Reading the headlines relating to cyber-security you would not be blamed for thinking we are in a losing battle against relentless foes. The breaches at OPM, Ashley Madison, Target, Sony, and many others highlight criminals are consistently looking for ways to breach our defences. It is understandable then why many CISOs may look nervously at their networks wondering if they will be the next victim, or worse, are they already a victim without knowing it.
Even if you detect and repel a cyber-attack against your systems there is the added complication of whether or not to involve law enforcement in the case. For many this brings more work for potentially little return given the difficulty, especially in cross jurisdiction cases, law enforcement can have in attributing the attack, arresting those behind the attack, and for the courts to sentence them. So many companies decide to simply deal with the attack, clean up their systems, and continue with business as usual. For many, involving law enforcement is a timely exercise which may not result in those responsible being brought to justice.
However, recently I've noted a subtle addition to many of the news stories seen in various publications over the past number of weeks. These stories give a glimmer of hope that all is not lost and that cyber-criminals may not be as untouchable as they thought.
Over the past number of weeks we have seen a series of arrests, court cases, and convictions where those who have been involved in cyber-crime have been brought to justice, these include;
- Lauri Love, from the UK, arrested for hacking into U.S. government computer networks and stealing sensitive and confidential information.
- In a cross country operation led by Europol (to whom I act as a Special Advisor on Internet Security) the Darkode cybercrime forum was shut down resulting in 28 arrests.
- A Turkish man Ercan Findikoglu, known as the "Predator," is in plea talks with US authorities over an ATM fraud scheme he was allegedly involved in and which netted tens of millions of dollaers.
- Bulgarian police detained a syrian national for his alleged involvement in the "Middle East Cyber Army" who allegedly attacked more than 3500 websites worldwide.
- An former employee of the UK Morrisson supermarket chain was jailed for eight years for leaking the details of over 100,000 staff members.
- Police in the United Arab Emirates arrested three individuals who are alleged to have targeted US bank accounts.
- In another operation led by Europol, Spainish police arrested 9 suspects who allegedly took part in a mobile phone scam which resulted in damages of over $2,000,000.
- The former IT Security boss for the Iowa State Lottery was found guilty of hacking into the state's lottery system to rig it so his was the winning ticket for $14,300,000.
- A man in the UK, Cei William Owens, received a two year prison sentence for trading in drugs on a number of Cybercrime markets including the Silk Road II.
- Another international operation involving Europol's European CyberCrime Centre resulted in the arrests of 49 suspects allegedly involved in financial fraud involving email account intrusions.
- An international operation between police Ukraine, Belgium, and Austria resulted in arrests of members of a cybercriminal gang suspected of developing, exploiting and distributing the Zeus and SpyEye banking malware.
- Police arrested 130 individuals suspected of being involved in online airline ticket fraud.
- Three Estonians were jailed for their involvement in infecting over 4 million computers with malware.
- Police in Israel and the U.S. arrested four people in connection to fraud schemes related to last year's security breach at JP Morgan Chase & Co.
While the number of arrests and convictions is very welcoming to see, for me there is more behind the headlines that gives cause to celebrate. In particular, those cases involving multiple police forces working across different jurisdictions. The cooperation demonstrated in these international operations is heartening to see. In addition, the lessons learned from them can be brought to bear on future operations to increase their likelihood of success. Each arrest in many cases will also provide a treasure trove of intelligence and data that law enforcement can use to identify other criminal gangs.
Working in information security can lead us to often look at the negative aspect of the business. Sometimes though, it is good to look at the positive side and enjoy the victories that do arise.