Cyber crime is forcing police and law enforcement agencies to rethink the basic skills needed for the job, according to a panel of experts at Infosecurity Europe 2013 in London.
The US Federal Bureau of Investigation (FBI) is hiring more computer scientists than ever before, said Scott Cruse, legal attaché for the FBI at the US embassy in London.
“With cyber crime a fast-emerging threat and cyber attacks being recognised as a threat to national security, we have to re-tool and training priorities are changing to include cyber threats,” said Cruse.
Part of the role of the FBI’s 75 legal attachés is to grow the agency’s knowledge and capabilities through developing collaborative relationships with academics and other cyber experts.
Similarly, in the UK, there is a growing need to increase police capacity to deal with cyber crime, said detective superintendent Charlie McMurdie, who heads the Metro Police Central e-Crime Unit (PCeU).
“Ensuring that law enforcement capability is fit for purpose to respond to industry and other victims of cyber crime is one of the biggest concerns for me,” she said.
Providing support nationally to investigate and mitigate cyber crime is a challenge for the PCeU, which currently has only around 100 members.
There is a need to raise the knowledge and capability across the members of all UK police forces, said McMurdie, although the PCeU is to be complemented with a new national cyber crime unit in October.
Read more from Infosec 2013:
- Infosec 2013: Cyber threats unlikely to disappear, says security researcher
- Infosec 2013: Sophos updates free Android security app
- Infosec 2013: ICO expects clarity on EU data rules only in 2014
- Global enforcement of law in cyberspace years away, says BCS
- Every business in the cyber frontline, says Kaspersky
- Infosec 2013: Cost of cyber breaches rises three-fold, research shows
- Infosec 2013: Cyber threats, challenge and opportunity for UK, says minister
- Infosec 2013: University research challenges reliability of IPS
- Infosec 2013: Tech firms among top cyber targets, report shows
- Infosec 2013: Research shows value in crowd-sourced threat intelligence
- Infosec 2013: Every business a target of cyber attack, Verizon breach report shows
It is imperative, she said to bolster the cyber capabilities of UK law enforcement because of the billions of pounds that it is draining out of the national economy.
“Cyber criminals come from all walks of life, but the biggest and most common motivation is financial gain, relatively few are in it for the hacking status or political and ideological reasons,” said McMurdie.
The most commonly reported crime is the theft of financial login credentials, which are then sold through criminal forums for high-volume, low-value fraud, which is causing serious economic harm.
Ready-made tools have helped grow the number of people engaged in cyber crime by lowering the barriers to entry, said Arnie Bates, head of information security at Scotia Gas Networks.
“The emergence of off-the-shelf tools means that just about anyone who wants money can be a cyber criminal,” he said.
Another contributory factor to swelling the number of people involved in crime in cyberspace is that many do not view it as crime and do not feel the same responsibility for actions in cyberspace.
McMurdie said carrying out a denial-of-service (DoS) attack is still a crime because it has a cost to the companies targeted.
“Many people who download tools like Low Orbit Ion Canon to DoS organisations for ideological reasons would never dream of committing a physical crime,” she said.
When planning defences against criminal activity, organisations need to assess the likelihood of being the target of the various kinds of criminals and then defend against the techniques the most commonly use.
“Put in responses around systems, people and processes to defend against the most likely attack methods and focus resources on the crown jewels of your business,” said McMurdie.