Cyber crime featured heavily in security news coverage in 2013, and continued to do so in 2014 with cyber criminals...
and cyber law enforcers upping their games with each passing month.
The production of malware continues on an industrial scale, with exploit kits and malware services putting sophisticated attack methods in the hands of relatively unskilled cyber criminals.
However, 2014 has seen a series of international anti-cyber crime operations that have demonstrated an unprecedented level co-operation between law enforcement agencies around the world.
These efforts have been boosted by the UK-led Joint Cybercrime Action Taskforce, which is hosted by Europol’s European Cyber Crime Centre in The Hague.
Law enforcement officers have emphasised that business needs to take cyber crime seriously, with every size of company in every sector being targeted.
Despite the advances in law enforcement operations, UK police are facing a steep learning curve in their efforts to come to grips with cyber-enabled crime.
That challenge is likely to continue as cyber criminals are expected to evolve in a number of ways in 2015, with some expected to become information dealers offering rich data sets about individuals to the underground market.
Read Computer Weekly's top 10 cyber crime stories of 2014 here:
Business needs to take cyber crime very seriously, according to Troels Oerting, head of Europol’s European Cybercrime Centre.
“At some time or other, all businesses are likely to be hit by cyber crime as the world becomes increasingly online,” Oerting told Computer Weekly. “Companies that do not think information security is important should reconsider, otherwise they could end up going out of business.”
The threat of cyber crime is much greater than most people think, he said, because much of it still goes unreported.
“We know of a lot of cyber crimes that are very costly to business that are not reported to the police,” said Oerting. “We also see losses through fraud and other crimes of more than €9m in some months, but these are going unreported.”
Oerting believes businesses that invest in the right processes, procedures and technologies will be rewarded in the longer term – but failure to do so could have devastating consequences.
The cyber crime support industry is becoming increasingly commercialised, according to a report published by Europol’s European Cybercrime Centre in September.
Specialists in the virtual underground economy are developing products and services for use by other cyber criminals, the Internet Organised Crime Threat Assessment (IOCTA) report said.
The report’s authors believe this crime-as-a-service business model drives innovation and sophistication, and provides access to a wide range of services that facilitate almost any type of cyber crime. As a result, the barriers to entry for cyber crime are being lowered to allow those lacking technical expertise – including traditional organised crime groups – to conduct cyber crime.
The report also highlighted the abuse of legitimate services and tools such as anonymisation, encryption and virtual currencies, as well as the abuse of “darknets” for illicit online trade in drugs, weapons, stolen goods, stolen personal and payment card data, forged identity documents and child abuse material.
EC3 is hosting the Joint Cybercrime Action Taskforce (J-Cat) set up in September 2014 to co-ordinate international investigations with partners, targeting key cyber crime threats and top targets.
Initiated by EC3, the EU Cybercrime Taskforce, the FBI and the National Crime Agency (NCA), the J-Cat is made up of cyber liaison officers from EU states, non-EU law enforcement partners and EC3.
Oerting said the unit, which is led by deputy director of the UK’s National Cyber Crime Unit (NCCU) Andy Archibald, is due for its first evaluation at the end of February 2015.
“There are already indications it will be extended for at least another six months, but I think it is likely to become permanent as it keeps acquiring cases and we are trying to get European Union (EU) funding for it,” he said.
In May, the first-ever UK-wide cyber crime operation netted 17 suspected users of Blackshades malware, which is designed to take over control of computers and steal information.
Co-ordinated by the new National Crime Agency, the week-long operation in May involved nearly every UK regional organised crime unit as well as Police Scotland and the Metropolitan Police.
The UK investigation was part of global activity targeting developers and prolific users of Blackshades, a set of malware tools sold online for less than £100.
In an operation initiated by the FBI and co-ordinated in Europe through Eurojust and the European Cybercrime Centre at Europol, police forces internationally apprehended dozens of suspected users.
Arrests took place in the UK, the Netherlands, Belgium, Finland, Austria, Estonia, Denmark, Canada, Chile, Croatia and Italy, taking the total number of arrests in connection with Blackshades to 97. The most common Blackshades product is a remote access tool (Rat), which enables cyber criminals to remotely take over and control the operations of an infected computer.
International law enforcers took down several dark markets operating on hidden Tor networks and arrested 17 cyber crime suspects in early November.
Operation Onymous involved law enforcement officers from 16 European states and the US in one of the biggest anti-cyber crime operations to date.
The operation was aimed at halting the sale, distribution and promotion of illegal and harmful items, including weapons and drugs through dark marketplaces online.
Operation Onymous was co-ordinated from Europol's European Cybercrime Centre in The Hague and supported by the UK-led Joint Cybercrime Action Taskforce (J-Cat). Operation Onymous was J-Cat’s second big success in just over a month of a six-month pilot, and came just weeks after Operation Imperium, which resulted in 31 arrests and 42 house searches.
UK police made four arrests in late November as part of an international crackdown on cyber criminals who use malware tools to hijack computers and steal data. The UK raids were led by the NCA, and involved officers from a number of police Regional Organised Crime Units (ROCUs).
The international operation was co-ordinated through Europol, and focused on the threat posed by tools known as remote access trojans.
Police in Estonia, France, Romania, Latvia, Italy and Norway made 11 further arrests. In the UK, two 33-year-old men and a 30-year-old woman were arrested in Leeds, and a 20-year-old man was arrested in Kent. Police executed a search warrant on a 19-year-old man from Liverpool, who had been brought in for voluntary questioning.
The NCA said that, in addition to arresting people believed to be using remote access trojans, police use a variety of approaches to warn individuals that any movement into cyber criminality will result in further action.
Law enforcement agencies around the world arrested 118 suspects, including around 40 in the UK, in the third international cyber-crime operation of its kind in late November.
The operation was led by Europol’s European Cybercrime Centre in The Hague and co-ordinated with the help of Interpol in Singapore and Ameripol in Bogota. The operation was aimed at tackling online fraud and was conducted in collaboration with the airline, travel and credit card industries.
More than 60 airlines and 45 countries were involved in the activity, which took place at more than 80 airports across the world. The co-ordinated action targeted criminals suspected of fraudulently purchasing plane tickets online using stolen or fake credit card data. In many cases it was revealed how the credit card fraud has links to or is facilitating other forms of serious crime, such as drug trafficking.
The UK's National Cyber Crime Unit (NCCU) is open to working with business and other organisations in the private sector, according to deputy director Andy Archibald.
“Business is welcome to contact us directly about dynamic, fast-moving cyber crime in action, and we will work with them to ensure they get the most appropriate response,” he told Computer Weekly.
The NCCU sees a deeper, more defined and developed relationship with private sector businesses as crucial, not only to identify crimes and patterns of criminal activity, but also to tap into specialist skills.
“We need to be able to go to organisations in the private sector and ask to work with people with the skills we need in some of our investigations,” said Archibald. "Industry can bring things to the table that we may not be aware of, and we will work with the private sector within the law if the solution to an operation is something the private sector can take the lead on.”
UK police face a steep learning curve in getting to grips with cyber crime, but several initiatives underway are geared to growing capability and capacity, the London Assembly’s Police and Crime Committee’s Online Crime Working Group heard in November.
The working group is gathering evidence on the response of the Metropolitan Police Service to cyber-enabled crimes. Asked whether policing is behind the curve when it comes to tacking cyber-enabled crime, College of Policing CEO Alex Marshall said it is clear there is an inconsistent response to this threat.
“There is much catching up to be done,” he said, with experienced officers increasingly having to deal with complex, online and cyber issues, which they were never originally trained for.
Marshall said the 18-month-old College of Policing plans to publish new national standards for online investigation and intelligence in 2015 to replace outdated standards published in 2010. The college has also developed a huge range of online training courses for police in England and Wales, as well as specific courses for different skill areas in cyber or online crime.
Websense principal security analyst Carl Leonard said criminals will use the sale of credit card numbers to fund the collection of a broader range of data about victims.
“The underground market is flooded with stolen credit card data, but that will help fund the collection of fuller, richer personal information sets about individuals,” he told Computer Weekly.
These data sets will be far more lucrative than credit card details on the underground market and will include details of multiple credit cards, as well as regional, geographic, behavioural and personal data. Websense expects this emerging trade in data sets on individuals will enable a new level of identity theft to enable fraud.