INDEX

Cybercrime and Security in the New Year

Dec. 20, 2013, 7:57 a.m.
Michela Menting, Research Director

Share:

Cybercrime will increasingly merge with the cyberwarfare landscape. As nation states and other legitimate organizations continue to engage in political espionage and offensive security, the boundaries between criminal activities and national security prerogatives will gradually blur. Many state-sponsored groups make use of commercial-off-the-shelf malware in their espionage campaigns. In China, there is an explosive black market in hacking and surveillance tools selling directly to the government. The US NSA uses a similar methodology to high level cybercrime operations. In particular, it’s Foxacid Exploit Kit has been readily compared to the Blackhole EK.    Such activities indicate the use of popular hacking techniques commonly employed by cybercriminals and amateur hackers.

Generally, final customization by the government is often required to fine tune the attack tool. But for basic, initial information gathering and initial infiltration, the tools used are strikingly similar to run-of-the-mill malware. In addition, there is a growing market for the discovery and sale of zero-day exploits to the highest bidder. Both governments and organized cybercrime organizations pay significant bounties for such exploits. As information about advanced persistent threats and long-term infiltration campaigns perpetrated by governments come to light, organized cybercrime will grow its market offerings to find suitable exploits, and provide adapted malware specifically targeted for nation state purposes. Specifically, there will be a decided drive in demand for access credentials into accounts owned by employees working for government agencies, private sector operators of critical infrastructure, technology companies, and large multinational corporations.

Disparate and disassociated efforts will be made to regulate state-sponsored cyberwarfare and the use of cyber tools in international forums. However, most of these will be unsuccessful as political tensions run high. Alliances will be formed in order to strengthen cooperation, information sharing, and incident response among like-minded states, with heavy priorities for protecting national interests against perceived ‘threat’ states. Currently Western governments have been actively working towards an international agreement of sorts for cyber conduct. Led by the UK, they are currently looking to revise an agreement to place export controls on sensitive cybersecurity technologies (cryptography, complex surveillance and hacking software), by amending the terms of the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies.  Its Cold War legacy certainly throws a damper on the idea of ‘international’ cooperation, settling on a more ‘allied forces’ flavor instead.

Other preliminary efforts at regulating conduct in cyberspace by nation states have also been similarly one-sided. The Tallinn Manual on International Law Applicable to Cyber Warfare officially launched in March 2013. The Manual is the fruit of the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), developed by a group of experts from western academic and military backgrounds offering insight into such issues as sovereignty, state responsibility, the use of force, the applicability of the law of armed conflict and the conduct of hostilities among others. However, the decidedly absent contribution of any military professional or academic from a non-NATO country throws the Manual in much the same boat as the efforts to amend Wassenaar. Undoubtedly harmonized international cooperation will unquestionably deteriorate before it even begins to look better.

The resulting international climate of digital mistrust and state sponsored cybercrime tactics will drive the emergence of specialized national cyber defense forces within law enforcement and the military. Most developed countries already have some form of national cybersecurity strategy in place and will seek to consolidate their action plans and flesh out the security of the different segments. The particular focus next year will be on better securing critical infrastructures from cyber attacks. Governments will allocate substantial budgets for national cybersecurity, and solicit participation from private sector defense contractors and specialized security vendors, with a priority for domestic companies. The priority will be to provide expanded national cybersecurity research and defense capabilities that can work in cooperation with private sector nominees.

The GCHQ in the UK for example has already set up two such cybersecurity research institutes with universities, security companies and defense contractors. The UK Ministry of Defense and Joint Command Forces created this year a new Joint Cyber Reserve with reservists working alongside regular forces to protect critical computer networks and safeguard vital data. This is separate from the Met Police’s National Hi-Tech Crime Unit (NHTCU), which works alongside Europol’s European Cybercrime Centre and Interpol’s soon to be opened Global Complex for Innovation (IGCI) Cybercrime. However, this progression of cyber and high tech crime units clearly shows that national strategies are finally showing concrete results in terms of concrete output. There is no doubt that other countries are expanding their cyber resources, and 2014 will certainly see a decided emergence in the number of army and police cyber forces.