Fighting Cybercrime on the Frontlines
AI, ransomware, cryptocurrencies, the Internet of Things—INTERPOL’s Assistant Director of Cybercrime Operations, Bernardo Pillot, outlines practical steps for countries facing new threats on the digital frontier.
Heading 1
Heading 2
Heading 3
Heading 4
Heading 5
Heading 6
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
Block quote
Heading 6
Ordered list
- Item 1
- Item 2
- Item 3
Unordered list
- Item A
- Item B
- Item C
Bold text
Emphasis
Superscript
Subscript
What cybersecurity threats do countries face today, and how are these threats evolving?
The most prominent cybersecurity threat in the current state of play is ransomware. It is not a new threat, but we are seeing increasing ransomware attacks on critical infrastructure, particularly on the healthcare industry. Hospitals worldwide have come under attack by ransomware groups.
Cybercrime is borderless and can happen from anywhere around the world: no region is spared. As long as people have access to computers, the internet and the infrastructure, you will see people becoming involved in cybercrime and cyberattacks.
Likewise, ransomware attackers can be based anywhere in the world. What we see is that these attackers are becoming more organised. Ransomware hacker groups are offering ransomware as a service: they hire out their services or infrastructure to other bad actors. As a result, it now takes far less sophistication to launch cyberattacks and to commit cybercrimes.
How is INTERPOL addressing global cyber threats and helping governments tackle cybercrime?
INTERPOL is the biggest international law enforcement association across the world, with 196 member countries. This global reach matters because of the borderless nature of cybercrime, which often places it beyond any one country’s jurisdiction. National law enforcement agencies are often not equipped to handle cross-border matters on their own.
In a typical cyberattack, the cybercriminal will be in one country, the infrastructure in another, and the victims in yet another country. Our job is to bring these countries together: that is what my Cybercrime Operations team does at INTERPOL.
What often happens is that a member country in which a cybercrime has been committed reaches out to INTERPOL for help. We collect intelligence from them, and work with private partners to trace the infrastructure behind the attack to the country from which it has been launched. We reach out to that country’s law enforcement organisations and let them know this is occurring. We then bring governments together to take down either the infrastructure or the organisation behind the cybercrime.
To successfully prosecute cases, law enforcement agencies need to have information from the victims. Oftentimes countries are not even aware that these victims exist until we bring it to their attention. Much of the information we need to build and coordinate cases lies with private industry. Through a programme called Project Gateway, we partner with 13 private industry partners—including major cybersecurity companies such as Kaspersky and Trend Micro, as well as non-profit cybersecurity organisations such as the Shadowserver Foundation—to gather and share intelligence that we use to benefit our member countries. INTERPOL’s operational group ensures justice is served by bringing different stakeholders together across borders and sectors.
In cybersecurity, we need to know who is there, each other’s capabilities, and how we can depend on one another when something happens.
Recently, we carried out a programme called Operation Synergia1, where we focused on the top three threats our members identified as impacting their countries: phishing, banking-related malware, and ransomware. Operations and intelligence teams collaborate on a plan on to work with infrastructure located in different countries across the globe.
In an operation over a four-month period last year, we used the information gathered from our member countries and private partners to create an intelligence package we call a Cyber Activity Report. We identified over 50 different countries to share this intelligence with, so that they could help us take down infrastructure based in their countries that was being used for either phishing attacks or ransomware. This led to many command and control servers being taken down and several cybercrime groups being identified. This demonstrates how the private sector and law enforcement in different jurisdictions can have significant success in fighting cybercrime when they communicate and work together.
How can governments and their law enforcement agencies better communicate and collaborate with different stakeholders to fight cybercrime?
Communication is key. It is important to continually build trust, and not wait for an incident to happen before you communicate. It is also useful to conduct and keep up joint exercises and get to know people in the industry, so that law enforcement personnel are familiar with their counterparts in the private sector, and vice versa.
Knowing whom to contact, what capabilities exist, and having conversations early on to stay in touch with trends and with one another, is invaluable. This is just a basic approach of law enforcement in general: in policing, we do not wait for a tragedy to happen before getting to know the people in the field. We need to know everyone’s response times, and what to do in an incident. Similarly, in cybersecurity, we need to know who is there, each other’s capabilities, and how we can depend on one another when something happens. It is like knowing your community, your neighbourhood, so that in an emergency you know who to call, who might have seen what, and so forth.
At INTERPOL, we help foster these relationships in several ways. Apart from Project Gateway, where we work with the private sector, we also hold regional and specialist conferences around the world. We have just wrapped up a regional conference in Nigeria, where we brought in 49 African member countries, the private sector, and other international organisations to discuss the threats in the region. We discussed the players working in the region, what the private sector is doing, what they are seeing, and cases that the countries are working on, so we can foster collaboration and address these threats together.
What are the biggest challenges that national governments face in dealing with cybercrime?
A major challenge is capacity building: having the technology and the knowhow to investigate and pursue cybercrime. We recognise that not every country has the same capabilities to do this well. That is why my unit is working on training and capacity building.
One example of our capacity building initiatives is GLACY-e (Global Action on Cybercrime Extended), a programme funded by the Council of Europe, through which INTERPOL offers training in different regions across the world.2
We are also focusing on capacity building that is targeted to each country’s particular needs. For example, there is increasing cybercrime dealing with cryptocurrency, or digital currency. We are now aiming to deliver training on how to carry out investigations dealing with cryptocurrency or even malware analysis. The weaker a particular country’s security apparatus, the more vulnerable they are. If this activity is cross-border, these vulnerable countries may become nodes from which attacks on other countries are launched. When a country builds its cybersecurity, it benefits everyone.
A growing new area of concern is the Internet of Things (IoT). These devices and their connectivity are another avenue where cybercriminals can potentially enter a network, greatly expanding the potential attack surface. Now you do not need to have a computer or mobile phone to get hacked: any connected device could be vulnerable—including car devices, pacemakers, watches, medical devices, and newer gadgets rolling out every year. The more the devices, the more our vulnerability grows. Faster connectivity through 5G means more IoT devices will be connected more easily, which is a trend cybercriminals will also exploit. As always, anything with a potential for good will attract someone looking to use it for nefarious ends.
From the perspective of cybersecurity, how should countries view the rise of artificial intelligence (AI), machine learning, and related technology?
Cybercriminals are using AI to commit crimes, so governments must also take advantage of this technology for law enforcement. This is just how the future is going to look. If countries do not get on board, they are going to be left behind and become vulnerable to criminals who are using technology to become more and more sophisticated and to take advantage of people around the world.
If used well, this technology could help automate the way we look at cybersecurity, assist in threat intelligence, and identifying vulnerabilities. But law enforcement agencies do tend to always be a step behind, because we need to take into account public concerns about privacy and how such technologies are going to be used.
Cybercriminals are using AI to commit crimes, so governments must also take advantage of this technology for law enforcement.
One area INTERPOL is exploring is the use of data. This is a complex issue, because countries have different ways of looking at data. But we are looking to grow our databases and to bring in more information, taking advantage of AI. AI and machine learning technologies are more efficient than having people looking through gigabytes and gigabytes of data, which would be impossible to keep up with on a global scale. We are exploring how to bring these large datasets into play, to spot global trends that no one country can easily do. As a neutral organisation with no geopolitical affiliations, INTERPOL has the trust of our member countries: it makes sense for us to be the conduit for such information for the collective good.
What are best practices and capabilities that governments should pursue to be resilient against global cybercrime?
My team focuses on law enforcement. We always have our eye on catching the criminals. However, one thing we always try to reemphasise to our member countries is awareness. Cybersecurity and cyber resilience are not just about catching bad guys: it is also about making sure that people are aware of threats. Preventing cybercrime is better than trying to correct it afterwards. We conduct a global awareness campaign every year and focus on the top three cyber threats. We work with our Gateway partners to get the word out on what the public can do about behaviour on the internet, either to defend themselves or to be more proactive and take better precautions. This includes making businesses more aware of current and emerging threats.
Preventing cybercrime is better than trying to correct it afterwards.
An area of concern that we see is that certain population groups are particularly vulnerable: the elderly community, and also children. Younger and younger children are going on to the internet. They come across cybercrime and start exploring. It seems to them that no one gets harmed by such crimes: there are no victims, it is not a big deal. Then things start to escalate and they learn to become hackers or cyber criminals. For example, in Nigeria, young people look at cybercriminals almost as celebrities.
Making the field more diverse will benefit everyone, because having different points of view is vital.
Trying to get them early is the way to go. There is a programme in the Netherlands where law enforcement is reaching out to these young people, before their behaviour becomes a problem. Instead of making an arrest, they go and speak to them. Early intervention and messaging help persuade young people that cybercrime is not cool; that it impacts communities and other people elsewhere: that there are actual victims and there is harm.
I also hope to see governments increasing investment in training more people to come into this field. I do not see many women in the industry: not just in cybercrime, but law enforcement is very male dominated. Bringing in women and making the field more diverse will benefit everyone, because having different points of view is vital. Sometimes when you have people who think the same way as you, you go down a certain path. Having different points of view paints a bigger picture. It reduces blind spots, and offers a broader perspective and fresher ideas.
That said, I am optimistic about the future. There is more dialogue between law enforcement and the private sector, more collaboration and information sharing across stakeholders. There is a lot more that we can do, but we are going in the right direction.
Bernardo Pillot has extensive experience in cybercrime and global security, including a tenure at Homeland Security Investigations. As Assistant Director of Cybercrime Operations and Threat Management at INTERPOL, he launched a cybercrime project supporting 49 African countries, managed over 300 global investigations, and significantly enhanced the international response to cyber threats.