Hieronymus Ukkel - Fotolia
The cross-border nature of cyber crime makes it difficult to tackle, but international collaboration is making good progress, according the UK’s National Crime Agency (NCA).
One of the key drivers of this collaboration effort is the Joint Cybercrime Action Taskforce (J-CAT), set up in September 2014 to co-ordinate international cyber crime investigations.
The NCA is one of the founders of J-CAT, which was initially chaired by Goodall’s predecessor Andy Archibald before Germany took over as chair in January 2016.
The taskforce, hosted by the European Cybercrime Centre (EC3) at Europol in The Hague, is made up of cyber liaison officers from European Union (EU) states, non-EU law enforcement partners, and the EC3.
“At the meeting in January, we discussed several themes such as ransomware, distributed denial-of-service(DDoS) attacks and bullet-proof hosting services, and just how we could contribute to the collective effort to tackle these threats,” Goodall told Computer Weekly.
“The best thing about the J-CAT operational centre is that it brings a sense of immediacy to tackling the problems. Bringing together officers seconded from all over Europe in one place to focus on dealing with cyber criminality creates an operational sharp edge,” she said.
Read more about the NCA and the NCCU
- Rapidly ramping up law enforcement engagement with business on cyber crime is a top priority for National Cyber Crime Unit deputy director Sarah Goodall.
- A joint investigation by the NCA and information security firm Trend Micro leads to two arrests in connection with a crypting website.
- Hackers target global financial institutions and payment systems with Dridex malware, with UK losses estimated at £20m, warns the National Crime agency (NCA).
- UK police arrest 57 cyber crime suspects in 25 separate operations co-ordinated by the National Crime Agency.
J-CAT also provides greater personal contact, which Goodall sees as a key contributor to the relatively rapid progress being made in international collaboration in fighting cyber crime.
“It is human nature that personal contact and understanding build bridges way quicker than anything else, and once the investment is made in building personal relationships, it is easier to pick up the phone and get things moving,” she said.
Personal interaction of this kind is also useful in establishing standards of good practice.
“By having conversations on strategic topics, and sharing presentations on our initiatives and innovations, raises the bar collectively,” said Goodall.
Testing cyber crime responses
Building capacity is an important part of the international collaboration effort and, to that end, the NCCU hosted a cyber attack simulation exercise in December 2015. This was done to test how investigators and prosecutors across seven European countries and the US would work together in the event of a complex international cyber criminal incident.
The Exercise Silver Shadow, conducted over two weeks, was also aimed at building stronger operational partnerships between investigation teams and prosecutors and helping participating countries develop better operational skills.
“In particular, we wanted to help eastern European countries such as Bulgaria, Georgia, Lithuania, Moldova, Romania and Ukraine to increase their capacity and capability by working through some extremely testing operational exercises,” said Goodall.
Collaboration outside of Europe, however, remains a challenge and the NCCU has to follow government guidelines on what countries they are allowed to engage with.
Inside those boundaries, the NCCU’s international engagement is guided by its annual strategic assessment of the most important prevailing and emerging cyber threats.
UK global collaboration tackles online crime
Outside of Europe, the UK has good working relationships with the US, Canada, Australia and New Zealand as fellow members of the Five Eyes intelligence alliance.
The Five Eyes Law Enforcement Group (Feleg) is aimed at fostering global law enforcement collaboration.
In April 2016, the NCCU is to host a meeting of Feleg’s Cyber Crime Working Group.
In addition to the ties through the Five Eyes alliance, the UK has a “very rich bilateral relationship with the US”, said Goodall, with regular meetings between law enforcement officers tackling cyber crime on both sides of the Atlantic.
Goodall and several colleagues are due in the US shortly for a visit set up to discuss details relating to specific criminal actors who are causing global harm.
“We are going to discuss who is doing what, to what effect and what more can be done going forward to address these specific threats,” she said.
The bigger picture
The focus continues to be on finding ways of taking down the key enablers of cyber crime through cyber crime malware and providing support services and infrastructure.
Disrupting cyber criminal operations and associated infrastructure was a key objective in the UK national Operation Bloodleaf co-ordinated by the NCA in March 2015, in which UK police made 57 arrests in 25 separate operations.
However, Goodall says international law enforcement is also trying to move away from seeing enablers and actors in isolation.
“Technical systems tend to have a temporary effect, so it is important for us to understand the whole process from enablers all the way through to actors to prevent the perpetuation of threats,” she said.
For this reason, as part of its efforts around cyber crime prevention, the NCCU is focusing on ways to ensure that teenagers use their cyber creativity and capability for positive things rather than being lured into cyber criminal activity and exploited by serious organised criminal groups.
Goodall said education is an extremely important element of the NCCU’s initiatives around prevention of cyber criminality.
Teenagers as young as 14 can be manipulated into using DDoS tools because that requires little or no skill, she said, but these youngsters are often not aware of the havoc they can cause by doing so.