Here’s a question for you. Who is behind all the hacking and cybercrime that we read about in our newspapers every week? Who’s controlling the hackers? Well, according to Troels Oerting, Head of Europol’s Cybercrime Centre, it’s an exclusive bunch of malware programming specialists. They are, he believes, around a hundred of these individual, mostly operating out of Russia, and they are the kingpins of modern-day cybercrime.
Can that really be true? Do these 100 programming masterminds really have the power and influence to undermine the internet and threaten our businesses and critical infrastructure? Well, if what he says is correct, then there can be no question that they do. Speaking to the BBC, Troels Oerting said:
“We roughly know who they are. If we can take them out of the equation then the rest will fall down,” he said.
So is that all that’s required? Do the Authorities only need to take down these individuals to stop the cybercrime epidemic? Well, sadly not. Oerting believes that as soon as you take down one group of individuals there are plenty more coming forward to take their place. The problem of cybercrime, he believes is not a static one, and it’s incumbent on the Authorities to do whatever it takes to nip the problem in the bud once and for all. Although, he added, fighting cybercrime remained an uphill battle.
However, Oerting is also a realist and accepts that the fight against global cybercrime, criminality which knows no borders, will inevitably be long and troublesome. He told the BBC:
“We can still cope but the criminals have more resources and they do not have obstacles. They are driven by greed and profit and they produce malware at a speed that we have difficulties catching up with.”
“Criminals no longer come to our countries; they commit their crimes from a distance and because of this I cannot use the normal tools to catch them. I have to work with countries I am not used to working with, and that scares me a bit,” he said.
So where is this cybercrime epidemic originating? Well, Oerting believes the majority of the malware ‘kingpins’ are located in the Russian-speaking world. He said that Russian-speaking criminal gangs were creating and testing malware and then selling it as a service in online forums. This malware was then downloaded by criminals from Eastern Europe, Europe, Africa and America and distributed worldwide. Unfortunately, he argues, it’s this commercialisation of cybercriminality which is causing Authorities the biggest headache:
“It is so easy to be a cybercriminal. You don’t have to be a cyber-expert because you just download the programs that you want to use.”
Surely, though, if Europol knows where the problems are coming from, then it should be relatively easy to put solutions in place to eradicate the threat? Unfortunately that isn’t the case as the current strained relationships between East and West are making it increasingly difficult to deal with the problem effectively. There’s a lack of trust between both sides and this is hampering efforts to tackle the problem. Never the less, following a recent trip to Moscow to discuss four major cybercrime cases, Oerting is hopeful that Russian law enforcers will take action against the criminals – action which will lead to arrests and jail sentences.
But how are the actions of Eastern Europe malware kingpins affecting the rest of us? What are they doing that should concern us?
“What I think [consumers] should be afraid of is the stealing of your private, sensitive information – your inbox credentials, your Facebook account. If they know a bit about you they can reset your Google accounts, your Apple accounts. Then they simply take over your life,” he said.
He also told the BBC that the job of containing the cybercrime threat was becoming increasingly difficult as the internet acquired more users and widened its reach. The so-called internet of things – where previously ‘dumb’ objects are connected to the network – “widens the attack surface a bit”, he said. What’s more, he suggested that the Snowden revelations and the increasing use of encryption of online communications are simply exacerbating the problem, and hampering law enforcement’s efforts to contain cybercrime:
“There is confusion among the good guys on the internet between anonymity and privacy. I don’t think they are the same. I think that you have right to privacy but that doesn’t mean that you have the right to anonymity,” he said.
“Imagine in the physical world if you were not able to open the trunk of a car if you had a suspicion that there were weapons or drugs inside… we would never accept this. I think that should also count for the digital world. I hate to talk about backdoors but there has to be a possibility for law enforcement, if they are authorised, to look inside at what you are hiding in your online world.”
Cybercrime is an issue that continues to affect us all – governments, businesses and individuals. We will all inevitably pay the price unless we take action to limit the damage. If you are concerned about the escalating security challenges and risk management issues facing your business today and would like to take precautions, then why not speak to Krypsys? Krypsys’ services are focused on helping your business assess its security posture against current and evolving security threats and educating you on the risks to which you are exposed. We have a wealth of experience in security projects in both the public and private sectors and have worked with organisations to protect high value information assets such as trading platforms, e-commerce systems, data-centres and cloud services. We also work with leading IT security vendors and specialist consultancies to close the gaps in your own IT security strategy and to assist in streamlining and prioritising your risk management spending.
Whether you’re looking for help with penetration testing and security reviews, or are looking for advice on security compliance and web security solutions, Krypsys can help you. For more information on web security solutions, please contact Krypsys on 01273 044072 or [email protected].