[BreachExchange] Cybercrime Victims: Please Come Forward

[Audrey McNeil]

http://www.databreachtoday.com/cybercrime-victims-please-come-forward-a-9191

Has your organization been the victim of a cybercrime? If so, promptly
contact police to learn all of the options that are available to help you,
law enforcement officials and security experts advised during a panel at
the Infosec Europe conference in London.

The session was devoted to improving how businesses and law enforcement
agencies engage with each other when dealing with "connected crimes."

Speed is of the essence, panelists stressed. "When I [investigated]
murders, we called it the 24-hour golden period: You could solve so much of
the crime in that 24 hours," said Garry Lilburn, a detective inspector with
London-based Metropolitan Police Service's cybercrime unit, which handles
"the most serious and complex breaches," including distributed
denial-of-service attacks, phishing attacks, and ransomware campaigns.
"Cyber is the same. The quicker we get involved, the quicker we can do
something."

Lilburn, who serves on the Met Police task force called Falcon - for fraud
and linked crime online - said that calling police doesn't mean that
victims, or anyone assisting them, need do anything more (see London Police
Retool for Cybercrime). "I keep saying to companies: Speak to us. If you
speak to me as a police officer, you're not obliged to report that crime,"
he said. Rather, the initial conversation tends to be devoted to setting
expectations, including what sort of information and cooperation police
would require, as well as what the victim can expect in return.

After that conversation, "you might say, 'Thanks for that, I'm going to
step away,'" Lilburn said. "I get it. Your bottom line is different from
what I want to achieve. But the point I try and get across: You've heard of
cases that my unit has dealt with - TalkTalk, Carphone Warehouse - but some
of the bigger ones, you've not heard a thing about, because we've
successfully kept it out of the media."

Lilburn said police advise on all manner of online-related crimes,
including hack attacks, online fraud and DDoS extortions. "We've had other
cases [involving] blackmail for $8 million in bitcoins. We can bring in our
negotiating teams, people who ... know about when to communicate, and what
point to communicate ... and they give top advice and you will get that
service."

Of course, some cases do go to court, but Lilburn said victim organizations
shouldn't shy away from related publicity. "By then, it's usually a
positive spin," he said. "It's a good thing for your company; it shows how
your company's protection managed to achieve this result and got someone
arrested."

Information Sharing Improvements

When it comes to reporting cybercrime to police, panelist Tom Mullen, head
of security operations for Telefónica (O2) UK, said he's recently seen
significant improvements. "There's more engagement from law enforcement,
more intelligence on how to protect their customers' data, what's happening
around the world ... and I think we should push this a lot further and work
closer together."

Lilburn said that of the cybercrime cases that have been reported to Falcon
- meaning victims have come forward - 75 percent have resulted in a
"judicial outcome."

Falcon currently has 249 officers, and it's slated to grow to 500, which
represents a significant allocation of policing resources to battle serious
fraud and cybercrime.

Lilburn urged any U.K. organization that suffers a cybercrime to call the
National Crime Agency, or if in London, him directly. He warned that if
organizations instead file a report with Action Fraud, which is the U.K.'s
national center for fraud reporting, it can take a week before it crosses
his desk, due to "clunky computer systems," although he said funding for
related improvements has been lined up. Likewise, if cybercrime victims
call local police, they may not get accurate advice on how to proceed, he
warned.

Outside the United Kingdom, security experts on the panel recommended
reporting cybercrimes to Interpol, Europol or nations' computer emergency
response teams.

Investigators Crave Logs

Kurt Pipal, an assistant legal attaché in London for the FBI, noted that
too often, businesses don't know - and can't always provide - even basic
technical information about a security incident. "I have yet to respond to
a company that can tell me their outward-facing IPs right when I walk
through the door, which is surprising," he said.

Pipal said if he can get "logs, outward IPs, where the attack is coming
from," then the bureau could use its relationships to help trace the attack
back as well as aid victims, particularly if similar attacks had been seen.

One ongoing challenge for many cybercrime investigations has been suspects
who reside in countries that don't have extradition agreements with Western
Europe or the United States. But Lilburn said that one of the members of
his cybercrime unit regularly communicates with law enforcement agencies
around the world to help, and the FBI has similar relationships that can
see overseas suspects get arrested (see How Do We Catch Cybercrime
Kingpins?).

When that doesn't work, law enforcement agencies can wait for suspects to
make a wrong move. "As our director says, cybercriminals generally don't
live in nice places, and they like to go on vacation," Pipal said.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160614/88110277/attachment.html>