Combatting cybercrime
An increased volume of economic crime and cybercrime in direct correlation with the proliferation of data is presenting a complex challenge for law enforcement. Ciarán Galway visits the Garda Cybercrime Bureau at Harcourt Square to speak with its head, Detective Superintendent Michael Gubbins.
Cybercrime is an umbrella term which incorporates both cyber-enabled crime encompassing traditional crimes, such as fraud, as well as crime-dependent that is facilitated by the internet.
Michael Gubbins emphasises that cybercrime in all its forms, whether cyber-enabled or cyber-dependent, costs almost 1 per cent of global income. This is a substantial volume of money which subsequently transfers from legitimate business into organised crime structures.
The role of An Garda Síochána, as defined by its Cyber Strategy, stems from the requirement to safeguard the security of the State under section 7 of the Garda Síochána Act 2005. Likewise, under section 5.5 (National Security and Policing) of the Department’s National Cybersecurity Strategy, 2015-17 specific reference is made to the Garda. One core responsibility is its “liaison relationships with other security services in identifying emerging threats, vulnerabilities and best practice preventative measures”.
Context
An Garda Síochána also has its own Modernisation and Renewal Programme which commits to the establishment of specialist units to meet the increasing challenges of cybersecurity, with regional CCIU units being introduced.
There has been computer crime and computer forensics support available to the organisation since the early 90s. In a trend mirrored in much of the rest of the world, “this capacity was originally established within the Garda Bureau of Fraud Investigation (GBFI), that’s where the Guards first encountered computer technology”.
Latterly, the Garda Computer Crime Investigation Unit (CCIU) separated from the GBFI and as a consequence cybercrime became a bureau in its own right. Under Gubbins, the growing bureau includes an inspector, a number of sergeants and gardaí alongside civilian support staff.
Regional pilot units have already been established in New Ross to support the Wexford region and Ballincollig to support the three Cork divisions. “It’s quite a large expanse, but we’d like to build that out to around six regional units in the 12-18 months,” Gubbins outlines.
Throughout its existence, the CCIU has been successful in detecting crimes such as computer related fraud, online paedophilia, and illegal trading over the Darknet. “Currently our main role is the forensic examination of all seized computer media. If you see a search and computers being removed from a premises, they’re coming here.
“Our Bureau is particularly concentrated on cybercrime investigation which incorporates hackers, DDoS attacks and ransomware. We are aware of cyber-enabled crime and we do provide assistance to the Economic Crime Bureau in their investigation of these.”
In addition, the Bureau is also responsible for international liaison in relation to cybercrime. “We are involved with a number of groups over in the European Cybercrime Centre (EC3) and I sit on the Board of the European Union Cybercrime Taskforce which includes all the heads of the various cybercrime units throughout Europe. We help with policy and strategy for the Centre.
“EC3, for us as a small country, is a valuable entity. We send them a lot of information and intelligence which they then analyse for us within a bigger picture,” he asserts. For instance, “While it is a legitimate currency and it’s acceptable to accept as payment, Bitcoin is the currency of choice for criminals because it’s hard to attribute and to find out who actually owns that money. As time goes on and as we provide more information to EC3, we are getting better at following the trails.”
Trends
Today, networks have proliferated and as a greater number of users gain access, criminals are presented with more opportunities to access networks. Similarly, data is no longer held on desktops, it’s in the cloud and in datacentres. In time, most household appliances will connect to the internet simultaneously providing greater scope for criminals to use them as a platform to attack others.
Cybercrime, Gubbins details, emanates from a wider variety of sources including large organised crime groups, terrorist attacks, hacktivists who don’t seek financial gain and nation states pursuing cyberwarfare.
Similarly, it ranges in its level of sophistication. “There are creative and sophisticated attacks such as ‘spear phishing’, which is specifically targeted at one organisation through its employees. Likewise, with a bit of research, malware can be customised to an individual company. ‘Zero-day’ exploits occur when criminals identify a bug in a system that allows them access the network before the manufacturer of the operating system or application is aware of it. Social engineering emails, often posing as a utility company, can harvest details volunteered by an individual and can then be used to conduct an attack.”
Further threats include CEO fraud, business email fraud and invoice redirection. “It takes a lot money and resource to prevent this, but you have to be situationally aware and that’s why, especially in the banking industry, there are communities being formed – to share information and intelligence in order to make people aware of what’s going on.” As such, there is a responsibility for businesses to educate their employees on the potential for cyberattack.
“Typical malware sources are emails, and we would advise people, especially in a work environment, to think before they click,” Gubbins explains. “Websites can act as a source of malware and similarly we would advise people to be careful with regards to which websites they access. Open and unsecured WiFi in restaurants, hotels and public transport also offer an opportunity for criminals to gain access to your data. If you’re going to use it, there are risks involved.”
“We use whatever forum we can to raise awareness of existence and let people know that the Garda have a response to cybercrime in the format of the Garda Cybercrime Bureau.”
Relationships
Through his leadership of the Cybercrime Bureau, the senior garda engages with a wide range of stakeholders including businesses, banks, accountancy firms and stockbrokers. “Our main business partner would be Banking and Payments Federation Ireland (BPFI) and once a month we meet under what’s known as the High-Tech Crime Forum. We meet with all the banks, our colleagues in the Police Service of Northern Ireland (PSNI), the Internet Service Providers Association of Ireland and others from the UCD Centre for Cybersecurity and Cybercrime Investigation and exchange information about what trends we observe in the cybercrime sphere. It’s been quite successful.”
One worldwide problem for law enforcement is the often complex nature of cybercrime. “It takes a long time to get investigations processed because while you may have an injured party or a suspect here in Ireland, your evidence may lie in another jurisdiction or across multiple jurisdictions,” he explains.
As such, through the European Cybercrime Centre, the Garda also have relationships with Europol, Interpol and other law enforcement partners across the world. The Modernisation and Renewal Programme outlined that “specialist units will be set-up to liaise with international partners on current and emerging threats, and to provide cyber and forensic tools to support frontline policing and State security”.
In addition, the Bureau also has contact with the US Secret Service and FBI through the embassy in Dublin and also in London. “We have quite a network,” he remarks.
Awareness and responsibility
As individuals, Gubbins suggests, we all have responsibilities with regards to our web presence. At the same time, companies must do their part. “There is a huge responsibility on companies that if I provide them with my details, that they don’t then share them elsewhere or allow access to them. Employees must behave in a responsible manner. If a company gets severely hit, then jobs could be placed in jeopardy.
“Likewise, companies are responsible to their shareholders and state agencies have responsibility for citizens. Therefore, if you’re going to have an online presence you need to make sure that it’s secure and not used to facilitate botnet, phishing scams or harvesting of information.”
Despite a tradition of assisting law enforcement, there is a trend of deviation beginning to emerge within certain industries. For instance, cross-platform and end-to-end encrypted instant messaging applications such as WhatsApp make things more difficult for law enforcement. Gubbins concedes: “While there’s nothing wrong with having anonymity and encrypted services, it does make our job more difficult.”
Cybercrime trichotomy
Outlining the current strategy of the Bureau, Gubbins references the cybercrime trichotomy. In 2015, EC3 introduced the trichotomy, proposing to “put an even stronger focus on awareness and prevention when it comes to high volume crimes that can be effectively stopped by increasing the general level of cybersecurity”.
The Bureau, Gubbins contends, must ensure a stronger focus on and prioritisation of investigation and improved attribution in relation to key criminal actors, tools and services, as well as identifying preventive actions. “As law enforcement, our job is to nullify lower skilled attackers and to target resources at the intervention and investigation into the higher skilled end of the pyramid.
“We’re very good at prevention and awareness in the physical sphere, with regards to preventing burglary or encouraging car safety, for example. What we’re doing now is moving into the online sphere, but we need people to engage with us.”