santiago silver - Fotolia
Advances in information and communication technologies have the potential to initiate significant disruptive change to the technology landscape, which in turn is likely to present opportunities for specific areas of criminal and law enforcement exploitation, a report reveals.
The use of technologies such as the dark web, encryption, virtual private networks (VPN) and virtual currencies will support fast, “secure” and anonymous operating environments, facilitating all levels of criminality, warns the latest National strategic assessment of serious and organised crime by the UK’s National Crime Agency (NCA).
The report comes just five weeks after a report issued in collaboration with the National Cyber Crime Centre (NCSC) said the cyber threat to UK business was “bigger than ever” and the best way to defend against it was collaboration between government, law enforcement and business.
According to the latest NCA report, the increasingly ubiquitous “by default” nature of these enabling technologies will continue to lower the barriers to entry for some types of cyber-enabled crime, while the rapid and often unpredictable nature of technological change and its subsequent application is adding further layers of complication and uncertainty for developers, users and law enforcement agencies.
Cyber crime is “very likely” to become more prevalent in countries which lack the capacity and/or capability to mount an effective response, the report said, thereby increasing the number of countries which pose a potential threat to the UK.
“It is possible that cyber criminal activity will locate within ‘safe havens’ in more hard-to-reach firewalled and ‘siloed’ jurisdictions,” it said.
It is also likely that future political and ideological conflict will be less confined to the traditional battlefield and will increasingly encroach on a cyber environment, with the aim of disrupting societies, leading to a decreasing divide between cyber conflict and cyber crime, the report predicted.
Brexit will fuel uncertainty
Although the Brexit vote has had “little impact” on criminal activity or international law enforcement cooperation to date, the report warns it will be a key driver of uncertainty in the next five years.
Criminals are not constrained by geographical or jurisdictional boundaries and are inherently opportunistic, the report said. “We expect that many will strive to take advantage of the opportunities that Brexit might present, for example from the design and implementation of a new UK customs system or from increased challenges for EU and UK law enforcement in locating and extraditing international fugitives, if the UK were to lose enforcement or intelligence sharing tools.”
However, the report said some of the effects of Brexit have the potential to work in favour of law enforcement, including greater discretion over the movement of goods and people.
Excluding those crimes created by the introduction of new or changing legislation, the report said it was unlikely that any completely new types of serious and organised crime would emerge in the next five years, but it was likely that existing crime would begin operating in new ways and in new places.
“Much change will still be driven by technology. In an increasingly technology-dependent society, the implications of both intentional and inadvertent criminal behaviour will increase. As technology becomes increasingly autonomous, issues of responsibility and blame will also likely grow in importance,” the report concluded.
“Against a backdrop of a growth in the volume and complexity across the threats, this assessment highlights the non-geographic locus of many threats, the emergence of the dark web as an enabler, a revised focus on illicit financial flows, the overlaps between the threat areas, the impact of technology, and a rapidly changing picture in some areas,” NCA director general Lynne Owens wrote in the foreword to the report.
“This requires us to think differently about how we build capability in response and one of the purposes of this assessment is to inform that necessary strategic refocus,” she said.
This includes NCA plans to build a new National Data Exploitation Capability (NDEC) to deliver a central data exploitation response, develop a world-class response to economic crime through a multi-agency National Economic Crime Centre (NECC) to bring together the public and private sectors more closely than ever before, and to create an expanded multi-agency National Assessments Centre (NAC) to enable a deep and comprehensive understanding of the serious and organised crime threat.
“I trust this assessment is useful to colleagues across central government, police and crime commissioners, operational law enforcement partners, security services and the private sector in that regard,” said Owens.
Protect rather than detect
Gregory Webb, CEO of security firm Bromium said the threat of crime to businesses and people was growing and dark web platforms such as Tor and the Invisible Internet Project offered criminals a way to evade law enforcement and commoditise cyber crime and other activities, such as the sale of guns and drugs.
“This platform criminality model is productising cyber threats and making cyber crime as easy as shopping online. Not only is it easy to access cyber criminal tools, services and expertise, it also means enterprises and governments alike are going to see more sophisticated, costly and disruptive attacks.
“It is equally easy for them to launder that money and convert it into cash – and the rise in use of unregulated, virtual currencies is making this even easier. We can’t solve this problem using old thinking or outdated technology.
“By focusing on new methods of cyber security that protect rather than detect, we believe we can make cyber crime a lot harder, allowing organisations and the security industry to disrupt this web of profit,” he said.
A recently published academic study into the revenues made by cyber criminals, conducted by Mike McGuire, senior lecturer in criminology at Surrey University, and sponsored by Bromium, revealed that cyber criminals were acquiring, laundering, spending and reinvesting about $1.5tn in profits a year and that the highest-earning cyber criminals were making up to $2m a year.
With cryptocurrency increasingly used by criminals as a method of cleaning cash, the study showed that around 25% of property payments were expected to be in cryptocurrency within the next few years.
The study also showed that 20% of cyber criminals interviewed admitted to channelling revenues into the production of drugs and human trafficking, with 57% of dark web activity associated with trading drugs.
The study noted that AlphaBay – one of the largest illicit marketplaces in history – was found to have in excess of 250,000 listings for illegal drugs and firearms when it was taken down, and that 95% of money mule activity has links to cyber crime.