“You should have asked for the presence of a digital detective,” Karen said when I told her what happened at the police station. I had accompanied a neighbor, who is a small business owner, that had been hit with ransomware and wanted to file a report. After listening to his story, the police officer at the desk asked if my neighbor had a description of the perpetrator. I may have groaned.
This wasn't the first time I was disappointed by the lack of technical knowledge of the police. I had filed an online report about a sextortion scam months earlier and received a reply that said: “If you haven’t paid, you can delete the mail. If you did pay, we can handle your report.”
My offer to send them the full source of the email fell on deaf ears. No attempt was made to initiate a take-down or explain why deleting the email was enough. I happen to know how this works, but other victims might not know that sextortion emails are just bluffing. What's to stop them from paying in the future?
Karen is a former Dutch police officer, and she knew that for reporting cybercrimes, there are police officers that have special training, the so-called “digital detectives.” In the Netherlands, they are officially called digital experts. I could have avoided disappointment if I had known the proper procedure to reach a digital expert.
In the United States, there may be an officer assigned to cyber, but in most precincts, it's the person who happens to be on desk duty or the person who uses technology the most. The situation is even more dire at the local level.
For the ransomware case, we should have made an appointment and specifically asked for a digital expert to be present because we wanted to report a cybercrime. And online cybercrime reports are only possible in common cases, such as Microsoft tech support scams. They have standard forms you can fill out and submit.
While the experience was frustrating, it made me realize that police officers are not trained for expertise in all the new cybercrimes that have surfaced over the last few years. Comparing these individual experiences to the stories we read about elite police cyber units like Interpol, FBI, and the Dutch Team High Tech Crime, I realized the situation in local districts is much different from those highly specialized, national teams. Here's what I learned after some digging around.
When asked, the Dutch police informed me that they have special training courses for digital experts, just like they have experts for drug-related crimes and financial experts. The digital experts can receive training in forensics, hacking, threat hunting, hardware access, reverse engineering, digital tracing, and network analysis. All these trained experts provide assistance in cases where their expert knowledge is advantageous.
In the UK, they seem to be one step ahead. Every police force now has a cybercrime unit, which will investigate and pursue offenders, help businesses and victims protect themselves from attack, and prevent vulnerable individuals to become cybercriminals. Of course, we know the US, where cybercrime is most common, only has a dedicated cyber team with the FBI. While there are FBI offices around the country, they aren't present at every police station.
This shows us that different countries have their digital detectives organized in different ways. And it is good to be aware of their existence and the best procedure in your location to get their help if you need it.
One of the obvious difficulties in apprehending criminals that have defrauded people or organizations in your own country is that the criminal is likely to be across a few borders. And sometimes, the criminals are protected by a regime that is likely to turn a blind eye as long as the criminals only operate abroad.
International cooperation as we have seen in the take-over of dark web marketplaces, is not only important when it comes to crime fighting, but can also be of great value in cyberwar. There is already enough evidence of state-sponsored attacks on critical infrastructure, and it is important to know what these enemy forces are up to and capable off.
Sometimes, there are more effective ways to cripple an international gang of cybercriminals than to try and arrest them. One example is the No More Ransom initiative, where decryption keys for certain ransomware families are published. This brings down the income of the cybercriminal, and with that, it hopefully takes away their incentive to proceed on the path of crime.
The Internet and social media have introduced some forms of bullying that arguably might benefit from police involvement. Where in older times you might say, “Sticks and stones may break my bones, but words will never hurt me,” modern-day cyberbullying has a bigger, long-range impact. Someone posting compromising pictures or movies on social media can be hurtful for a long time.
Social media platforms are slow to respond to take-down requests, and a little pressure from the authorities might expedite their actions. Victims of cyberbullying, however, tend to receive little to no help from the authorities.
To meet a growing demand for specialized experts, the police force will need a good deal of extra funds and staff. The cost of failing to adequately meet these demands may result in heavier losses than society can afford. So even if we feel that we cannot free up the funds for these measures, consider that organizations, consumers, and governments may be handing out the same amount to cybercriminals, the equivalent of throwing money into a bottomless pit. In addition, the costs of recovering from cyberattacks are far higher than what we might pay in training.
A digital expert has to have knowledge about many fields
Digital experts can also be a useful asset when it comes to solving non-cybercrimes. In many cases, digital evidence may help the police locate criminals, view criminal activity around a home or business, or prove criminal intent.
For example, digital evidence might help place people and events within time and space to establish causality for criminal incidents. But collecting and submitting digital evidence legally requires different tools and processes from doing so for physical evidence, so a trained expert will be able to extract more evidence from the same device(s). They can do so not only by knowing where to look, but also by having the knowledge of how to handle a device so that no evidence gets destroyed.
At least every police station or sheriff’s office should have one digital expert available to at least take in reports of cybercrimes. These experts will know which information is needed to have a chance of apprehending the criminal, can advise the victim on how to proceed, and maybe help prevent them from becoming a victim again.
If this is not an achievable goal, set up an easy-to-use site to report cybercrimes online, where a special department of digital experts can do a triage, spot trends, and involve other departments where that is beneficial.
International cooperation will become even more important if we want to stand a chance against cybercriminals, whether they are organized in groups or groups of individuals that buy malware-as-a-service on the dark web.
The International Code of Conduct for Information Security is an international effort to develop behavioral norms in the digital space, submitted to the UN General Assembly in 2011 and in revised form in 2015. This code should be worked out in more detail and allow for international cooperation against cybercrime. And diplomatic efforts should be made to get this code ratified by more UN members.
Stay safe, everyone!
Special thanks to the Department of Communication of the Dutch Police Academy and the Media Desk of the Rotterdam police department.
The post Are our police forces equipped to deal with modern cybercrimes? appeared first on Malwarebytes Labs.