The evolving cyber threat landscape and an ‘expertise gap’ among law enforcers and others in authority make cross-cutting challenges, says a report by the European Union agencies Eurojust and Europol’s European Cybercrime Centre (EC3).
WannaCry and NotPetya, cross-border cyber-attacks of unprecedented scale in 2017, show how hard a collective response to such crime is, according to the report. While victims are across industries, cooperation with the private sector is vital, only ‘little consensus exists on the legal framework that is required to facilitate effective and trust-based cooperation with the private sector’.
The document goes through the challenges; first, data retention, or rather ‘lack of unified retention of electronic communication data across the EU has proven a key challenge to investigating cross-border cybercrime’. Then there’s the sheer amount of data to be investigated; a typical case of online child sexual exploitation could include millions of images and thousands of hours of video footage to be analysed.
Grade Network Address Translation (CGN) technologies as used by internet service providers share one single public IPv4 address among multiple subscribers – perhaps thousands. This has ‘led to a serious online capability gap in law enforcement efforts to investigate and attribute crime’. The new Internet Protocol version 6 (IPv6), which offers a vast increase in the number of addresses, is the preferred, but long-term, solution.
Ccriminals need domain names to run almost any online criminal infrastructure. They need to register domains to launch phishing attacks, to spread malware, to send spam, to control botnets, to sell counterfeit goods or to spread terrorist propaganda and recruit online. As of May 2018, international law enforcers lost direct access to WHOIS, a database of registration and contact information of the owners of domain names.
The report like others points to misuse of encryption and anonymisation tools by criminals, such as end-to-end encrypted apps, ‘to protect their communications or stored data, obfuscate their financial transactions and avoid detection’.
Crypto-currencies continue to be exploited by cybercriminals. Bitcoin is the currency of choice in criminal markets and as payment for cyber-related extortion attempts such as ransomware. More offenders are using Bitcoin ATMs. And the report suggests that legitimate crypto-currency users and companies are themselves increasingly becoming victims of cybercrime. As a result, and also thanks to the ‘dark web’, ‘law enforcement may no longer (reasonably) establish the physical location of the perpetrator, the criminal infrastructure or electronic evidence’. Also, cloud-based storage and services means that data stored in the cloud could be physically located anywhere.
The report concludes: “With the increasing digitalisation of all parts of society, electronic evidence can be expected to replace classical forms of evidence as the basis for the investigation and prosecution of any kind of criminal conduct, meaning that the challenges listed above – though being of special relevance for combating cybercrime – go far beyond this area and have the potential to seriously impede criminal proceedings in general.” And cyber criminal methods are rapidly becoming more sophisticated.
Download the 34-page document at the Europol website.
Separately, a Joint Liaison Task Force Migrant Smuggling and Trafficking in Human Beings (JLT-MS) has been launched at Europol, based in The Hague.
