Wolf Security

HP Wolf Security

HP Wolf Security protects your organization and devices from cyberattacks no matter where, when or how you work.

Jersey Cyber Security Centre (JCSC)

Jersey Cyber Security Centre (JCSC)

Jersey Cyber Security Centre is the jurisdiction's Cyber Emergency Response Team (CERT) and national technical authority for cyber security.