Cybercrime and law enforcement
Australian Federal Police Commander David McLean explains cyber crime from the viewpoint of law enforcement
- Many families will be unaware that they have been compromised by cyber criminals until it’s too late
- One of the challenges for law enforcement agencies is educating the public on the need to be vigilant and pro-active
- It is also working with other government agencies to reach out to the private sector — including the accounting profession — in a bid to form alliances that will deter cyber criminals from attacking vulnerable networks
By Steve Lewis
Somewhere in the backblocks of Poland, Hungary or the Ukraine, a shadowy cyber-criminal gang is targeting vulnerable networks in Australia and New Zealand.
As governments grapple with an increasing number of cyber attacks, the manager of Cyber Crime Operations at the Australian Federal Police (AFP), Commander David McLean, candidly admits that most malicious attacks originate in Eastern Europe.
It’s a worrying trend, one that bucks a common view that most cyber attacks originate in China, which has developed a sophisticated offensive capability and has its own cyber unit — 61398 — within the People’s Liberation Army.
With cyber crime on the rise, the Australian government unveiled a A$230m cyber security program in April 2016 to ensure better protection for government agencies, business operations and individuals.
But in this virtual world there are no national boundaries. Cyber attacks are often routed through multiple jurisdictions to disguise the source.
The eastern European phenomenon helps explains why the AFP has joined forces with overseas law enforcement agencies to better coordinate efforts to combat criminal networks.
Working on this new frontline in the fight against serious and organised crime, McLean says the AFP has “shared equity in international cyber criminals with partners around the world”.
While careful not to disclose too much detail he confirms a close working relationship with two of Australia’s oldest allies.
“We work very closely with our partners in the US. We have a liaison officer who has his own desk in the FBI cyber division,” the AFP boss says.
The A$230m cyber security package included funding for the AFP to create a cyber liaison officer in London.
“That person will have a desk in the (UK’s) national cyber crime unit and use that relationship to step off into Western Europe. And Eastern Europe, where most of our criminal malicious activity has its origins,” he says.
Governments are furiously pumping additional resources into tackling cyber crime, which according to official data is growing in prevalence.
The Australian Cyber Security Centre says the number of cyber security incident responses logged by the Australian Signals Directorate (ASD) leapt from 313 in 2011 to 1,131 in 2014.
Formerly known as the Defence Signals Directorate, the ASD is “predominantly responsible” for responding to cyber security incidents involving Australian government networks and other networks of “national importance”.
The nature of these incidents is largely unknown with the AFP and other law enforcement and intelligence agencies loathe to publicly disclose details.
In April the Prime Minister confirmed an earlier report by the ABC that Australia’s Bureau of Meteorology had suffered a “significant cyber intrusion” that government officials believe originated from China.
More recently an August 2016 “attack” on the Australian Bureau of Statistics (ABS) census collection caused massive public inconvenience and was a major embarrassment to the government.
The ABS intrusion — it was described as a distributed denial of service (DDoS) attack — also contributed to a major increase in Australian public awareness about the threat of cyber crime.
But McLean remains adamant that community apathy remains a serious problem.
The biggest threat to Australia, McLean says, is public ignorance — and this includes parents who pay insufficient attention to their children using home computers and smartphones.
Many families will be unaware that they have been compromised by cyber criminals until it’s too late.
“Someone might have successfully penetrated your computer at home and have got your credentials,” he explains.
“They know that you have got two or three different bank accounts and they have got the passwords now.”
These passwords are aggregated and offered for sale on an online forum somewhere.
“The only thing saving you is the enormous number of credentials that are in circulation, that have been harvested, and that are for sale.”
If that sounds like a nightmare scenario, McLean remains unapologetic about adopting a hard-hitting approach to warn that the threat of cyber crime is real and growing stronger.
He points to the fact that in Australia there are more than 21 million subscriptions to mobile devices with internet connections. That provides fertile territory for would-be hackers.
“Our economy is only going to be expanding into increasingly sophisticated sectors and the vectors for attack are only going to increase,” he says.
The AFP adopts a Five Ds approach to tackling cyber crime: define, detect, deter, disrupt and dismantle.
It is also working with other government agencies to reach out to the private sector — including the accounting profession — in a bid to form alliances that will deter cyber criminals from attacking vulnerable networks.
Having worked on the cyber frontline for some years, McLean says the level of business awareness varies across the economy.
The only thing saving you is the enormous number of credentials that are in circulation, that have been harvested, and that are for sale.
“Big business, the top end of town, is acutely aware and highly sophisticated, well resourced and well defended. They get it,” he says.
The major telecommunications players and the big banks are “protectors and defenders in their own right”.
Importantly, they also understand the need to “ensure that the environment overall is as resilient as it can be” to protect smaller players and individuals from being compromised by cyber criminals and hacktivists who prey on the vulnerable.
One of the challenges for law enforcement agencies is educating the public on the need to be vigilant and pro-active.
The AFP officer admits it’s a major challenge with many people still blissfully unaware of the threats posed every time they go online, use internet banking or pay via credit card. At the same time agencies such as the AFP face the challenge of hiring sufficient numbers of qualified and committed people to work in the cyber arena.
In the United States, sections of the government have actually reached out to so-called hackers and offered them employment, in what might seem the ultimate act of poacher-turned-gamekeeper.
But McLean is cautious about embracing such an approach.
“The outlook is very bright if you are an Australian with relevant skills in this area. There will be a great variety of employment opportunities.
“But do we go out and recruit ‘black hat’ hackers? No, we are not at the moment and I am not suggesting we are about to do that in the future.”
What about the need for more visibility when the AFP busts a cyber gang? Wouldn’t it make sense to parade the proceeds of crime in the same way police call in the media when they bust a big criminal syndicate peddling cocaine or ice?
Part of the problem is that the criminal minds behind cyber are often located overseas, working in jurisdiction where the AFP has little or no traction.
The AFP can’t just walk into a government building in North Korea, China or Russia to arrest cyber criminals, unless it has local cooperation.
The process is long and complicated and requires enormous patience before arrests can be made. “Even before you get to that decision point — can we or can’t we — you have actually got to identify the human being (behind the intrusion),” he says.
“So going behind the IP address or the moniker or the handle … they can be very long-run painstaking investigations that you do with partner organisations internationally that might go for many, many years.
“And that person, if you are able to identify them, may be in an unfriendly jurisdiction and it may be a case where our patience needs to outlast them and we need to wait till they go to a place where we can arrest them.”
Which gets back to why the AFP is moving closer — physically — to the frontline of the campaign against cyber crime.
“That doesn’t always mean that we are going to arrest someone for it because our experience, by and large, is that the major serious and organised criminal actors or state-sponsored actors are elsewhere around the planet — where the scenario of me putting handcuffs on someone is among the options but it may not be the first one that we reach for,” he says.
For more on future workers see the Chartered Accountants ANZ future[inc] paper Disruptive Technologies: Risks and Opportunities.
Steve Lewis is an author and journalist and a senior adviser with Newgate Communications.
This article was first published in the November 2016 issue of Acuity magazine.