cyberattack

How is Cyber Crime Policed ?

by
cyber crime

How is Cyber Crime policed ?

The emergence of cyber crime in the UK with 53% of all crime relating to this form of criminal activity, the need for this to be addressed has called for the adoption of specialist crime units.

Throughout the UK there now exists Regional Cyber Crime Units (RCCU) which have been set up by the National Crime Agency to help combat and manage the effects of cyber crime.

With cyber criminals becoming increasingly sophisticated the RCCU’s have a very important role to play in our society and the business environment.

What is the role of a RCCU?

They normally consist of two main teams :-

Cybercrime Investigation Team  

This team is involved with investigating all forms of cyber related crime that occur within their designated region

Cyber Protect Team 

Advice on to protect individuals and businesses is provided by this team . This is carried out with input and presentations on cyber crime and cyber security.

Within these teams the following is also provided :-

  • The provision  of law enforcement set up and response
  • Advice on current trends and threats that the RCCU is experiencing

Cyber Briefings

Cyber Briefings are published on a monthly basis and distributed to businesses that provide details of current threats, advise and news.

http://www.zephyrswrocu.org.uk/userfiles/Regional%20Cyber%20Briefing%205th%20June%202017.pdf2.pdf

These areas of activity provide invaluable support to those affected by cyber crime and its prevention.

The RCCU look to work with other ancillary cyber related businesses whether they be cyber security firms, risk managers within the insurance industry and their counterparts in other parts of the world. The exchange of data is invaluable in assessing future cyber risks and offering preventative advice and updated guidelines on cyber threats.

The RCCU’s also work closely with a number of bodies that already are helping raise the awareness of cyber risks and share knowledge of emerging threat vectors such as the following:-

Get Safe Online

https://www.getsafeonline.org/

Cyber Aware

https://www.cyberaware.gov.uk/

Cyber Information Sharing Partnership ( CiSP)

https://www.ncsc.gov.uk/cisp

The challenge that these cyber crime police units face far out weigh the resources that each region has and this represents a stiff challenge with the cyber landscape constantly changing on a daily basis.

Euro 2016 – The Cyber Threat Landscape

by
Euro 2016-

Euro 2016……whether you agree with the final England squad going to France for the 15th UEFA European Championships or not, we should all be in agreement that this major sporting event is inevitably going to be a target for cyber criminals.

Some Facts…

24 countries will be represented at Euro 2016 each with 23 players in the squad which totals 552 players in all

2.50 million fans are expected in the 10 stadiums

Overall spend is expected to be E1billion

The event is being broadcast to 230 countries worldwide with 150 million spectators expected to follow each match

650 employees and 6,500 volunteers

Information : Courtesy of Press Kit dated 2nd March 2016

Why Euro 2016?

Major sporting events grab the attention of the entire world but unfortunately this also attracts elements of the population who perceive this as an opportunity to be exploited  ….. the world of cyber crime.

The threat that cyber crime poses to an event such as this is similar to that which exists for any other business but on a much larger scale and with more dramatic consequences due its high profile and the many threat vectors that may exist.

The Cyber Threat Landscape

Some of the targets for cyber criminals are likely to be the following :-

1.The Official Euro 2016 Website

Distributed denial of service (DDoS) attacks preventing access to website by fans.

The accessing of the website by hackers and altering the data such as falsifying the results and tables and providing incorrect information to the public.

Defacement of the website by a hacktivist.

Fans will no doubt access the website via Wi-Fi and vulnerability will exist if they inadvertently log in through a rogue Wi-Fi connection which could lead to the stealing of their personal data.

2.Match Day Tickets

Ticket fraud with the setting up of bogus websites taking fans money and issuing counterfeit tickets.

Website scamming offering last minute match day tickets for the big games with no ticket actually being produced.

3.The Stadiums

Technology will be pivotal in all aspects of the running of the ten stadiums being used in the tournament. Stadium entry, ticketing processing, management of floodlights and associated infrastructure would all be impacted in the event of a cyber attack.

4. Tournament Data 

The event will involve a huge amount of data ranging from credit card data of fans, players confidential information or the database of the organizers which is likely to be targeted by hackers. This could occur through phishing attacks in order to steal personal private information (PPI)and then lead to possible bank fraud of individuals.

5.E-mail Transmission

E-mail scamming could be caused by bogus e-mails set up to obtain players and officials personal information that is disseminated over the internet. The numerous sending and exchanging of e-mails also presents an opportunity or spamming.

6.Media Coverage

World wide coverage will be provided to this event by television companies who will be reliant on technology and the service could be interrupted or even blacked out by a hacker wishing to cause transmission downtime.

7. Computer Network 

The spreading of a malware attack within the internal computer network and third party providers could cause enormous interruption to the running of the tournament. The reliance on technology reaches far and wide ranging from the transportation network to close circuit TV surveillance systems.

8. Mobile Applications 

Fake mobile apps devised by developers to give the impression of the official FIFA app. These have already been discovered by Avast Software’s Jan Piskacek with adware with viruses appearing on mobile phones.

Fake FIFA Apps on Google Play

9.Cyber Terrorism

Cyber terrorism could occur in a number of forms. A ransomware attack would limit or entirely restrict the use of computer systems affecting many aspects of the tournament.

There may be political motivation from countries that want to disrupt the tournament. This could be to make a political stand on an issue or perhaps a country that failed to reach the finals or a country that has controversially been knocked out of the competition.

The threat of remotely controlled drones by cyber terrorist entering a stadium causing disruption and delay to matches.

10.Social Media

Infiltration of social media websites by hackers of the tournament and personal accounts pose a threat to fans , players and officials privacy.

Cyber Risk Management Program

FIFA will no doubt have in place a comprehensive cyber risk management program to manage Euro 2016 which is likely to be broken down into the following :-

  • Identification of cyber risk vectors
  • The mitigation of cyber risk within the tournament
  • The transfer of residual cyber risks that they are unwilling or unable to manage.

Cyber Insurance

Cyber Insurance can assist with the transfer of cyber risks by the following insurance modules :-

  • Network Security Liability
  • Data Privacy Liability
  • Multimedia Liability
  • Network Business Interruption
  • Data Asset Protection
  • Cyber Extortion
  • Crisis Management

A cyber insurance policy also provides post breach vendor assistance helping with data breach notification , forensic investigation and public relations.

Lets hope England’s destiny will not again be determined by a penalty shoot out – if so the team will be need to be prepared, well practiced and above all have the right players taking the penalties …. this can be applied to the cyber security team that is in place to manage and mitigate cyber risks of any sporting event or to that fact any commercial enterprise.

Image Credit – Evan Lorne / Shutterstock

Panama : The Cigar is Still Smouldering…

by
Panama

Up until recently Panama was associated with a canal , hats and cigars…..it is now known for one of the biggest data breaches ever known – the Panama Papers.

What are the Panama Papers?

These are a leaked set of 11.50 million confidential documents that provide details of approximately 214,000 offshore companies listed by Panamanian law firm Mossack Fonseca. This information contained identities of shareholders and directors of these companies and showed the wealth of high profile individuals , including the assets that were hidden from the public. Individuals included past and current heads of states, government officials and celebrities from over 40 countries. Investigations have now determined some of the companies may have been utilized for various illegal purposes.

The Panama Papers far exceeds the previous highest data breach record previously held by Wikileaks by 1500 times.

How did this happen?

An anonymous source know as “John Doe” passed the documents to German newspaper Suddeutsche Zeitung which it is understood commenced at the beginning of 2015. The quantum of data involved was 2.6 terabytes which is a vast amount of data In view of the amount of data involved the newspaper recruited the assistance of the International Consortium of Investigative Journalists (ICIJ) which distributed all the documents so that they could be investigated by various journalists and media organizations around the world. The first documents were published on 3rd April. The ICIJ will issue a full list in May of all the companies involved.

What was the cause of this huge data leak ? 

There are a number of different schools of thought as to whether this was due to an insider or outsider hacker attack , but one thing that is certain is that Mossack Fonseca did appear to have very poor cyber security procedures in place.

This has been evidenced by some of the following cyber security flaws that have since been discovered:-

  • The Outlook Web Access login had been utilized since 2009 with the client login not being updated since 2013
  • The computer systems included a high risk SQL injection vulnerability that allows anyone to remotely execute arbitrary instructions.
  • The main computer system included a version of WordPress that was three months out of date.
  • Configuration of the website was not recognized as best practice.
  • Mossack Fonseca’s e-mails were not encrypted
  • The systems were vulnerable to external scanning and possible exploitation

With the amount of data involved it is believed that it took about one year for the data to arrive at its destination. It is a wonder that no one noticed this amount of data leaving the company ? Interestingly enough very few US citizens were listed in the papers , which may be due to the fact that the US does have different corporate tax structures which negates the need for offshore tax arrangements.

www.wired.co.uk   The security flaws at the heart of the Panama papers

Why was Mossack Fonseca targeted ?

Legal firms hold a great deal of data on their clients including copies of personal data , confidential documents and legal transactions which does make them a prominent target for hackers. A high profile legal practice such as Mossack Fonseca involved in the areas that they practiced in therefore represents an ideal victim to a hacker.

With the poor cyber security procedures in place it does perhaps suggest that this data compromise may have come from an insider hacker who knew the computer systems and perhaps an employee with a point  to make or an overarching grudge.

Reputational damage is also a consequence of a breach of this nature , another possible reason for the this attack. which sometimes causes irreversible damage to a firm.

What could have prevented this data breach? 

In the current climate no one business or individual is 100% secure from a cyber security breach but certain procedures seemed to be absent from what would be expected to be standard cyber security risk management procedures:-

  • Prioritising  of cyber security
  • Regular patching of software
  • Updating of software
  • Regular login updating
  • Encryption of all sensitive documents
  • Website security

How Cyber Insurance could have helped ? 

A cyber insurance policy can provide the following coverage.

  1. Data breach costs incurred including notification costs to the appropriate regulatory bodies
  2. Regulatory costs and investigations that may arise as a result of the breach
  3. Post breach costs including investigation and forensics costs incurred to monitor and analyse the data breach which would help identify the cause of the incident.

The proposal for cyber insurance also requires certain minimum security measures to be in place at the onset prior to the policy incepting , the purchase of a cyber insurance policy therefore may have help Mossack Fonseca focus on certain areas of cyber security that may have prevented the hacker to penetrate their computer systems.

From the wider perspective the insurance market is assessing its exposure by gathering data from insurers and reinsurers in order to ascertain the consequences of this loss to the industry. One thing for sure is that insurance coverage would not respond to any illegal activities.

General Data Protection Regulations

Despite being passed the GDPR are not yet in force , but what would have been the ramifications of this on Mossack Fonseca.. ? These rules will apply to entities that carry out business with companies based in the EEC , whether the complicated legal structures put in place by Mossack Fonseca would have implicated by this is difficult to tell , but fines of 4% of annual global turnover or E20,000,000 , which ever is the less would apply if this was the case.

Lessons to be learned 

  • Robust cyber security measures and procedures are paramount to a business armoury in protecting their mere existence.
  • Law firms will be alerted to this data breach and with recent attacks in the US , this sector is clearly currently a target for hackers
  • Cyber Insurance can help improve cyber security and mitigate the effects of a data breach

The biggest data breach ever experienced is still being uncovered, further revelations will no doubt come to light in the coming months… the cigar is still smoudering.