Virtual crime is a growing problem, with cyber security firm Symantec estimating that just over half a billion identities worldwide were compromised last year resulting in private credit card information, birth dates, sensitive government data and much more posted in the public domain.
The size and scale of cybercrime continues to increase, with the security experts dubbing last year as the ‘year of the mega breach’ and up until recently very little co-ordinated efforts to tackle it.
And, with the recent high-profile hacking of Apple’s increasingly fragile looking iCloud believed to be behind the release of some embarrassing celebrity pictures, there are no indications that the risk is receding or likely to stop any time soon. Indeed, whether you’re the man in the street or a selfie-posting celebrity, everyone is a potential target.
“The Internet allows cybercriminals to operate across geo-political borders – they don’t need to be resident in the same country as their victims”, says David Emm, principal security researcher at Kaspersky Lab. “They can launch an attack from one country, using servers spread across other countries and using anonymous Internet-based financial services to launder the money they steal.
“Law enforcement agencies, by contrast, have to work within specific geo-political boundaries. This is why international co-operation is so important.”
Cooperation is at the heart of the Joint Cybercrime Action Taskforce (J-CAT) which was launched to much fanfare in September 2014. J-CAT is bringing together law enforcement agencies including Europol’s EC3, the EU Cybercrime Taskforce, the FBI and the National Crime Agency (NCA) for a six-month period of collaboration.
Andy Archibald, Deputy Director of the National Cyber Crime Unit at the National Crime Agency is the man in charge.
“Working between Law Enforcement and industry is critical in the fight against cyber crime. No one country or law enforcement agency can tackle cyber enabled threats alone, so having a strong, international and collaborative approach is crucial”, Archibald says.
J-CAT’s remit is large, covering ‘all relevant areas like malware coding, testing, distribution, Botnets, Crime-as-a-Service, online fraud, intrusion and similar top-end crimes’.
It’s an ambitious wish-list, but how will it work?
“Experienced cyber investigators from across Europe, as well as colleagues from the US, Canada and Australia will not only share knowledge and best practice, but co-ordinate activity against cyber criminals who are not restricted by national boundaries.” Archibald adds.
Reassuringly, this isn’t the first time that security organisations like these have collaborated.
“In recent years we have seen several initiatives to help overcome these limitations, for example, Interpol’s Global Complex for Innovation (IGCI), designed to enhance its ability to support law enforcement agencies around the world.
“The establishment by Europol in January 2013 of the European Cybercrime Centre (EC3) has been a focal point for combating the activities of cybercriminals,” says Emm.
Thankfully the consensus for organisations is that, for most at least, it is business as usual as Emm explains: “I don’t think the impact on corporate IT teams will be a direct one. However, the co-ordination provided by J-CAT – as with other joint cybercrime initiatives – in disrupting the activities of cybercriminals across the EU is likely to have a beneficial effect for businesses and consumers.”
Archibald agrees, but sees a clear role for organisations to work with J-CAT: “The NCA is building stronger relationships with a range of industry partners to improve our understanding of the threat to UK business and the public, as well as strengthening our operational response.
“In the same way, the J-CAT will work with industry and the public to fight cyber crime and ensure steps are taken to protect potential victims.”
It’s an opportunity that industry is taking, with a number of organisations – including Kaspersky – supporting the fight against cybercrime with actions as well as words.
Thankfully, remaining protected doesn’t have to be rocket science.
“IT departments can assist these efforts by continuing to ensure they are giving their organisations as much protection as possible, for example through ensuring they are running up to date security software,” says Emm.
“In the UK, industry should refer to the Government’s 10 Steps to Cyber Security.” Archibald adds.
The idea that law enforcement agencies should collaborate across borders to track down and bring to justice cyber-criminals is a no-brainer. Given the short initial timeframe announced for the collaboration (just six months), what will success look like?
According to Archibald: “Success will be a strengthened approach to tackling the most serious cyber crime threats, disrupting cyber criminals and improving our understanding of the threat.”
The vagueness of the response perhaps reflects the vagueness of the target. In days of old criminals were easier to spot and to catch but, in the world of cybercrime where anyone with a laptop and a wifi connection could be reading your emails, accessing your bank account or sharing intimate photos of you, it’s a much more complex proposition.
It remains to be seen whether J-CAT can make these virtual criminals taste the reality of justice. The clock is ticking.