How Do You Spot a Cyber Criminal?

How Do You Spot a Cyber Criminal?

Q: How do you spot a cyber criminal?

Ans:

They will be male, run Linux on their computer, write some Python code, have a hoodie on, and can be seen hunkering over a keyboard.

Ha Ha! That was easy!

Not my words, but paraphrased from the SWIFT CEO Gottfried Leibbrandt at the 14th annual European Financial Services Conference in Brussels [here].

There in, perhaps, lies a bit of a problem in cyber crime. The threat can still be seen as a stereotypical one of a young male hacking together a bit of code. So if we see this as our threat, we can purchase the best security in the world, and define the best access controls, and purchase the best firewalls, and implement the best cryptography, and we will be safe. But we forgot about one thing … humans like money, and some people will do anything possible to get it! Humans, too, often don’t follow a script and are ingenious at finding new ways to do things.

So basically we are moving into an era where crime is now enabled by the Internet, so the opportunities are open to all, and the rewards can be vast. And YOU are just as likely to be a cybercriminal as a young male hacking some code together. The opportunity to make lots of money is often not the motivation of the stereotypical young male hacker.

For example, we have just seen an $81 million fraud on the Swift network, but there is still a perception that there is a man with a bit of time on their hand, and hacking together a bit of code to breach the security of a system:

The NCA too, with their classic video, seem to hint towards the threats in Cybercrime being sourced by a young male with a bit too much time on their hands and getting into coding:

While it is still true that individuals are a threat, it is often the insider who is upset with the company, or who could gain financially, and with a great deal of knowledge of an organisation or of systems, that is the major threat. Ask many in the finance industry, and they will tell you one of their greatest threat is the insider with a high level of access rights.

Gottfried does get things right when he says it is not men with guns that are the threat:

But it with the opportunity for large-scale fraud, attacks on the Swift network are unlikely to be masterminded by someone in the bedroom running standard tools and with no knowledge of the target. It is more likely to be organised criminal gangs who invest time and energy on doing crime in a traditional way, such as ‘casing the joint’, and ‘tapping in employee’, or even getting a job in the bank. With such poor security in the recent hack, it didn’t need a sophisticated piece of malware to compromise the network, but it did need an extensive understanding of how it all works.

Organisations need to understand their threat actors and their motivation:

Like it or not, the threat is often within the company — the insider — and the best firewall in the world is not going to stop that. In the Swift hack, the motivation is clear … MONEY! If there’s lots of money to be made, and it’s relatively easy to do, and there’s little chance in getting caught, then there will be crime. With $81 million to be made in a single transaction, the motivation will be high, and which could turn the head of anyone who is working in the bank. Imagine if $81 million had been stolen from your High Street branch .. how big a headline would that be? But with the Swift hack, it was gone in the sending of a single electronic transaction.

Organisations need to understand the threats that they face, and the range of budgets and knowledge involved. At one time you could keep things secret, so that no-one knew how the work. You could also set up a private network where there was restricted access, but not any more. Things are more open, and knowledge is exchanged freely. The threats are almost unlimited … System Administrators will have full rights to change anything on the system … Contractors will often move into and out of companies, but still keep their access rights … Security and cleaning staff will have full access to every room in the building … and so it goes on.

Think about … you are a Sys admin in a Bangladeshi bank, and you are offered $1 million for the system admin password for the system? Would you accept it?

If you thought about that for more than five seconds … then count yourself in as a possible cyber criminal.

Conclusions

One thing that is sure … the threat is human …

I ask this question sometimes at presentations…

Question: How do you spot the person who is committing fraud in your company?

Ans: They will be the one who just drove in with a new Porsche!

Here is me writing this article … with my hoody, and hunkered over my keyboard … and running Kali Linux … and developing some Python code … Doh!