Direkt zum Inhalt | Direkt zur Navigation

Document Actions
Personal tools
Log in Register


Finding Solutions. Together.

Sektionen
You are here: Home Knowledge Base Polity Cybercrime, Cybersecurity and the Future of the Internet Proposals Dealing with Cyber crime – Challenges and Solutions
 

Proposal - Dealing with Cyber crime – Challenges and Solutions

The Challenge

In the past decade, advances in communications technologies and the “informatization” of society have converged as never before in human history. This has given rise to the industrialization of ...

In the past decade, advances in communications technologies and the “informatization” of society have converged as never before in human history. This has given rise to the industrialization of a type of crime where the commodity—personal information—moves far too quickly for conventional law enforcement methods to keep pace.

Robert Wainwright

The threat from cyber crime is multi-dimensional, targeting citizens, businesses, and governments at a rapidly growing rate. Cyber criminal tools pose a direct threat to security and play an increasingly important role in facilitating most forms of organised crime and terrorism.

Challenge 1

There is now a sophisticated and self-sufficient digital underground economy in which data is the illicit commodity. Stolen personal and financial data – used, for example, to gain access to existing bank accounts and credit cards, or to fraudulently establish new lines of credit – has a monetary value. This drives a range of criminal activities, including phishing, pharming, malware distribution and the hacking of corporate databases, and is supported by a fully fledged infrastructure of malicious code writers, specialist web hosts and individuals able to lease networks of many thousands of compromised computers to carry out automated attacks.

Whilst the value of the cyber criminal economy as a whole is not yet known, the most recent estimate of global corporate losses alone stands at approximately €750 billion per year1.

Solutions

  • Active targeting of underground forums to disrupt the circulation of powerful and easy to use cyber criminal tools, such as malware kits and botnets.
  • Disrupt the infrastructure of malicious code writers and specialist web hosts through the active identification of developer groups and a joint action of law enforcement, governments and the ICT industry to dismantle so-called “bullet proof” hosting companies.
  • Active targeting of the proceeds of cyber crime (e.g. money mules) in collaboration with the financial sector.
  • Continue to develop insight into the behaviour of the contemporary cybercriminal by means of intelligence analysis, criminological research and profiling techniques, and based on the combined law enforcement, IT security industry and academic sources, in order to deploy existing resources more effectively.

Challenge 2

In the last decade advances in communications technologies and the "informatisation" of society have converged as never before in human history. This has given rise to the industrialisation of a type of crime where the commodity, personal information, moves far too quickly for conventional law enforcement methods to keep pace.

The unprecedented scale of the problem threatens the ability of the authorities to respond – with (according to one estimate) more than 150,000 viruses and other types of malicious code in global circulation, and 148,000 computers compromised per day. At the same time, the authorities have more data on criminal activity at their disposal than ever before, and now have an opportunity to harness this information in ways which make intelligence development and investigation more streamlined and cost effective.

Cyber crime rates continue to increase in line with Internet adoption: mobile Internet access and the continuing deployment of broadband internet infrastructure throughout the world therefore introduces new levels of vulnerability; with potential victims online for longer periods of time and capable of transmitting much more data than before; the adoption of these internet technologies in developing countries poses a potential external threat to the EU; and the increasing trend for outsourcing data management to third parties presents imminent risks to information security and data protection.

At the same time, the organic development of Internet technology has resulted in the existence of myriad actors in the information security field. By way of illustration, the (ENISA) directory of network and information security stakeholders in the EU alone already stretches to over 400 pages.

Solutions

  • More must be done to harness the intelligence of network and information security stakeholders, not only to provide a more accurate and comprehensive assessment of cyber criminality, but also to ensure that responses are effective and timely. Active partnerships with ISPs, Internet security organisations and online financial services are key. The private sector needs to be assured of a confidential relationship in which information can be exchanged for investigative and intelligence purposes.
  • Collaboration, particularly with the private sector, to proactively identify features of future communications technologies liable to criminal exploitation, and to design vulnerabilities out of technologies and environments which are in development. Law enforcement must work in partnership with those who will influence the future business and operating environment, so that all concerned can better anticipate changes in criminal behaviours and technological misuse.

Challenge 3

Cyber crime is a truly global criminal phenomenon which blurs the traditional distinction between threats to internal (criminality and terrorist activity) and external (i.e. military) security and does not respond to single jurisdiction approaches to policing. The liability of networks to exploitation for a number of different ends, and the ease with which individuals may move from one type of illegal activity to another suggests that territorialism in all its forms (both of nations and regions, and specific authorities within nations) hinders efforts to successfully combat the misuse of communications technology.

At present, national authorities are overcoming jurisdictional restrictions by coordinating regionally (as in the EU, ASEAN and AMERIPOL nations) or with agencies with similar levels of capability/capacity (as in the Virtual Global Taskforce) to better understand and respond to Internet-facilitated crime.

Solutions

  • More centralised coordination at regional (e.g. EU) and interregional levels, to streamline the fight against cybercrime.
  • The establishment of virtual taskforces to target internet facilitated organised crime. These should be responsive to the evolving criminal environment – e.g. more permanent groups for information sharing, more ad hoc arrangements for specific operations such as dismantling botnets. In all cases the authorities need to have the flexibility to include a variety of stakeholders (law enforcement, military, private sector, academia, user groups) in order to achieve the desired outcome.

 


1The State of Internal Security in the EU, A Joint Report by EUROPOL, EUROJUST, and FRONTEX

    Related Proposals

    Proposal

    Cybercrime, Cybersecurity and the Future of the Internet

     
    What is international crime? Ten years ago it was smuggling, drug trade and money laundering. But over the last ten years, we've seen an explosion of online crime. And online crime is always internati ...

    What is international crime? Ten years ago it was smuggling, drug trade and money laundering. But over the last ten years, we've seen an explosion of online crime. And online crime is always international because the internet has no borders.Local law enforcement has limited resources and expertise to investigate online crime. The victims, police, prosecutors and judges rarely uncover the full scope of these crimes. Action against online criminals is too slow, the arrests are few and far between, and too often the penalties are very lenient, especially compared to real-world crimes.That’s why I’m calling for the establishment of Internetpol

    Polity
    Proposal

    Five concerns and five solutions for cybersecurity

     
    Internet security doesn’t just touch on government, big business and law enforcers. It is an increasingly important concern for the average personal technology user, many of whom have little underst ...

    Internet security doesn’t just touch on government, big business and law enforcers. It is an increasingly important concern for the average personal technology user, many of whom have little understanding of the issues and even less knowledge of the technical solutions. They just want to know that if they follow a few simple ground rules, they will be safe. I would highlight five particular areas of concern that require appropriate solutions:   Data protection and privacy On the web, personal information can be as valuable a currency as cash. Citizen’s attitudes towards the privacy of their personal information are evolving

    Polity, Academia, Business, Civil Society
    Proposal

    Cybercrime, Cybersecurity and the Future of the Internet

     
    There are three broad threats to internet security: cyber crime, cyber industrial espionage and cyber warfare. They represent a useful rule of thumb but are not fixed categories - they bleed into one ...

    There are three broad threats to internet security: cyber crime, cyber industrial espionage and cyber warfare. They represent a useful rule of thumb but are not fixed categories - they bleed into one another of necessity. The one common element that straddles the three threats is that at some point they involve a computer user with advanced hacking ability. Already the role of these people may be quite far removed from the action. This is due to the industrialisation of hacking tools which are now easily available: from viruses which buyers may deploy themselves through to operational botnets which can

    Academia