Experts Warn that We Are Losing the Battles against Cybercriminals
Montevideo brought together the world’s leading cybercrime experts working with Team Cymru, a global organization specializing in cybersecurity.
Invited by LACNIC, Team Cymru’s local partner, the select group of professionals addressed the main challenges currently faced in the field of cybercrime and agreed to enhance international cooperation to deal with a growing proliferation of online criminal gangs that do not recognize geographical borders.
During the three-day meeting, approximately fifty law-enforcement agents whose work is to fight online crime expressed their surprise with the increasing speed with which criminals are finding ways to breach new protection strategies and with how easily free tools used by cybercriminals are spread.
According to the experts who participated in the sessions and workshops that took place during the meeting held in Montevideo, cybercrime moves billions of dollars and early adopters of new technologies are almost always criminals. The situation in Latin America and the Caribbean is similar to the rest of the world – LACNIC WARP statistics show that phishing is the most common crime in the region, just as it is at global level (click here to see the statistics).
Steve Santorelli, formerly a Scotland Yard agent, is part of this network of international cooperation against cybercrime. In dialogue with LACNIC News, Santorelly stressed that Team Cymru seeks to build trust among experts worldwide to tackle the growing number of criminal episodes on the Internet.
What can you tell the LACNIC community about cybercrime? How often are cybercrimes committed?
It’s always a challenge to talk about specific numbers because the numbers you come up with are based on our visibility into the problem. Everyone has a different perspective, so I try to stay away from specific numbers. Anecdotally, however, I can say that the problem is getting significantly worse. We are definitely in a challenging situation. Using war as an analogy, we are losing the battles. We feel the need for the kind of meetings that we’re having here, primarily to try to bridge the gap between law-enforcement and industry.
We’ve been doing this kind of thing for over a decade now. I felt that there was a massive chasm between the law enforcement community which has always struggled with their resources, always struggled to train and retain – to teach and to keep hold of – their skilled staff because private industry can offer significantly higher salaries. Ten years ago we also felt that the information security community itself really didn’t have the necessary contacts, that they didn’t have the trust in law enforcement. I like to think the work that LACNIC, Team Cymru and other collaborators are doing together has served to bridge some of that gap. Certainly, things are getting better. The communication that we’re having today between the different actors, particularly between law-enforcement agencies and the industry group, is completely different from where it was ten years ago.
But we’ve also got to understand that there’s a lot of money in cybercrime and that cybercriminals invest heavily in research and development. They don’t have the same restrictions that we do: we must follow the law and be ethical. Criminals have significantly more money than we do to try to combat what they see as a problem, in other words, to avoid being investigated and arrested. So, it isn’t all good news. Cybercrime is a significant problem and I think that it would be unfair to single out South America, as the problems I’m talking about happen on every continent.
Can you tell us what are currently the most common forms of cybercrime and their characteristics?
I think this depends on the victim. For example, phishing is still very effective, as it has a very low cost of entry for the criminals, and it ties in with social engineering. What we’re seeing is that there are different demographics in the cybercrime community, that there are different tiers of skills ranging from what we call “script kiddies”, people that basically know enough to point and click a particular tool they download or buy at a nominal cost and they’re in a position to start their criminal hacking without any technical knowledge. Above them there are people who are directing significant teams with different specializations. For example, you might have a team that has a virus writer, a team that has someone who specializes in money laundering, you might also have a team that specializes in counterfeiting or similar fraudulent activities. Other types of crimes such as DDoS attacks are also still very common.
What we are seeing now is that the early adopters of new technologies are often the criminals, who’ll do their best to monetize that particular crime. Where we had a slight advantage was that, until the advent of virtual currencies like bitcoin and Ethereum, it was it was still very difficult to convert the virtual stolen goods into real, hard cash.
Today, a large part of online forum activities focus primarily on how to make money from crime. Viruses still make a lot of money, but it’s interesting that we’re not seeing the big worms like Sasser, Sobig and all those big worms from a decade or so ago. There’s a phrase in the criminal world that says: “nobody makes money if you break the Internet.” So, nobody really wants to break the Internet.