Taking on cyber criminals on the ‘dark net’ requires new expertise and cross-border laws given that it is too big a battle for any one police force, writes European Correspondent Ann Cahill.
TAKING on cyber criminals is a new frontier in policing — and one that is much too big a battle for any one police force. It is a field that requires new expertise, greater co-operation, and new legislation to uncover the ‘dark net’. It’s also a growing industry, with 2.5bn people having internet access and another 1.5bn expected in the next four years, so the scope for criminality is increasing.
The entry threshold is becoming quite low, with few technical skills needed. There is already a complete underground economy in place, where drugs, weapons, hired killings, child abuse, and stolen payment details are traded.
As demand grows, cyber criminals will also produce more and better malware, which are going mobile via smartphones and spreading across the globe as interconnectivity grows.
All of this means criminals will need new ways to launder money and this is likely to involve citizens and smaller companies, and drive the demand for e-currencies and other anonymous payment systems.
To counteract this, all kinds of organisations and individuals involved in the online industry are being enrolled under the umbrella of EC3 — the European Cybercrime Centre. When complete, it should be the world’s biggest virtual policing force.
The scale of cybercrime is massive, even at this relatively early stage of its development. In financial terms, victims lose about €290bn a year worldwide, making it more profitable than the global trade in marijuana, cocaine, and heroin combined.
The human cost is impossible to gauge, with the child pornography industry escalating from photographs of child abuse to live video feeds of children being raped to order, the abuse directed in real time by a viewer possibly on the other side of the world. And when the cameras are switched off, the evidence disappears.
The EU is a key target for cyber crime because of its advanced internet infrastructure and increasingly online- based economies. EC3, just one year in operation, links the investigations of all EU countries and shares the new kind of expertise needed.
So as well as linking up each country’s cybercrime police, EC3 is getting together with the biggest names in the IT industry, from Google and Microsoft to banking providers that make payments possible, and recruiting the experts that can track, trace, and bring down the criminals.
As cloud computing makes accessing data online easier for the ordinary user, it is being exploited even more quickly by criminals.
However, EC3 director Troels Oerting doesn’t like the suggestion that you need to set a thief to catch a thief. In internet terms, it would be a hacker. Yes, he says, EC3 employs hackers, but ‘white’ hackers — to do good. EC3 would refuse to employ anybody with a criminal record, says Oerting.
Another kind of expert high on the recruitment list is a Russian speaker, since about 80% of the global criminal trade speak that language. Those hired will not just be good linguists, they must also know Russian cyber slang.
Investigating cybercrime is still governed by law set up to detect a different type of crime — to track a computer’s IP address, for example, needs a court decision.
“We have to have a serious debate about this kind of thing — we are talking about serious criminals and I think EU citizens are able to understand that,” Oerting says.
However, following recent revelations about the NSA and Britain’s GCHQ tapping into all internet traffic, EU citizens may object to giving every police force more powers in this area. “It has to be done in openness and transparency,” said Oerting. “We cannot do it in a hidden way, we have learnt that from Snowden.”
Oerting says EC3 is working on setting standards for how it operates. It is also trying to make the internet more secure to prevent criminal use. This is increasingly important as credit cards become obsolete and more payments are made virtually, says Oerting.
“I’ve been a cop for 35 years and I’ve been born optimistic, but for the first time in my career, I’m a bit concerned,” he says.
“The intellectual challenge for fighting cybercrime is much more than fighting physical crime — there is no DNA, no physical traces; normal policing methods won’t work. I don’t know if the present rules will fit, but if not, we must find a way to adjust.”
EC3 must also find a way of paying for the work involved. Already, Oerting is aware of cases where the investigation was halted because it was considered it would cost too much.
EC3 is also enlisting the help of top researchers and scientists in the field, encouraging them to apply for funds from the EU’s research budget, known as Horizon 2020 and headed by Irish Commissioner Máire Geoghegan- Quinn. Despite the obstacles, there have been early successes. Some of the work EC3 has assisted in its first year includes:
- Co-ordinating 19 operations including against police ransomware that locks victims’ computers until they pay a ransom. There were 13 arrests, mainly in Spain, and networks were broken up;
- Supporting nine investigations into child sexual exploitation, including ‘sextortion’, where child abusers gain access to inappropriate pictures of young people and blackmail them into acts of abuse;
- Supporting 16 probes into payment fraud, including one in which 29 were arrested for stealing €9bn from 30,000 cardholders; 74 arrests followed fraudulent credit card purchases of airline tickets that led to human smuggling, drug trafficking, and other crime.
© Irish Examiner Ltd. All rights reserved